Connect with us


Interview of Amar Singh, Chairman of ISACA London’s Security Advisory Group & CISO at News International SC



SC Interview: Amar Singh, CISO at News International

As the chief information security officer of publishing giant News International, as well as having a pivotal role at ISACA, Amar Singh has a lot on his plate. He tells Dan Raywood about his personal philosophy of managing security in a large organisation, and why he wants to see former soldiers join the industry.

<iframe width=”640″ height=”360″ src=”” frameborder=”0″ allowfullscreen></iframe>

No matter how it travels or the device it’s on, data – along with the soundness of fortifications put in place to safeguard it – impel the endeavours undertaken by hard-working CISOs everywhere.

Whether sussing out ways to enable the use of personal mobile devices in the corporate environment, encouraging employee engagement in risk management plans or establishing sound techniques to employee-qualified IT security pros, the ultimate aim underpinning any information security leader’s efforts always is data’s safekeeping.

For Amar Singh, CISO of the publishing giant News International, the job – especially given all that must be overseen – sometimes can be all-consuming and certainly, he has found, requires a strong will. Too, his hard work, just like the availability of data, must travel.

Recently attending a conference in Miami, Singh proved that the challenge of working remotely is something that affects not only employees, but security professionals too. Just as with other organisations, the mobile platforms he must manage are numerous and, while this alone can be a challenge, the bigger problems arise with how data stored on them is secured. Enter the bring-your-own-device (BYOD) movement and further complications arise.

“As much as it is a technical challenge, it is a cultural-thinking process and I think addressing it using the best approach for your organisation is very critical,” he explains. “If you have 10,000 users and they all have four devices, then that is 40,000 devices you have to manage.”

Singh explains further that while already there are a legion of devices to oversee in the average organisation, it’s likely to get worse – and sooner than many might expect. The premise of up-and-coming technologies, such as Google Glass or smart watches, will present evermore data security, cost and policy struggles. Compounding the current high numbers of devices used with the rise in the types that potentially will hit in the future is quickly transforming BYOD into a “manage-any-device” (MAD) process, which involves the oversight and security of anything that shows up on a network, he says.

“However, with BYOD, there is huge opportunity as it allows you to retain employees, to a certain extent,” he says. “As long as I can protect my data, then you can bring any device. It may be a very simplistic view, but you have got to know what you are trying to protect.”

Yet, it’s not about the mobile devices themselves, but rather how they are being used. That is, although the ‘access anywhere’ issue is worrisome, the security of data stored on the devices equally is concerning. To help address some of the challenges here, Singh says that a likely future scenario will involve tagging a document to maintain a link to it and its identity throughout its lifetime.

“That document belongs to me,” he says. “Even if it is copied a thousand times, it is really critical for me to know about it, and that…allows me to protect my intellectual property – whatever I create.”

Data dispersal
Questions of personal data ownership can be confounding, but some organisations have established policies to directly address these. Steve Wright, global privacy officer at Unilever, cites Mozilla’s concept that individuals themselves own the rights. And, his is not the only company whose executives think this way: CookieQ allows individuals to control how a website tracks or monitors their movements around the various sites they visit.

“Both concepts lend themselves well to supporting the over-arching theme of making us responsible for our own personal data,” Wright explains. “This concept is applicable in both the workplace and home scenarios, so it lends itself well to Singh’s point about tagging documents to an individual for life. This also tackles the problem of piracy, copyright, intellectual property ownership (IPO) infringement and legal data protection cross border challenges.”

Still, complications arise over the actual ownership of the data. For instance, if an intellectual property “owner” is working on research or a design for an organisation that has paid them for their services would the data belong to the company or the individual who created it? “It is for essentially this reason why we can’t resolve the problem of digital rights management,” Wright says.

Employee engagement
Singh believes that staff represent the biggest opportunity for a business – and engaging and sharing information with them, as well as making them a part of what the business is doing, helps everyone.

“One thing I have gained a lot of traction on is if I can help [employees] with their personal [lives] – let’s call it cyber life – it makes life easier as we are all online,” he says.

Today’s employees have evolved to work flexibly and independently as members of global business teams, says Tim Burnett, information security manager at Atos. Because of this change, engaging them to better understand cyber threats and the various IT security mechanisms used by their companies to address such problems, along with the roles they play in helping to thwart online attacks, can reap some business benefits.

“Security officers need to become more visible, more approachable and more able to discuss issues in terms of risk to the business, so that organisations move away from the culture of ‘security always says no, so I’ll keep quiet’ towards a more inclusive, open view on information security,” says Burnett.

