"For mobile apps to be secure, security must be built earlier in the development cycle"
With a presence in 21 countries and 25 delivery centers across nine countries, Coforge leveraging emerging technologies and deep domain expertise to deliver real-world business impact for its clients. Coforge leads with its product engineering approach and leverages Cloud, Data, Integration and Automation technologies to transform client businesses into intelligent, high growth enterprises. Coforge’s proprietary platforms power critical business processes across its core verticals. In a chat with VARINDIA, Dr. Jitendra Mohan Bhardwaj, CIO, and CISO at Coforge has shared his thoughts on the current cyber threat landscape, about the critical infrastructure, surging mobile attacks etc.
On the increasing cyber-attacks
As per Dr. Jitendra Mohan, the landscape of cyber security evolved to a new level due to the pandemic, especially with remote working. The attacks have increased in number, scale, and sophistication, and organizations across the globe are exposed to more vulnerabilities than before.
He says, “The importance of cybersecurity will increase with the advent of 5G, Web 3.0, metaverse, etc. Due to these advanced technologies, physical infrastructure layers will be shifted to cloud-based platforms and networks, making them more vulnerable. To safeguard against sophisticated attacks such as Gen V and Gen VI, the industry must deploy a prevention-based response system rather than an incident-driven response system.
To avoid cyber threats, it is important for organizations to create a safe digital environment by taking appropriate measures in consultation with a cyber security expert.”
Coforge securing the critical infrastructure
Cybersecurity has been a top priority for Coforge for a long time. Focusing on this Dr. Jitendra Mohan points out, “We have taken several steps to effectively deploy cyber defence systems across endpoints, infrastructure, applications, and databases. We have implemented Security Orchestration Automation and Response (SOAR); Security Information and Event Management (SIEM) software. We have also managed detection and response to accelerate incident response with automation, process standardization, and integration with existing security tools. As we move into a hybrid, multi-cloud environment, we have implemented architecture within the organization so that data and resources are accessible only on limited bases and in the right context. If additional privileges are required, then it goes through the workflow process of approval for monitoring and audit purposes.”
Coforge also has a robust incident response plan. Elaborating on this Dr. Jitendra Mohan says, “We perform quarterly cyber crisis simulations to test our incident response plan. We have unified endpoint management, and Identity and Access Management (IAM) implementation that provides our information security team with deeper visibility into suspicious activity on company-owned laptops and desktops. In addition, we have invested heavily in GRC (Governance, risk management, and compliance). We have ISO 27001, ISO 22301, PCI -DSS, SOC II type 2, HIPPA, Cyber Essentials, and GDPR compliance in place. Overall, both from a preventive and defensive standpoint, we have ensured Coforge is placed securely, and our critical infrastructure remains safe.”
Implementing robust security
The number of mobile attacks is increasing, and mobile malware is the main cause of these attacks. It is common for mobile users to access compromised websites and install apps from sources other than Apple and Google Play stores. In addition to sensitizing users about information security, it is imperative to implement mobile application security that is both easy to use and robust.
Dr. Jitendra Mohan comments, “Nowadays, most mobile apps don't offer reliable protection or an aesthetically pleasing interface when it comes to addressing information security. A scalable attack can lead to passwords being stolen, making them problematic. In addition, stronger security methods like OTP are safe but inconvenient.”
In his concluding words Dr. Jitendra Mohan says, “For mobile apps to be secure, security must be built earlier in the development cycle, rather than as a consequence of penetration testing. To deliver trustworthy apps, mobile developers should adopt secure coding practices and leverage the recommended approach.
When designing mobile apps for the enterprise, the focus must be on minimizing the risk of sensitive data being exposed. This can be achieved by minimizing the amount of data exposed through the functionality delivered to the user. “Secure yet easy to use” is a crucial ingredient of a great mobile app.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.