When it comes to security, many organizations, startups, and firms often overlook it in the beginning. For them, as long as the code works and the business runs smoothly, there's no need to make any changes. It seems simpler for them to avoid dealing with rules, regulations, methodologies, documentation, policies, and guardrails. This approach gives them a sense of freedom to operate as they please, without any constraints. But is this really a good approach?
Imagine living in a society with no supervision, rules, manners, or discipline. Everyone does whatever they please, like walking around naked or building homes in the middle of roads. It sounds absurd, right?
This is analogous to the state of many Indian tech firms in the past. They neglected proper security practices and focused solely on profit and organizational growth. Unfortunately, this attitude led to increased risks such as cyber attacks, threats, and data leaks.
Enter CERT-In, the Indian Computer Emergency Response Team.
Established as the national incident response center for major computer security incidents, CERT-In sets the rules, policies, and regulations that all tech organizations in the country must follow. It acts as the authority to which all firms must report in the event of a cyber-attack or incident.
CERT-In provides guidelines on best practices for data handling, encryption, storage, and more. It ensures that these guidelines are followed through proper audits, vulnerability assessments, patch management, and other mandatory activities.
Thanks to CERT-In's efforts, firms began to take security seriously, leading to a safer digital environment for all.