TECH BUYER Aug 2022 - IDC Perspective - Doc # AP49574122
CERT-In's Cybersecurity Directives for India Enterprises
On April 28, 2022, the Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology (MeitY) issued directions under subsection (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response, and reporting of cyberincidents for safe and trusted internet in India.
With the rise of cyberincidents in India, enterprises are investing significantly in improving their security posture and strengthening their internet defense mechanisms. The five rules issued by CERT-In not only mandate the reporting of cyberincidents in India but also provoke businesses to revamp and rethink their entire IT and network security landscape.
The CERT-In new directions sparked a wave of conversations among varied stakeholders, including the Information Technology Industry Council (ITI), global businesses and tech associations, service providers, VPN providers, and cybersecurity experts in India. Under the arising pressure and provisions implied toward data collection, we see some VPN providers in India have already made their intent clear to suspend their services. Additionally, these cybersecurity directives are perceived as convolutional as some concerns have been raised by the industry in terms of timeline and feasibility. Data privacy is another big question that is yet to be addressed by the government of India. Cybersecurity and data privacy regulations are constructively interlinked, and so far, we are yet to receive further insights from the government of India on the latter.
"Data and network security are two key driving factors when dealing with massive digital assets, inventories, and transactional traffic flows. It is advised to enterprises that investing in cyber-resilience and threat intelligence solutions along with incidental and log management products will not only help organizations gain objective insights into their security architecture and data breaches when they occur but also prepare them to effectively mitigate the situation with minimal downtime," says Sakshi Grover, research manager, Future of Trust and Future of Work, IDC India.
"The major challenge enterprises are facing these days when it comes to IT security is managing multiple dashboards and spending more time on generating the insights, rather than real investigations. Consolidation and a single source of truth is the new way forward. Additionally, enterprises in India need to prioritize investments in security, governance, risk, and compliance (GRC) as a foundational layer to ensure cyber-resilience and protection from threats in the long run," Grover adds.