Still, the problem of approachability doesn’t just sit with the security department, says Burnett. Employees looking to take on a project might complain bitterly when a proposal is rejected by CISOs because they failed to meet even basic security requirements, he says. Such problems can be circumvented with staff simply taking time to meet with IT security pros at the start to explain project parameters and ask for help on the security mechanisms needed to make it work. Demonstrating that information security is being considered early on, with the CISO providing constructive input at the start, is key.

“Information security professionals need to be seen as part of the process and part of the solution, not simply a hurdle to be overcome,” Burnett says. “End-users who understand this enhance the security culture of the organisation, becoming the solution, rather than the problem. Security that is built in [at the beginning of the process] is far better than attempting to bolt it on at the end.”

Even with such education and awareness for both business units and security teams, organisational leaders must make clear that there will be times when projects will be stopped without the integration of proper security. “The security policy must be enforced and end-users will be disgruntled,” he says. “Dealing with that in a professional, appropriate manner is important so that users will understand the reasons and still approach the security team in future.”

Indeed, failing to be viewed as approachable by fellow members of staff should be a concern for CISOs, agrees Singh. For a long time, IT security divisions were seen as impediments to business getting done, he says, which often resulted in business units avoiding them altogether.

“Now, CISOs are transitioning to the ivory tower, but the concept of management on the floor is not there. In my organisation, I make it a point to receive calls and get on the floor with [News International] journalists, and I am happy to do that,” he explains.

Even if an organisation comprises thousands of employees, their engagement with C-level executives should be encouraged and facilitated, including with the CEO. Such an approach can have huge positive impacts for any company – large or small.

“I am sick and tired of the ivory-tower approach I see with many executives,” Singh adds. “One of the reasons why Apple and Google are successful is that people could get to the top of [those companies].”

An untapped resource
Singh, like many other CISOs, engages in any number of industry bodies to both enhance his own knowledge and network with other security pros. Just recently he took on the job of heading up the UK security group at the long-standing nonprofit Information Systems Audit and Control Association (ISACA). In this role, he is paying particular attention to the oft-discussed skills gap still lingering in the information security industry.

The specific campaign he plans to spearhead aims to devise ways to get qualified professionals currently searching for gigs back into the workforce. As well, he would like to develop cyber education programs to help teenagers and schoolchildren to hone skills in IT and IT security areas.

Another component is to establish some assistance to help former soldiers and army intelligence officers take up careers in information security. To achieve this, he envisions offering educational events that provide advice to make former military personnel aware of various job and training opportunities.

“I want to give them the assurance that when they leave [the armed forces], it is not the end of the world, and to offer them a route into the corporate world,” he explains. “I don’t think they are getting that help.”

Singh believes that the main issue is that servicemen and women are not really given decent career guidance once they leave their posts.

“Soldiers are actually very good information assurance, security and audit people,” he says. “The whole IT arena is a great place for soldiers to be in, in my opinion, and in information security they would have a lot of discipline, but they are not being given guidance on that. I don’t know why this is. They don’t have commercially based skills…[or] any certifications…If [they] make the wrong choice or do not get the right certification that is not in demand, what are [they] going to do?”

Terry Neal, CEO of training firm Infosec Skills, agrees and says that more work should be done with former military intelligence officers as they have transferable skills that are relevant. For example, they are adept at dealing with obstacles and crises, pay close attention to visual detail and offer sound research and written/oral presentation skills.

“If they also have IT skills, all they need is the right training and they could be valuable members of the information assurance community,” he says. “If they have no existing IT skills, then an academic qualification should be sought first so they have a foundation upon which information assurance skills can be taught.”

Sarb Sembhi, chair of the ISACA government and regulatory advisory sub-committee for Europe and Africa, and a former president of the London chapter, adds that it’s all about taking good people with good skills and retraining them.

“There are two sides to things: On one hand we have more data breaches than we have ever had, we have hackers succeeding where they had not before and reports of malware that doesn’t get detected for years, so it’s worse than it ever has been,” he says.

The second side proves a bit more complicated. Although there are plenty of security professionals that have been in the industry providing thought leadership, others who also have been around for some time and may hold a few industry certifications may lack requisite leadership and even technical skills. As a result, multiple levels of skills gaps exist that need addressing, he says.

