By the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population. Data privacy is gaining momentum in India, especially after the Supreme Court declared the Right to Privacy a fundamental right. The introduction of the Personal Data Protection bill (now called as Data Protection bill, after the inclusion of non-personal data in the scope), is aiming at providing a framework to ensuring an individual’s privacy by providing the proper use, access, accountability to the personal as well as non-personal data of Indian Citizens. The bill is yet to be passed across the two houses in Parliament before it becomes an Act, putting nearly 800 million internet users under the scope.
By Prateek Bhajanka, Senior Principal Analyst, Gartner, Inc.
GDPR was the first major legislation for consumer privacy. Still, others quickly followed it, including Brazil’s General Personal Data Protection Law (LGPD) and the California Consumer Privacy Act (CCPA). The sheer scope of these laws suggests you’ll be managing multiple data protection legislation in various jurisdictions, and customers will want to know what kind of data you are collecting and how it is being used. It also means you will need to focus on automating your privacy management system. Standardize security operations using GDPR as a base and then adjust for individual jurisdictions.
By 2025, threat actors will have weaponized operational technology environments successfully enough to cause human casualties.
With India’s emphasis on increasing the GDP contribution from the manufacturing industry to 25%, the industry is expected to see advancements in the areas of technology, business models, and value creation. With multiple factors such as a significant percentage (12%) of the workforce employed in the industry; IT-OT convergence and malware spreading from IT to OT; an increase in the number of nation-state attacks – it shifts the discussion from business disruption to physical harm with the liability likely ending with the CEO. The security and safety of the workforce would also become a key responsibility for CISOs. Focus on asset-centric cyber-physical systems, and make sure there are teams in place to address proper management.
By 2024, 30% of enterprises will adopt cloud-delivered secure web gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), and firewall as a service (FWaaS) capabilities from the same vendor.
Indian organizations are rapidly becoming digital businesses to increase their value proposition, introduce new channels, reach new markets, find efficiencies in business models, etc. They adopt cloud technologies in various forms and embrace a hybrid architecture to become digital. Also, with the need for working from anywhere and anytime access, the security controls that existed in the corporate networks should be available irrespective of the source of the connection. On the other hand, organizations are leaning into optimization and consolidation. Security leaders often manage dozens of tools, but they plan to consolidate to fewer than 10. SaaS will become a preferred delivery method, and consolidation will impact adoption timeframes for hardware.
About the Author:
Prateek Bhajanka is a Senior Principal Analyst for the IT Leaders (ITL) constituency, focusing on Security and Risk Management for Gartner Research. His areas of research include Endpoint protection platforms/Endpoint detection and response (EPP/EDR), malware and ransomware prevention, etc. His key tasks encompass creating high-quality, actionable and consumable written research and give clients insights and advice on various security problems they face. Bhajanka also helps organizations save money on new contracts and renewals on endpoint protection platforms and endpoint detection and response.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.