You must be secure across every section in a company

It would be easy to believe that interest in cyber security was now so strong that every business dedicated adequate resources to face down the enormous, and growing, threat posed by cyber criminals. After all, with breaches, attacks and ransomware never out of the headlines, there could scarcely be a chief information officer in the land who has not woken up in a cold sweat.

The good news is that, as a rule, businesses realise there is a significant threat to their data.

“We no longer have to go in and talk about why you need security. That conversation has disappeared, and there is not a board that isn’t aware of cyber security,” said Virginia Lee, head of cybersecurity at Tata Consultancy Services (TCS) Global Delivery Centre in Letterkenny.

Of course, there is variation among organisations and across industries. Lee said highly-regulated ones tended to have the greatest awareness and, therefore, strongest stances. Financial services and healthcare tend to be at the top.

“It does depend on individual companies, the data they are storing, and the risk of that data to them. There are some general best practices that apply across the board, but in areas like healthcare, which is very, very regulated, there are very detailed requirements,” she said.

The ongoing cybersecurity skills shortage remains an issue for organisations. Indeed, Lee said it goes far beyond security, with shortages of specialists in areas including agile, finops, devops and more, and change needs to come in education.

“From my perspective, there has been a block in terms of STEM in general, and we see it strongly in a lack of female representation and of ethnic minorities. Certainly, it's something I never heard of as a career option”.

There are signs of improvement, and TCS has been involved in initiatives like CoderDojo.

“Things like CoderDojo help: we’re able to go in and show them what is possible. You've got to be talking to them before they start making decisions about where they're going,” Lee said.

Blue sky thinking

Today’s IT environments, which includes all manner of devices and, usually, a mixture of on-premise and cloud systems, has driven change. For instance, the zero-trust security model is now more commonplace.

“A lot of organisations had very hard outer shells around themselves, but once you were in that was different. That is changing now, with zero-trust,” Lee said.

Not before time, either, as the IT landscape continues to shift. Indeed, a 2023 TCS survey revealed a drive, globally and in Ireland, to cloud, which requires a different approach to security.

TCS found cloud is no-longer primarily seen as an IT-centric cost-saving solution and confidence in cloud security is high, Lee said.

“Security and compliance are factors helping to drive cloud adoption. The TCS Risk and Cybersecurity Study noted recently, the majority of the CISOs and CROs surveyed [62 per cent] said they believed cloud platforms offer as good as or better security than on-premises servers and traditional data centres”.

Companies choosing to host their data on-premises may be limited to older security solutions – a risky position

This represents a shift: in 2018, 60 per cent reported critical apps should remain on-premises for security reasons.

Industry clouds, tailored for specific sectors and providing pre-built tools, compliance, governance and subject matter expertise, also play a role as drivers for cloud adoption.

Financially successful companies are also more likely to regard cloud as more secure than on-premises data centres, Lee said.

“Companies choosing to host their data on-premises may be limited to older security solutions and tactics rather than the state-of-the-art cybersecurity available in cloud platforms – a risky position”.

Lee said that cloud should be leveraged to enhance organisational security profiles but that vigilance and regulatory compliance, achieved by weaving-in established cybersecurity frameworks into cloud adoption, were essential.

Whether customers have adopted cloud or not, TCS engages with the actual facts on the ground in a consultative process.

“Generally we look at the gaps, and look at what needs to be done, both in the short term and the long term,” she said.

Whether customers choose full outsourcing or assistance, Lee said TCS deploys its global resources to fight threats.

“TCS has over 150 different SOCs [security operations centres] running globally, across all areas of the world, and that intelligence – we’re getting real time information – is key”.