If you have DevSecOps in place then you can speed up your security procedures: Naseem Halder, CISO, ACKO General Insurance Ltd
Acko General Insurance is a private sector general insurance company in India. It started its operations in 2016 as a digital insurer company and has been consistently growing ever since. The company received its license from the Insurance Regulatory and Development Authority of India in September 2017. ACKO has partnered with prestigious brands such as Ola, redBus, Amazon and OYO and launched innovative products like trip insurance, electronics cover and hotel-stay insurance.
At Express Computer’s, Technology Senate South 2022, we had a chance to speak to Naseem Halder, CISO, ACKO General Insurance Ltd on topics related to security, with particular reference to the insurance sector.
Talking about the challenges in the insurance industry, Halder said, “I come from an industry where you are a pure digital player, where your business source or business platform is a digital platform and you have to do multiple deployments in a day. So if you consider those cases and typical security control, every deployment will go through a security check and then it will go to the UAT and subsequently to production. But then, we are not going to be a part of the quick delivery. So I always talk about one thing that in today’s world especially, in the eCommerce platform business, for them security is a feature of your product or security is a feature of your service. I would say security has become a bare minimum necessity of your product. So if you do not scale up the response or the speed of your deployment, then you will not be a part of the business growth. And without business, I’m sure no security is going to sustain.“
Haldar further mentioned, “There are certain things that I believe: if you are able to do security by design, it will cut a lot of time. If you create a best practice that this the way that you have to do, and if I consider all our deployment pipelines, if you have DevSecOps in place then you can reduce a lot of time over there, so that will one way to look into it, however there are numerous ways to speed up. Like if you have a good security culture, you can accommodate lot of additional security features in your product or in your service before it can go to production team, or when somebody is going to talk to your client or customer, they’ll have to follow certain protocols which is in the end of the day a collaboration of all these things and will help in reducing the response time with respect to security.”
Talking about the solutions related to security, Haldar stated, “We as a company believe that customer experience is derivative of your employee experience. So, what kind of employee experience are you giving, what kind of security you have for your employees, how you are respecting their privacy are some important aspects to take care of. And, if you build a culture where one discusses more on the security side of a human being, the same sense we will be able to pass through our employee to our customer. I think that is another way to see security as well.”