As enterprises steadily adopt artificial intelligence (AI), the significance of data and its security has never been more pronounced. Recent high-profile data breaches and growing concerns over privacy have compelled organisations to rethink their approach to securing critical information.
This urgency has been further amplified by the notable shift from traditional, centralised resource management to cloud-based systems. According to Ruchin Kumar, Vice President of South Asia, Futurex, this transition is driven by the need for cost-effective operations and reduced human resource expenses.
“We are witnessing a significant shift from traditional approaches, where resources were consolidated in centralised locations, to cloud-based systems,” Kumar explained. “Advancements in new-generation security technologies have addressed initial concerns about the security of critical data assets in the cloud, allowing organisations to securely migrate their critical infrastructure.”
Kumar emphasised that cloud infrastructure involves using third-party resources to store and manage data and applications, making regulatory compliance and data security paramount. “Organisations are now implementing measures such as data encryption before transferring it to the cloud, strict authorisation controls, thorough auditing, and enhanced security protocols,” he said.
A major concern for organisations moving to the cloud is the security of their encryption keys. Kumar detailed Futurex's approach to maintaining control over these keys. “We always maintain custody of the encryption keys. Even if a breach occurs and data is accessed by unauthorised individuals, they cannot decrypt it without the keys, rendering the data useless to them,” he assured.
The role of regulatory bodies such as the Unique Identification Authority of India (UIDAI) and the Reserve Bank of India (RBI) has been crucial in shaping data security practices. “Organisations like UIDAI and regulators such as the RBI and NPCI have provided extensive guidance on ensuring data security and confidentiality of personally identifiable information,” Kumar noted. He added that initially, sectors like finance and healthcare were reluctant to migrate to the cloud, but this is changing.
He said that his company has been proactive in aligning with local regulatory requirements, establishing data centres in Hyderabad and Mumbai to provide encryption and key management services. Kumar asserted the government's focus on quantum computing as a forward-thinking approach to data security.
Achievements and Future Focus Areas
Reflecting on the past year, Kumar said India has been one of fastest growing market for the Futurex. “We have expanded our offerings to include cryptography as a service and are proud to be the first encryption company with data centres in India,” he said. These centres provide services such as encryption, key management, public key infrastructure, authentication, and tokenisation.
Looking ahead, Futurex is preparing for advancements in quantum-proof cryptography. “Our efforts in quantum-proof cryptography began about four or five years ago. We have been collaborating with the National Institute of Standards and Technology (NIST) and companies like Microsoft to develop and test quantum-proof algorithms,” Kumar said. He claimed that Futurex's cryptographic processors are designed to accelerate encryption processes and secure secret keys, and they have been rigorously tested with these new algorithms.
Expanding Beyond BFSI
While the BFSI sector remains a significant focus and major driver of revenue, Kumar sees substantial potential in commercial enterprises and government sectors. “Commercial enterprises deal with a lot of personally identifiable information and proprietary data that require robust security measures,” he said. Futurex assists these enterprises in preventing unauthorised access and generating comprehensive audit reports.
Government projects also mandate strong encryption and key management to ensure data integrity, confidentiality, and availability. Kumar pointed out that IT regulations in India provide clear directives on implementing these security measures.
Impact of New Data Protection Regulations
The new data protection regulations in India are expected to significantly impact how companies handle and consume data. Kumar drew parallels with the implementation of GDPR in Europe, noting that such regulations change organisational mindsets and practices concerning data privacy. “This shift will ultimately enhance data protection and security across industries,” he stated.
With advancements in technology and increasing regulatory scrutiny, the future of data security looks promising. As Kumar aptly put it, “We are part of almost all these stories going on in government, commercial enterprises, and financial institutions, ensuring data security at every step.”