IDI_horizontal_color
Book a Demo
white fiber overlay large

Cybersecurity in Focus: A Q&A With IDI’s Chief Technology Officer, Avi Dasgupta

q&A


aviblogheadshot (1)

Insights from Avi Dasgupta, CTO

 

 

With cyber threats on the rise and the stakes for businesses higher than ever, cybersecurity has become a top priority for organizations of all sizes. But how can businesses stay ahead of constantly evolving risks while managing tight budgets and complex vendor relationships? Avi Dasgupta, Chief Technology Officer at IDI Billing Solutions shares insights on the ongoing challenges of cybersecurity, how organizations can make the most of their current investments, and the importance of fostering a strong security culture across the business. 

 

Q: Avi, in today’s digital world, it’s challenging for organizations to establish and maintain trust with their customers. Why is it critical for security to be an ongoing effort in the face of rising cyber threats? 

Avi: What we’re seeing today is that business is moving at a fast pace, and as business processes evolve rapidly, the pressure on technology to keep up is intense. The threat landscape is constantly changing, and so are the threat actors. Cybersecurity has become an incredibly challenging discipline because you have to continuously adapt to these changes. It’s not a one-time project where you complete it and you’re secure. Instead, it’s a continuous effort to observe how threat actors are evolving in relation to the changes in business processes and technology. To stay secure, organizations must commit to a dedicated and ongoing approach to cybersecurity. 

 

Q: With cybersecurity budgets tightening across the industry, how can organizations make the most of their existing security investments to meet new business challenges, rather than constantly buying new solutions? 

Avi: That’s a very important question, especially as budgets tighten and there’s constant pressure to make the right investments. The key is having a strong understanding of your risks. Security is not just a technical function; it’s a business function. What that means is, we need to understand what the specific risks are to our business, and these risks differ from company to company. 

Cybersecurity teams need to work closely with the business side to understand the business processes and the new risks that come with them. Once you have a good idea of the risks involved, you can prioritize them. That strong prioritization helps ensure your investments are focused on mitigating the most important risks. So, start by clearly identifying your business risks, prioritize them, and then align your investments with those priorities. 

 

Q: With companies increasingly relying on third-party vendors and security providers, how can businesses manage the risks involved and ensure that these partners are delivering on their promises? 

Avi: This is a great question. Managing the entire supply chain is becoming critical, not just from a security perspective, but also for compliance. Many cybersecurity breaches happen because of a break in the supply chain—where a downstream vendor didn’t have the right controls in place, and that’s where the exposure happens. 

Organizations need to be very careful about where they source their software. In the cybersecurity world, software is getting more complex, especially when you integrate it from different vendors. You need to make sure it’s being patched properly and that your downstream vendors are aligning their processes with your standards. Often, you won’t have full visibility into their processes, so it’s crucial to choose vendors that have the right certifications and attestations. It may cost more upfront, but it’s time and money well spent. 

 

Q: Building a strong internal security culture is essential to protecting a company’s data and assets. How can businesses foster this culture, and why is security awareness training such a critical part of the equation? 

Avi: Security is everyone’s responsibility, and security awareness should be an ongoing practice, not just an annual event. At IDI, we make it interactive and fun. We run phishing campaigns and, after each campaign, educate our employees on what to look for in suspicious emails. We aim to make security awareness part of everyday life. Given the turnover and the arrival of new employees, once-a-year training isn’t enough. We run campaigns and trainings quarterly, and sometimes monthly, to keep security top of mind. 

We also emphasize personal security, not just business security. It’s important for employees to know how to protect their assets in the workplace and in their personal lives. Making security a regular part of company culture is key to building a successful awareness program. 

 

Q: Ensuring proper data security is critical, but it can be challenging for organizations to know where their data resides. How can businesses maintain a clear data inventory and ensure the right level of security is applied to each asset? 

Avi: There are three main components to this. First, asset management—understanding where all of your assets are. This can be difficult because assets aren’t always stored within the company itself. With so many departments using different SaaS platforms, companies must have a clear idea of where their data is stored.

Second, data classification is essential. You need to classify data appropriately, distinguishing between sensitive information, personal data, and general business data. Each type of data requires different levels of security.

Lastly, you need standardized rules for how to handle and protect classified data. By combining a strong asset management process, a clear data classification framework, and standardized usage rules, implementing data security becomes much easier, even for larger organizations.

 

Q: Data encryption and privacy are top priorities for many companies, especially with stringent regulations. Why is encryption so critical to safeguarding sensitive information, and how should companies approach data privacy? 

Avi: It all comes down to trust. It takes years to build trust, but a single breach can destroy it in an instant. For SaaS companies like IDI, where we host customer data and business processes, protecting that data through encryption is critical. We ensure data is encrypted both at rest and in transit, so even if it’s intercepted, it remains protected. 

On the privacy front, it’s about exposing data only on a need-to-know basis. There are strong privacy regulations in place, and it’s vital for the security function to work closely with legal departments to stay aligned with local, regional, and national laws.  

 

Q: With cyber threats becoming more and more complex, many companies are turning to manage security services. What should businesses look for in a managed security provider and why is a close relationship with these providers so important? 

Avi: For small and midsize businesses, managing all security needs internally can be nearly impossible due to limited resources. That’s why partnering with a managed security provider is essential. I use the term “partner” intentionally—this isn’t just a transactional vendor relationship; it’s a true collaboration. You need a provider who not only specializes in security but also takes the time to understand the unique dynamics of your business. 

When evaluating potential managed security providers, thorough due diligence is critical. Ensure their services align with your specific security requirements, particularly the risks you’re aiming to mitigate. Once you’ve selected the right partner, the relationship should evolve into a mutually beneficial one. The deeper their understanding of your business, the more effectively they can safeguard it, tailoring their solutions to meet your long-term needs. 

 

Building A Better, More Secure Experience With IDI  

As Avi highlights, maintaining security in today’s fast-changing threat landscape is an ongoing journey—one that requires not only smart investments and cutting-edge solutions but also trusted partnerships and a proactive, security-aware culture. In a world where cyber threats grow more sophisticated by the day, staying ahead means fostering trust, embracing innovation, and working closely with experts who understand your unique challenges. 

At IDI, we’re more than just a security partner—we deliver a world-class, cloud-based B/OSS platform designed to protect your business while driving growth. Our secure, scalable solution is built to handle the complexities of today’s telecom environment, ensuring your critical operations are safeguarded while you stay focused on delivering exceptional service. 

Take the first step today. Contact us at 800.208.6151 or schedule a consultation at idibilling.com/demo. 

Get The IDIxperience Newsletter Delivered To Your Inbox Monthly

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Ready to Build A Better Experience?

Through innovative technology, people, partners, and systems, IDI is committed to providing the insightful counsel and specialized expertise required to help you navigate the ever-evolving digital landscape.

Contact Us