Every opportunity comes with a cost. One thing that comes to my mind is that if someone had developed one App with a cost, why he will give his customers free of cost. You are using the App or services which means that you are the first customer. You are the data and asset of the App developing company. They may not do any direct business with you but your information/data could make the App development company the next millionaire or billionaire. For instance, see the business model of Facebook, they acquired WhatsApp and now WhatsApp got very popular with the power of instant messaging and have entered into the payment business after they saw good customer base. They may even move into banking if the payment business becomes a success.

After you are used to the communication method, it becomes difficult to leave a technology behind. If WhatsApp wants to charge a certain price (may be a small amount) for using its App, I am sure at least there will be 70% conversion rate. It is a revenue for them. The question is how to define the domain, area and geography of doing or entering into business. Hence, one technology disrupts another technology and it impacts the large company’s business cycle and investment as the First mover advantage. In certain cases it comes as disadvantages also.

Today, Facebook, Instagram and WhatsApp have user’s name and birth dates, besides frequent updates on various happenings and incidents. Amazon, Flipkart and other ecommerce companies know your addresses, mobile numbers and credit card numbers. Over the next few years, if users are able to do banking via links, say, on Facebook, it will have multiple risks. People leave a lot of information on social media platforms and other apps, without checking the privacy settings. Our survey says that 90% of the users are not aware of the fact. The biggest challenge is that your data is not just with your bank (or UIDAI or GSTN, etc). Many companies have started in India and abroad specializing in collecting data, from Big data to simple data by Filtering and segmenting it into usable format so that it could be used by various enterprises from the commercial point of view. I am sure you must have been a victim of receiving calls from various banks, property agents and telecom service providers for offering their services. At times it becomes very much irritating.

These include banks, telcos, insurance companies, credit card issuers, mobile wallets, ecommerce companies, hospitals, security and gas agencies. Linking Aadhaar with everything is a risk if done without adequate checks and balances. Who is the actor, who owns the information, how and why do multiple agencies have access to databases? There are good uses and bad uses of data. The trouble is we don’t know the bad users.

Data across systems and agencies is increasing every minute. A few lakh people apply for Aadhaar every month or go to its centres to update or correct information, including address, date of birth, name. The government is the biggest player in digital India, with several petabytes (one petabyte is 1,000 terabytes or approximately 10 years of TV content) of data residing with various agencies and there are multiple user agencies accessing that data to complete their tasks. The problem with government databases is that these are live, accessed by multiple users within the government and outside. That multiplies the security challenge.

There are other, equally critical data pools across Digital India platforms, with sensitive personal information about bank transactions, taxes filed, passport details, property ownership, birth certificates, photographs and so on. These reside in systems of Passport Seva, GSTN, egovernance portals, income tax e-filing, UIDAI and others.

It is absolutely true that a technology architecture developed with several ecosystem partners pose security vulnerability, reason being different company uses their own go-to-market and nearly similar architecture to define their own security standards. It is the absolute reason for security concern, which is everywhere and users need to be careful before connecting to public Wi-Fi.

In the security world, it’s a never-ending cat-and-mouse game, with hackers trying to breach networks, which could arise from hackers present anywhere in the world. Nobody is the clear owner of the Internet. Most of the digital world is protected by encryption but still not totally secured. For instance, banks with 40- bit encryption 20 years back can be hacked in 5 minutes today. Now banks use 128 or 256 bit encryption. Aadhar uses 2048 bit encryption for higher grade of security. Today, it will take thousands of man hours to break it.

In the corporate world, securing infrastructure comes with huge cost and one is not sure that even after investment if it will be 100% secure. It is all about increasing CAPEX of the hacker. Most companies still don’t spend the kind of money that securing digital assets needs. For instance, JP Morgan has a $10 billion IT budget and $1 billion is spent on security. In India, public sector banks spend 1-3% of their IT budgets on cybersecurity and it is slightly higher in private banks. In the US, spending 10-15% of the IT budget on digital security is a common trend among financial institutions. In India, the Ministry of Electronics and IT mandated all government departments in September 2017 to spend 10% of their technology budgets on security. This was after attacks like WannaCry.

The 2017 Global Cybersecurity Index by the UN ranked India 23rd among 165 countries in commitment to cybersecurity. India scored better in security than in ease of doing business.

Lack of security professionals to understand on identity and access management, security operations, internet of things (IoT), security, big data and cyber forensics are areas of immense opportunities for professionals in IT to become a cyber warrior. It is the next hot spot for engineers. It is an area that Indian engineers can explore. Technology institutions and corporates can come with various level of regular and certification course. Even the US is expected to have half-a-million or more unfilled cybersecurity jobs by 2021.