Bindu Sundaresan describes her role at AT&T as a “security professional.” Her job, as she puts it, is “to keep information safe.” Sundaresan points out that most company leaders don’t know where their information is. “If you don’t know where it is, it’s hard to protect it,” she says. So often, business functions are siloed, and security ends up being one of them. “Security has to be a horizontal function,” Sundaresan states.
She also cautions about a company’s security measures being solely technology-based. She’s seen an uptick in the criminal use of social engineering; for example, a “delivery person” allowed into an executive’s office plants a device that allows him or her to access the company’s wireless network. A waitress goes off to swipe a credit card and records the number and security code on the back. A month or two later, she uses it to go online shopping. “Security and awareness go hand in hand,” says Sundaresan. While polices are well and good, she notes, they’re only effective if people follow them. If a company has a weakest link, the crooks will find it.
Sundaresan advises companies to treat their security efforts “as a program not a project,” she explains. “So often, IT is called upon to put out a fire. Security is seen as a roadblock to that. We need to get out of that mindset and that’s hard to do.”
The issues on Sundaresan’s radar are security and mobility, security and cloud computing, and how these topics relate to industry verticals like healthcare, retail, financial services and government entities.