Particular skills, such as privacy know-how, understanding of how to leverage analytics, and the need to understand how the Big Data phenomenon actually can enhance existing security and risk management plans are wanting, adds Singh. CISOs alone are far from helpful if they don’t have a good team, after all, he says.

ISACA’s Sembhi adds that ultimately the continuous evolution of the information security industry will be dependent on guidance from already well-established and experienced pros like Singh. ISACA, he notes, leverages help from such practitioners to guide stronger career development opportunities.

Such moves are proving critically important, as industry leaders hailing from different backgrounds can reveal to those interested in this space that information security can be non-technical too.

“The human face of security is what ISACA offers, and when new people come into the field, they see that…the people we have…are experienced, great mentors and advocates of what ISACA has to offer,” he concludes.

With Amar Singh at the helm of the organisation’s UK chapter, many up-and-comers in the field today will likely be influenced.

Continue Reading
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Mobile Platforms





Well, gang, it’s official: Cross-platform convergence is now both magical and revolutionary.

Apple, in case you haven’t heard, is taking a serious step toward bringing its mobile and desktop platforms together: At its annual Worldwide Developers Conference adjective-shouting extravaganza this week, the company announced a plan to let developers bring iOS apps onto MacOSstarting next year. So, yes: That means the Apple faithful will soon be able to run iPhone-like software on their regular ol’ keyboard-packin’ computers.

Pretty spiffy idea, right? Mobile software, on the desktop! Just think of the possibilities. But wait: Why does something about this seem so eerily familiar?

Oh, right — because it’s exactly what we’ve been watching take shape with Android and Chrome OS over the past several years.

Now, before you grab the nearest suit of armor and novelty foam sword, hang on: I’m not here to play a game of “Who Did It First?” Let’s be honest: That kind of talk is pretty tired at this point. Some years, Apple borrows heavily from Google; some years, Google borrows heavily from Apple. Sometimes, the inspiration-lifting is for the better, and sometimes, it’s for the worse. I’m not an intellectual rights attorney (thank goodness) — and from a normal user’s perspective, the arguments over who copied whom are equal parts boring and irrelevant.

What I do want to discuss is how much Apple’s move validates the approach Google’s been pursuing for some time now — and, at the same time, how its implementation of the idea is both similar and simultaneously different.

Let’s jump in, shall we?

Apple, Google, and the tale of converging platforms

We’ll start with Google. The move to bring Android apps to Chrome OS began in earnest in 2016. (Yes, the work technically started two years earlier, with the beta-wearing “App Runtime” project — but that was basically just a test, with significant limitations and nothing even close to a polished or mainstream-ready experience.)

For Google, the notion of bringing two platforms together was nothing short of transformational. Chromebooks had traditionally been cloud-centric computers — a model that provided some enticing advantagesover traditional PCs but required you to rely mostly on web-based software like Google Docs and Office Online. Realistically, that sort of setup was more than sufficient for the vast majority of modern-day computer users, but it also left a fair number of gaps in what a Chromebook was able to do.

By allowing anyone to install and run almost any Android app while still maintaining Chrome OS’s security, simplicity, and speed-related advantages, Google accomplished several significant things: First, it redefined a Chromebook’s possibilities and limitations, making the devices more compelling and feature-complete for an even broader array of users. (On a smaller and much more specifically targeted scale, the current move to allow Linux apps on Chrome OS serves a similar purpose.)

Beyond that, it essentially created a whole new category of device — the Chromebook/Android mashup. That’s something we’ve seen progress considerably over the past couple years, as the hardware has slowly caught up with the software and convertible Chromebooks have effectively become the new Android tablets.

And last but not least, it created an ecosystem like no other. Developers could build and publish a single app and have it be available to the world’s largest mobile platform and the world’s increasingly dominant desktop computing environment. As long as the apps are built with responsive design and with a handful of form-specific optimizations in mind, it’s a single, streamlined process with minimal extra effort involved.

Significant as those first two points may be, we can’t underestimate the value of that last one — the ecosystem expansion. Remember, Chromebooks are hugely popular, particularly in schools. And developers tend to go where the users are. For the first time, Google could actually overcome its chicken-and-egg problem and have an existing audience that’d entice developers to craft large-screen-optimized apps — apps that, by their very definition, would straddle the lines of two overlapping ecosystems and benefit Android and Chrome OS alike.

Apple’s approach is a bit different. Unlike Chromebooks, Macs already run traditional desktop software. Unlike Google, Apple already has a successful tablet platform. And unlike Google, Apple doesn’t currently offer touch-enabled Macs — another one of those classic “it doesn’t work” declarations from Steve Jobs, way back when — and even if the company does eventually come around to rethinking that stance, it doesn’t seem likely that it’d look to phase out or de-emphasize the iPad anytime soon.

