'Made in India' Cybersecurity: Why Not?Here's How the Nation Can Become a Global Information Security Powerhouse
Information security in India continues to be regarded as being less than mature when compared to many other regions - and especially when compared to current practices in the West.
Certainly, India does not take security as seriously as many more developed markets. Information technology adoption in our country has been sudden and related issues can feel overwhelming. As a nation, we're still figuring out all that tech can do. The natural course of things is that security tends to be addressed afterwards.
"Will NASSCOM's cybersecurity task force make this happen? That's the $35 billion question."
The big question then, is this: Does India have the potential to become a world leader in cybersecurity expertise and services, as Prime Minister Narendra Modi has said? Can the Indian IT success story be the roadmap for an Indian cybersecurity success story and create a domestic pool of security professionals?
The short answer: It's too early to say, and the obstacles are many - security is a different beast to IT. But with the right moves, we can afford to be a bit optimistic.
And why not? Lack of domestic technology adoption did not stop India from growing into a "technology superpower." Cybersecurity is receiving more attention in the country than ever before. Industry groups have announced multiple initiatives, and the importance of security has never been felt as keenly as it has in the past year.
The opportunities are many. Building awareness and a sustained effort to tap into global security demand could have a positive upswing in the domestic security scenario.
Against this backdrop, the latest significant announcement has been the formation of the National Association of Software and Services Companies' (NASSCOM) cybersecurity task force (see: How Will India Get 1 Million Cybersecurity Professionals?). The intent is to emulate India's software and IT services success, and now tap into the world's rising demand for cybersecurity and sell security-as-a-service offerings, catapulting India into a position of global leadership - NASSCOM estimates that this market will be worth $35 billion by 2025.
Growing the Talent Pool
The irony, however, is that India has so far been unable to demonstrate good information security practices domestically, even as it proposes to become the security services export site of choice for the rest of the world. But that's a function of local supply and demand. If NASSCOM's cybersecurity task force succeeds, and the world starts buying more security services from India, it could spur rapid growth of the domestic security talent pool, just as the boom in service outsourcing led to a surge in local IT jobs.
Consider, for instance, that one of the unexpected benefits of the business process outsourcing era was that white collar opportunities and employment began to be created in India's rural areas, pulling in people who never thought they might become an integral part of India's rise as a software and services giant. Similarly, if India manages to sell itself as a trusted cybersecurity provider - and create sustainable training programs - a new segment in the workforce may choose cybersecurity as a vocation and "skill up" accordingly, turning it into a popular career option.
Historically, software, services and technology designed and consumed elsewhere in the world may have worked well - and been necessary - in and for those countries, but may not have had direct relevance, at that time, in India. Simply put, the Indian market just wasn't ready. But that did not stop the Indian IT industry from growing. And it could well be the same with security. After all, isn't that what Israel has been doing with cybersecurity?
Already, of course, many Indians are already providing security services around the world. Many multi-national entities already run their global security operations centers from India. But the domestic climate for the information security industry in India remains poor. And that means at least some of the nation's best infosec talent will leave, since demand is better elsewhere.
One can argue that there's already sufficient domestic demand in India. But when the world is paying top dollar, and Indian info are simply not enough to sustain and grow the a thriving security sector, when the world is paying top dollar.
Nevertheless, Indian security companies are already prospecting abroad for business, going after the money and opportunities they need to grow, rather than stagnate, having outgrown the domestic market demand.
Will NASSCOM's cybersecurity task force make this happen? That's the $35 billion question. Are all the moves we are hearing about a positive thing? Better to have them, than not, I say. Let's call this the big, optimistic picture. I still maintain that the prevailing confusion in the domain needs to be addressed (see: Searching for Cybersecurity Leadership).
But like the IT boom, which created a huge talent pool of IT professionals, if the momentum continues, we may very well have a well-prepared service sector ready to cater to surging, global cybersecurity demand. And when "India Inc." begins giving security more importance and demand rises domestically - which many believe is already happening - there is bound to be quality talent available in India take up the mantle.