One of the ways to manage security is by handling the perimeter & analyzing threat vectors: Jayant Gupta, Executive Director of Information Systems, HPCL
Hindustan Petroleum Corporation Limited (HPCL) is an Indian state-owned oil and natural gas company with its headquarters at Mumbai, Maharashtra. It has about 25 percent market-share in India among public-sector companies and has a robust marketing infrastructure. HPCL is also one of the top five largest fuel retailers.
At Express Computer’s, Government Data Center & Infrastructure Summit, we had an opportunity to speak to Jayant Gupta, Executive Director of Information Systems, Hindustan Petroleum Corporation Ltd on a variety of topics related to data centres, ranging from migration to feasibility and security.
Here’s an excerpt of his views on the same: :
What are some of the latest IT initiatives that you have taken from a data centre perspective?
We have our own data centre like any other big organisation nowadays. And we have been heavily dependent on the computing needs, served primarily from the on-prem kind of setup. However, a few years back we used to look at the relevance of cloud but nowadays we are focusing more on the requirement of the users and where they are placed; and based on these two criteria we decide where the requirement needs to be served from – so whether it is on-prem, from our own data centre or from cloud or go forward with a hybrid one. Hence, we had taken a decision to rebuild our infrastructure in such a way that it can extend on to cloud as when the requirement arises, so that we are able to cover up the availability of the infrastructure as and when required by the users. Our responsibility is to ensure that the solutions are delivered on time, and that they run efficiently without any hindrances. Also maximize the usage of our own data centre as it is more cost effective.
Our journey is more towards hybrid with specific requirements being served from where the user or the data centre is placed.
What are some of the key challenges from a security point of a view? And what are some of the measures that you have taken?
One of the big challenges that we all seem to have is to report any security related incident which happens within six hours to CERT, and that has to be done without having any compromise on it. It is a big task, and for us, who have 24/7 plants and refineries working all across India, we need a mechanism to capture events that happen across the country.
Vulnerabilities are also a cause of concern, one has to make sure that they are updating their systems on a regular basis. Also, one of the ways to manage security is by handling the perimeter and analyzing the threat vectors.
Data centre migration into the cloud is usually seen as a very daunting experience. In terms of its feasibility or economics, what would be some of the best practices that you would suggest?
What we have experienced is: typically if the data systems remain more or less stable, there is no spurt or sudden rise in it and one can predict that expanse or increase on it, quarter on quarter or year on year, in that case it makes more sense to have your infra. However, if the spurt or increase is way beyond one’s expectations then one can opt for balancing the infra which is available on the cloud. And nowadays, there are many vendors who give its users the solutions that extend on-prem to cloud as and when one requires. So one can probably find some solution where one pays majorly for your own infra; and pays only for that part when it spurts, or when it increases, and goes to the cloud based infra, so you pay for that. And in case there is no sudden increase then you don’t have to pay at all. So I would recommend to seek a compromise on that from your particular vendor.