In the era of hybrid work and sprawling multi-cloud environments, the enterprise perimeter has dissolved—and with it, traditional security models. Bhaskar Gorti, Executive Vice President of Cloud & Cybersecurity Services at Tata Communications, is navigating this transformation at the intersection of AI, geopolitics, and regulatory fragmentation. In this wide-ranging conversation, Gorti reveals how Zero Trust architectures, AI-powered threat detection, and data sovereignty mandates are reshaping cybersecurity from a defensive function into a strategic enabler of digital transformation. As cyberattacks grow more sophisticated and AI systems themselves become targets, enterprises face a new reality: security is no longer just about protecting data—it’s about preserving the intelligence that defends it.
Executive Vice President, Cloud & Cybersecurity Services, Tata Communications
CISO Forum: With the proliferation of hybrid workforces and multi-cloud environments, how can enterprises ensure secure global connectivity without compromising performance?
Bhaskar Gorti: Strengthen access with the Zero Trust principle
With the proliferation of hybrid workforces and multi-cloud environments, enterprise attack surfaces have expanded, making perimeter-based security models obsolete. The Zero Trust principle advocates that no user or device should be inherently trusted – verification must occur continuously, regardless of location or network. By embedding Zero Trust into network design, access management, and policy enforcement, enterprises can ensure that only authenticated and authorised interactions take place. This approach enables secure, seamless, and high-performance connectivity while reducing exposure to lateral movement and internal threats.
Adopt a unified, cloud-delivered security framework
Integrate Secure Access Service Edge (SASE) to unify networking and security functions in a single cloud-based model. This ensures consistent policy enforcement, real-time threat protection, and secure, high-performance access for users across geographies and devices.
CISO Forum: What are the most pressing cybersecurity challenges when operating across diverse regions and regulatory landscapes?
Bhaskar Gorti: Operating across diverse regions has made cybersecurity as much about governance and accountability as it is about technology. The challenges lie in balancing compliance, visibility, and coordination across a patchwork of regulations and threat landscapes.
Data Sovereignty & Residency
Cross-border data restrictions now require localized SOCs, SIEMs, and storage, fragmenting visibility and increasing costs. Yet this decentralisation is inevitable. India is adapting rapidly through the DPDP Act, RBI and IRDAI directives, and sovereign cloud initiatives — all of which are steering the country toward a compliance-aligned, AI-ready security model. As the digital economy expands, AI-powered monitoring and local trust infrastructure will become increasingly vital in protecting national data assets.
Fragmented Regulations & Maturity Gaps
With rules ranging from India’s DPDP to Europe’s GDPR and China’s CSL, maintaining a unified security posture is increasingly complex. Each jurisdiction brings unique reporting and audit requirements, leading to compliance fatigue and rising operational overhead. Simultaneously, regional disparities in cybersecurity maturity result in uneven protection, creating soft targets in distributed setups.
Region-Specific Threats & Talent Gaps
Attackers now tailor their campaigns to target specific language, cultural, and policy gaps. Without context-aware, region-specific intelligence, enterprises risk delayed detection. Add to that talent shortages and time zone gaps, and coordination becomes critical. The future lies in a centralised governance model with local execution, where sovereignty, AI, and collaboration converge to ensure consistent resilience.
CISO Forum: How can security be embedded seamlessly into large-scale digital transformation initiatives, including AI-driven operations?
Bhaskar Gorti: Security is the enabler for all digital transformation. As more applications and data are consumed and more information is exchanged, it becomes the very foundation of digital trust. To safeguard this rapidly expanding ecosystem, enterprises must embed security by design into every layer of transformation — protecting not only applications but also the communication flows between them. A robust edge distribution platform that secures all connections end-to-end ensures this protection remains seamless, scalable, and adaptive.
Enterprises must also harness AI for adaptive threat detection and resilience. As cyberattacks grow in speed and sophistication, AI- and analytics-driven automation can predict, detect, and neutralize threats in real-time. Embedding these intelligent defences within the network and cloud fabric strengthens resilience and ensures secure, uninterrupted operations across digital environments.
Equally critical is maintaining data integrity and governance. AI and digital platforms rely on trusted data — but without strong classification, masking, and encryption, enterprises risk breaches and regulatory exposure. Embedding these practices from data ingestion to inference safeguards both compliance and confidence.
Digital transformation is inherently hybrid, spanning SaaS, IaaS, OT, and edge environments. Enterprises require a unified visibility layer and control plane to eliminate silos and facilitate rapid incident response across their entire digital footprint.
CISO Forum: What approaches help cultivate a security-first mindset internally and among enterprise customers?
Bhaskar Gorti: Building a security-first mindset starts with shared responsibility, anchored by the BISO (Business Information Security Officer) model. Security can no longer be the sole responsibility of the CISO’s office — each business unit must own its own cyber posture. Embedding a BISO within functions ensures that security aligns with business goals, shifting from a reactive, compliance-driven task to a proactive, business-enabling one.
