Are security measures in India as good as the standards require them to be?

Jul 9, 2008 13:16 GMT  ·  By

The Indian authorities are very concerned about the fact that e-mail messages sent through BlackBerry devices cannot be intercepted and the encryption cannot be broken. Why would the Indian Government want access to such private information? It seems that this method of communication was recently used by militants and the government is worried it could happen again. All this talk about data encryption and privacy has brought the issue of security into focus.

Of course, several opinions have been expressed. The simple truth of the matter is that online security is not something to be tackled locally since data travels all over the world. Security standards must be implemented and enforced at all times.

Ameet Nivsarkar, vice president of Nasscom comments: "The issue of data security is an issue that involves all countries alike. Today, millions of bytes of data are crossing global boundaries at any given point of time. Data security in India isn't, and can't afford to be, inferior to data security in any other country."

The executive director of PricewaterhouseCoopers, Sivarama Krishnan, believes that privacy compliance is far more important than data security. The security standards currently used in India comply with global standards, so there is nothing to worry about in this regard. But in terms of privacy compliance, India has a long way to go before it can reach the same level as other countries.

Navita Srikant is the national leader of fraud investigations and dispute services with Ernst & Young India, and according to him the biggest threat to security is posed by insiders. "The most sensitive information in a telecoms company, like customer data, strategy, mergers, acquisitions and so on, is stored on IP addressable machines. Therefore, this information is directly accessible to bot and employees," says Srikant as cited by ZDNet.

Srikant informs us that on a daily basis about 200,000 machines fall victim to bots in India. These machines are then maliciously used for "corporate espionage and stealth activities". It is not enough to tackle just one issue, it is important that data security and privacy-compliance be addressed simultaneously.