What Apple does share with Google, however, is the ecosystem part of the equation. Apple is all about the ecosystem, in fact, and it has been for a very long time. Google is the relative newcomer to that kind of focus.

So Apple, like Google, stands to benefit by aligning its platforms (a familiar phrase, no?) and making them more similar from a user’s perspective. It’s no secret that people adore their iPhones and the apps associated with them. Making MacOS follow iOS’s lead in some ways and allowing users to run familiar mobile apps within it will make the Mac feel more consistent and connected with the iPhone — and thus could make it more appealing both to current users and also perhaps to those who don’t presently own a traditional laptop or desktop computer.

Apple, like Google, could also benefit from energizing its desktop software ecosystem and giving developers added incentive to focus on that form. It may not be entirely comparable to Google’s Chrome OS situation, but the idea that development on the desktop side of Apple’s ecosystem is stagnating compared to the mobile side is a pretty common theme of discussion these days. Bringing iOS-like apps onto Macs could go a long way in reversing that view.

Perhaps most critically, aligning the ecosystems provides yet another piece of ammo for the famous “lock-in” weapon: You’ve got the environment you know and love and the apps you know and love on your iPhone and/or iPad — and now on your Mac, too. Just like Google is aiming to accomplish with Android phones and Chromebooks, our investments in these ecosystems are more expansive than ever — which, of course, means we’re more likely than ever to stick with whichever ecosystem we choose and continue to buy its associated products year after year.

Interestingly, Apple and Google also share the same persistent view from pundits that “the two platforms must be combined!” — a view that no level of adamant denial or ongoing evidence to the contrary seems able to extinguish.

Converging platforms, diverging paths

One thing the two companies don’t fully share is the specific approach to bringing mobile apps onto the desktop. Google, fitting with its general ethos, has established a bit of a free-for-all with Android apps on Chrome OS: By default (unless a developer explicitly disallows it or an app is inherently incompatible due to hardware requirements), most any Android app can be installed on a Chromebook. The Play Store you get on a Chromebook is quite literally the same Play Store you get on a phone.

So everyone is in, more or less — and it’s then up to each developer to optimize an app and make it excel in the large-screen, keyboard-and-trackpad-using form. Or not. Most apps work well enough on a Chromebook out of the box, and in some scenarios, it’s clear a developer went the extra mile to really make the experience shine. Either way, you can find plenty of useful titles that add meaningful value to the Chrome OS environment.

But you can also find plenty of apps that clearly weren’t made to run on that type of hardware — where even the most minimal amount of effort is painfully lacking — and those apps, while technically compatible with a Chromebook, are incredibly awkward and unpleasant to use. (Hi, Instagram!)

From the sounds of it, Apple is taking the exact opposite approach: The door will be closed by default — and the MacOS-iOS collection will consist only of apps optimized for the traditional computer form. That’s why Apple is releasing only its own iOS apps for the Mac to start and will be working with developers to optimize their apps for the desktop over the months ahead.

“There are millions of iOS apps out there, and some of them would be great on the Mac,” Apple Chief Shirt Unbuttoner Craig Federighi noted during yesterday’s announcement. The emphasis there is mine, but the message is clear: The entire App Store won’t — and, in Apple’s view, shouldn’t — be coming to the desktop.

Apples and oranges

So which approach is better — Apple’s or Google’s? The reality is that each seems to have its own set of pros and cons, and it’s tough to label either one as a definitive “winner.” Google’s implementation brings a massive number of new applications into the desktop environment and then puts the onus on the developers to make the experiences shine. The result, as we’ve established, is a bit of a mixed bag: You have tons of possibilities, many of which are valuable (with or sometimes even without form-specific optimizations) — but you also have apps that are just plain clumsy and out of place.

Apple appears poised to offer a more strictly curated selection of apps, allowing only those with form-specific optimizations into the mix. That should create a more consistent level of quality and experience, which is obviously a good thing, but it’ll also mean some apps that might be more mobile-specific and not likely to be optimized probably won’t become available.

Who cares? Well, consider one example: Apps like Netflix and YouTube are readily available via the web and don’t seem like the types of titles that’d receive the full desktop optimization effort or the Apple stamp of “great on the Mac” approval. But running the mobile apps on the desktop gives you the unique advantage of being able to download videos from those respective services for offline viewing — a handy little loophole crafty Chromebook users have certainly come to appreciate.