Once this foundation is set, leadership must lead by example. When CXOs champion cybersecurity in boardrooms and strategy discussions, it signals that security is not a constraint but a catalyst for growth. Their visible advocacy reshapes culture—transforming security from a “cost” into a “confidence” driver.
The next step is to democratise learning. Gone are the days of generic, one-size-fits-all training. Modern enterprises utilize role-based and gamified modules—such as secure coding for developers, phishing simulations for employees, and data privacy drills for HR—to make awareness contextual and engaging. Continuous, micro-learning formats ensure that cyber vigilance becomes second nature.
Equally vital is making security effortless. Embedding controls like MFA, automated compliance nudges, and hygiene checks into everyday workflows shifts the burden from users to systems.
Finally, an authentic security-first culture extends beyond the enterprise. Sharing threat intelligence, co-developing assurance plans, and hosting ecosystem-wide cyber drills strengthen collective resilience. This shared-responsibility model—anchored by roles like the BISO—redefines security as everyone’s business, not just IT’s.
CISO Forum: How can organizations measure the effectiveness of network and infrastructure security in mitigating complex threat vectors?
Bhaskar Gorti: Achieve complete visibility across the network and infrastructure:
Organisations can only protect what they can see. Gaining a comprehensive view of assets, traffic flows, and attack surfaces is essential for identifying vulnerabilities and assessing security readiness, ensuring no blind spots in their defense posture.
Continuously monitor and benchmark network performance and threat posture: Utilize real-time telemetry, security analytics, and automated incident reporting to assess the effectiveness of network defenses in detecting, blocking, and responding to advanced threats. Metrics such as MTTD, MTTR, and anomaly rates help quantify resilience and response efficiency.
Validate controls through continuous simulation and adaptive testing: Traditional security assessments that were once periodic, conducted quarterly or half-yearly, are no longer sufficient in today’s dynamic threat landscape. Organisations must adopt a model of continuous assessment, leveraging threat and breach simulations, red teaming, penetration testing, and attack surface evaluations to measure the real-world effectiveness of their defences. These ongoing exercises help identify blind spots, validate the strength of firewalls and segmentation policies, and drive continuous optimisation of security architectures and incident response frameworks
CISO Forum: How will emerging technologies like AI transform enterprise cybersecurity strategies in the near term?
Bhaskar Gorti: Emerging technologies—particularly AI and GenAI—are transforming enterprise cybersecurity from static defence to adaptive resilience. The battlefield has shifted from human versus machine to AI versus AI, where both attackers and defenders deploy intelligence at scale. This evolution has turned cybersecurity into a form of psychological and systemic warfare. Attackers now exploit context, trust, and human decision-making — and increasingly, they target the very AI systems that power enterprise defences. New vectors such as data poisoning, prompt injection, and model evasion threaten to corrupt training data, manipulate outputs, and bypass detection logic.
Enterprises must therefore not only use AI for security but also secure the AI itself. Protecting data pipelines, hardening models, and continuously monitoring AI behaviour are now foundational. Governance frameworks, such as the NIST AI RMF, and roles like AI Security Officers or BISOs for AI are emerging to ensure transparency, accountability, and resilience.
At the same time, AI-enabled contextual detection allows systems to detect intent, not just anomalies. Autonomous response capabilities within Security Operations Centers enable real-time triage and containment, dramatically reducing mitigation times. Continuous Threat Exposure Management (CTEM) frameworks further close the loop through live simulations and AI-driven risk mapping, providing a comprehensive approach to managing threat exposure.
Ultimately, AI is not merely a defensive tool—it is the nervous system of modern cybersecurity, where resilience, trust, and adaptability define enterprise strength in the GenAI era.
CISO Forum: How do your solutions help enterprises address current cybersecurity challenges while balancing risk, compliance, and operational efficiency?
Bhaskar Gorti: In an era where cyber threats evolve at machine speed, enterprises need defence architectures that think, learn, and respond just as fast. At Tata Communications, we’ve built a unified, cloud-native security fabric anchored in SASE (Secure Access Service Edge) and SSE (Security Service Edge) principles — and powered end-to-end by AI intelligence. This delivers consistent protection across multi-cloud and hybrid environments while reducing operational complexity and policy fragmentation.
Our Zero Trust Network Access (ZTNA) model is AI-assisted, continuously validating user identity, device posture, and behavioural anomalies. By embedding ZTNA within SD-WAN, VPNs, and cloud firewalls, we enable adaptive, context-aware connectivity that blends frictionless access with uncompromising control.
At the core, our Managed Detection and Response (MDR) services integrate AI-driven analytics, behavioural threat hunting, and autonomous response playbooks within our global Cyber Security Response Centres. This intelligent orchestration reduces detection and response times by up to 60%, transforming incident management from a reactive to an anticipatory approach.
Equally, our architecture is designed to be compliance-first. Using AI-assisted posture management and automated audit mapping, we help enterprises align with mandates such as DPDP, GDPR, and RBI/IRDAI, while preserving agility and data sovereignty.
Ultimately, we view security as an enabler of transformation, not a constraint. By embedding protection into every layer—cloud, core, and edge—we make security invisible yet indispensable to enterprise innovation and trust.
