A candid interview of Yahya Nazeer Khan, Lead Solution Consultant of Arcon Techsolutions Private Limited
With over seven years of experience in IT sector, Yahya Nazeer Khan is an accomplished professional with expertise in areas of delivering Enterprise Solutions in Data/Information Security for various industries/domains and Healthcare IT with strong emphasis on customer success. Currently he is working for India based IT company Arcon Techsolutions Private Limited as Lead Solution Consultant.
Recently, at the ‘Future Information Security Summit 2019’ by Arcon held at Dhaka Club where he presented keynotes regarding information security. Yahya Nazeer Khan spoke to Fintech team and shared his views and experiences on modern information security.
Here is the excerpt for Fintech readers.
Before going into details start telling us about yourself.
I grew up in India. My school and college was Kendriya Vidyalaya of New Delhi. I had my graduation and post graduation on Computer Science from Mumbai University. From my boyhood, I wanted to do something exceptional and since I was the student of computer science, I felt to work with IT sectors. Luckily, I could get the chance to join at certain IT company in 2008 where I provided technical support for an ‘International Support Centre for HP (Hewlett Packard)’ and resolved issues related to Operating System, system performance, hardware, internet, printing etc. I worked for Stream Global Services as Support Professional.
Gradually, I got a chance to work with other company and so I switched to eClinical Works which basically provides Cloud EHR’s for inpatient and outpatient clinics across India as Quality Analyst. Then I worked for some other areas also and April 2017, I joined Arcon Tecsolutions Pvt. Ltd.
How Bangladesh can reap the benefit from this summit on Future of Information Security?
Well, we have been working with lot of entities inside Bangladesh for the last six months. No countries are safe from cyber security effects which are coming down. Every country has its own BSI model and they have important secret that they want to secure from targets include the financial information, employees’ information. So Bangladesh is not exceptional from this way. We all need for the secure entities in terms of business and industries. Besides, a lot of prospects we deal with. And I can see Bangladesh is quite advanced with those entities in regard to information security.
Our special thanks to SmartData Technologies, our exclusive regional partner in Dhaka, for taking this initiative about this special partner event. Industrialization in Bangladesh has reached a different height off late. Simultaneously, the wave of digitization has prompted these organizations to transform their manual operations into digital one. In this critical transition period, the organizations tend to ignore the data security aspect which eventually can lead to financial crisis and face loss. This event, I’m sure would ring the alarm bell in the organizations to give utmost importance to information security measures that needs to be operational without delay. Most of the breaches today happen by compromising privileged accounts and thus it goes without saying that these privileged accounts need robust security to stop unauthorized and unexpected intrusion any time.
What is your view on modern information security threats?
Once we only put emphasis on Internal security but as the time is getting progressed we have realized that the threat from outside world is just as much as the threat from the inside world In cyber security industry, Asian countries have come a long way. Today, information is the biggest asset of any industry and every organization is allotting high budget for securing their information from hackers and malicious insiders. After the biggest incident of Bangladesh bank heist, most of the companies across all industries have pledged to secure their information assets at any cost. From every part of the globe, organizations are following the same steps to protect their business information from cyber threats. In this backdrop, securing the Privileged Accounts becomes top priority of organizations across the globe because Privileged Accounts are the gateways to confidential information.
You were talking about PAM. Why do you think Privileged Access Management (PAM) is most important?
Suppose, you have a company and ten thousand employees are working there. Those employees will only help you break into their data but in safety administrator would help you break into the data of all the ten thousand employees. So security has to be focused on the right areas. You may have general security solution; PAM is a very specific security solutions which talk only about privileged access and the implications of not deploying the privileged access solution.
Today, more than 80% of data breaches happening in the world are due to unmonitored privileged accounts. Privileged accounts are the gateways to all the sensitive and confidential information in any enterprise. Hence, it is very obvious that cyber criminals would eye on these accounts to hack and steal as much information as possible. In a shared and distributed environment where multiple privileged accounts are accessed by multiple users, it becomes extremely challenging for the admins to monitor user activities manually. Privileged Access Management (PAM) eases off the administrators’ tasks. It not only does real time monitoring of user activities, but also notifies the admin if any suspicious activity is found in the enterprise network. It provides comprehensive report of user activities which helps the CIOs to make wise decisions regarding the users. It even authorizes and authenticates the users to access to privileged accounts for any work.
Also you were talking about SCM. What is SCM?
SCM is completely a security landscape. It stands for Secure Compliance Management which is an automated vulnerability assessment tool. IT environment becomes security vulnerable if an ever increasing number of network devices, authorized end-user devices including applications and operating systems are not continuously monitored and assessed for baseline security configurations. SCM is an effective system hardening tool that enables an organization to conduct real-time assessment of baseline security configuration for all critical technology platforms whilst ensuring desired compliance levels. SCM actually will help you identify any leakages in the container itself.
How ARCON can contribute in mitigating the threat landscape?
ARCON, one of the biggest global risk control solution providers, offers enterprise class solution that helps in managing, controlling, monitoring and mitigating threats involved with privileged accounts. From ARCON, PAM provides a centralized policy framework to the privileged accounts and gives access to those accounts only after authorizing the users on the basis of roles and responsibilities. The rule based restriction of accessing privileged accounts would help the CIOs/ CISOs to monitor the user activities in real time.
Nowadays we are talking about fourth industrial revolution. Do you think are Asian countries like Bangladesh are ready for this?
Oh, definitely. We are becoming the hub gradually. The whole world is looking at the Indian sub-continent as a region which has had a tremendous IT explosion in the last few years. So we are ones who are evolving to the state where we could be the next super hub and as a growing economy we are especially in absolute security because any security bridge will push us back at the same time. So I think, our Asian countries are heavily ready for this revolution and the countries like Bangladesh, India and others are ready to checkmate at the chess of industrial revolution.
What is your next plan with Arcon?
In a word, I must say, we want to make 2019 rock India for us. And with next five years, Arcon will be ready to provide all the information security for IT areas. We would definitely uphold our uniqueness with various technology platforms.
Thank you very much for speaking to Fintech.
You are welcome and I wish every success of Fintech around the world.