When you stop and think about it, the differences here are very much analogous to the differences in the two companies’ broader approaches to mobile app distribution: With Apple, you get a more closely controlled selection, which forces developers to comply more closely with guidelines and (in theory, at least) creates a more consistent experience. With Android, the less closely controlled gates mean more variance in the level of experience within — but that also means the door is open to more advanced and interesting types of creations that wouldn’t make their way past Apple’s gatekeepers.

I think most reasonable people would agree that Google could stand to gain some of Apple’s quality control and ability to get developers to follow its lead, while Apple could stand to loosen things up at least a little and allow some different types of tools into its closely walled garden.

Neither scenario is perfect, but both serve to accomplish the same goal — one that, in this wild new cross-platform world, seems both sensible and inevitable, regardless of which ecosystem you prefer.





Source: Computer World

Continue Reading





In our current culture, CEOs arguably command more power than respect. You can blame that in part on the light-speed exchange of information in the digital era. As Fortune‘s Geoff Colvin writes in the introduction to this year’s World’s Greatest Leaders list, “Easier access to information for customers, competitors, and others causes industry dominance to change more quickly, corporate life spans to decline, and executive tenures to shorten.” What’s more, unflattering news goes viral in an instant.

Nonetheless, year after year there are chief executives whose impact, not just on their own companies but on the world around them, is so significant that they deserve to rank among the greats. Our annual leader list spans politics, the arts, activism, sports and the nonprofit world, but each year, many business figures shine in this particular galaxy. Amazon CEO Jeff Bezos is one of only two people who have made all four editions of our list. (The other is Pope Francis.)

Here are nine private-sector CEOs who made Fortune‘s 2017 list. (For the rest of the list, click here.)

Continue Reading

Tech News




Jose Mourinho has played down concerns over Marcus Rashford’s lack of game-time at Manchester United as the World Cup approaches.

Rashford has not started a league match for United, who face Crystal Palace on MNF, live on Sky Sports Premier League, since Boxing Day and has found his first-team opportunities limited following the arrival of Alexis Sanchez.

However, Mourinho insists Rashford remains firmly part of his plans at Old Trafford and he expects the 20-year-old to be part of Gareth Southgate’s squad in Russia.

“No, I don’t reassure anyone,” Mourinho said. “The main reassurance for him is that he is always selected.

Mourinho insists Rashford is a key part of his squad at Old Trafford
Mourinho insists Rashford is a key part of his squad at Old Trafford
“There is not one single match when Marcus is not selected to start or to be on the bench. When I see you sometimes put in doubt if he is going to be selected for the World Cup or not be selected.

“You know, if the national coach trusts him, he selects him. It doesn’t matter if he plays or doesn’t play.

“There are many examples of players who don’t play for their clubs at all and they go to the national teams.

Gary Neville insists Marcus Rashford is firmly in Jose Mourinho’s plans at Man Utd and that it is normal for a young player to come in and out of the side.
“You have the example of (Sergio) Romero, who is the second goalkeeper at Manchester United and the first goalkeeper for such an amazing football country like Argentina.

“In your own country, you have examples of players who play even without scoring a goal in the Premier League.

“So, it’s up to Gareth Southgate. If he trusts him, he selects him. It doesn’t matter if he plays or if he doesn’t play for Manchester United.”

Rashford burst onto the scene with a series of crucial goals during the 2015-16 season under Louis van Gaal, and the England international cemented his place in the United first-team with a solid campaign last season in which he scored 11 goals for the club.

“At his age, what he’s doing is more than enough and the experience he’s getting at every level is more than enough for us to be happy with what we think is going to be his future,” Mourinho said. “It’s as simple as that.

“But because he had such an impact at the beginning, probably people expect him to play even more than he does and score even more than he does and perform even more than what he does but it is not so simple.

The 20-year-old is expected to be part of England’s squad for the upcoming World Cup in Russia
The 20-year-old is expected to be part of England’s squad for the upcoming World Cup in Russia
“What I see makes me really happy, to see the same boy. When you ask me about (Scott) McTominay, I spoke about McTominay as a boy before he was a player and Marcus is the same.

“What will keep them in the right direction, what will make them have that stability to improve is what they are as boys. And Marcus is a fantastic boy,b also very grounded.

“For sure, we love him, and we believe in him, and he’s going to have the chances.”






Continue Reading

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 675 other subscribers



%d bloggers like this: