Keeping in mind the skill gap prevalent in the Indian IT industry – with its focus around certifications and training, CompTIA is looking forward to creating a large pool of highly trained and certified IT professionals in India.
In India, CompTIA is working with major enterprises and training delivery organizations to roll out training and certification programs for entry to expert level of IT workforce.
Todd Thibodeaux, President and CEO, CompTIA speaks with Zia Askari from ChannelDrive.in about the organizations key focus today and how it is preparing to train IT work forces.
What are the key priorities for CompTIA?
CompTIA (The Computing Technology Industry Association) is the world’s largest developer of vendor neutral certification for the IT workforce. Since the past 3 decades, CompTIA has been engaging with the industry to understand the needs of the IT workforce and enterprises to design and deliver certifications in multiple domains relevant for the Information and Communication Technology industry.
Our certifications cover a myriad of technology areas such as hardware, operating systems, server systems, software, information security, mobile / wireless and cloud computing among others. Some of our certifications have become de-facto standards when enterprise organizations look for fresh talent as well as create a career path for their existing staff members.
Being an industry association our priorities are to continually monitor the job roles and design relevant workforce development solutions for them. In India, CompTIA works with major enterprises and training delivery organizations to roll out training and certification programs for entry to expert level of IT workforce.
Our key priorities are definitely towards creating a large pool of highly trained and certified IT professionals, in order to address the skills gap prevalent in the Indian IT industry.
How can data be secured in today’s data driven world?
Securing data is about vigilance. Having a plan and making a commitment to following the plan is the only way to secure data / networks to the best of your abilities.
What are some of the best practices that can be followed in India?
- Encourage companies to have aggressive password policies both for intensity (strength) and frequency of change. More issues are caused by weak passwords than any other network vulnerability.
- Identify your most critical data and have a disaster recovery plan. Loss of data does not just come from hardware failures and loss from natural disasters. Hackers can penetrate networks and destroy data as likely as they are to steal it.
- Companies should commit to regular and rigorous penetration testing of their networks and systems.
- They should commit to training and educating all employees in what it takes to be a good cyber citizen within their firm. CompTIA has an exciting stack of training and certification programs aimed right from the average enterprise IT device user to people who design the security policies of enterprise organizations. Some of these certification programs such as Security+© has become hugely popular with individuals who look at Info-sec as a career option as well as corporate entities who aim to develop security skills.
- Companies should benchmark against the best practices of the most attacked firms.
We also see a lot of developments towards creation of smart cities – where IoT driven devices talk with each other – how and at what level- security should be enforced so that this can never become a security nightmare?
Not all IoT devices are created equal. Meaning not every street light or smart meter needs to be connected to a larger network or the Internet to be a useful tool. We will have to be smarter in the future about how we architect and connect various IP enabled devices. Do we need to access them remotely and if so how remotely? Can a series of IP enabled devices work effectively on smaller not globally connected networks?
We’ll need to not allow overkill and give devices more capability than they need such as installing a full Linux stack on a small single purpose device. We’ll also need smarter AI system that will do a better job of sniffing out potential mischief as it takes form but before it can do any damage.
Today there is also this growing trend towards utilising public cloud infrastructure and this is also becoming a point of worry as far as compromising data security. Your comments?
There is nothing inherently unsecure about the public cloud. More and more of the largest companies in the world are moving at least parts of their applications and data to the public cloud. Leading providers like Amazon and Microsoft are creating state of the art backbones for a range of computing applications based on cloud infrastructure.
Public cloud providers have every incentive to use the best possible hardware and practices to protect customer data. A failure of the basics would have catastrophic results for their bottom line and confidence would be severely undermined.
While top public cloud providers may provider a state of the art backbone, if the customers fail to do everything they can to secure their applications and databases bad things can still happen. Leaving unused login credentials active or failing to detect vulnerabilities in customer facing websites are just two issues that can make your systems just as vulnerable in the public cloud as they were on private on premises infrastructure.
How can telecom networks be secured in a better way to accommodate evolving data threats today?
The best way to secure telecom networks is to better secure the endpoints that connect to it. The telecom networks themselves are simply conduits for data to flow from one place to the other. Malicious attacks start by hackers gaining access and control of any IP enabled connected device.
What kind of precautions do you suggest when it comes to securing enterprise networks?
- Make sure all the devices connected to your network are getting regular firmware updates and patches
- Separate quest WiFi traffic from internal networks
- Make sure every employee understands the role they play in protecting corporate networks
- Enforce tough password policies including length and intensity and frequency
- Do regular stress and penetration testing
- Identify your most critical data and information and have a disaster recovery plan