\u201cIt is not a question if you are going to be hacked, but when.\u201d When this statement comes in relation to India\u2019s Aadhaar unique identity system, the largest digital identity database in the world, we better listen. \u201cWhen we talk about critical information infrastructure it is always about hardware and software, when it is actually only about the data,\u201d says Cheri McGuire, vice-president, global government affairs & cybersecurity policy, Symantec Corporation. \u201cThe important thing to remember is that it does not matter which platform or device, as in the end it is about the data. It is really about how the data is protected. You are not getting rid of endpoint protection, you still need those, but the emphasis in on those protecting the core,\u201d explains McGuire. Watch video (App users click here for video) She says a broad toolkit will be needed from encryption, multi-factor authentication and data loss prevention technologies that give you visibility across your networks to protect data at this scale. McGuire is impressed that the implementation of Aadhaar is happening very quickly, and thinks some of the lessons learnt by India will help other countries who are looking to implement similar identity management infrastructure. On whether it is a good idea to have a single number at the core of a lot of services, she says it ultimately depends on culturally what is acceptable. \u201cI do think there are some concerns when you tie everything to a single number as it does open you up a bit more. You have to look more closely at how you intent to protect the unique ID database and ensure that all those personal IDs are encrypted both at rest and transit, and to access things you should be using multi-factor authentication.\u201d Plus she highlights that you need to have modern security software, as \u201cfive year old security software only gives you protection from threats that are five years old\u201d. McGuire says it is important to understand the psychology behind the cyber criminals and the threat landscape. She says the game has changed with nation state, organised crimes groups and hacktivists also becoming a threat along with everyday criminals. \u201cThose different types of threat actors have access to much different types of technology and resources. The kinds of threats emanating from them will be at scale.\u201d She also warns about the insider threat, especially in the context of what has happened in the US with Edward Snowden. \u201cThat is where data loss prevention technology is important to be able to segment controls over who has access to what data, keep logs, tag data to see to if something is moving around. The old just-don\u2019t-put-a-pen-drive-in does not work anymore as everything is wireless these days,\u201d she says, underlining how it is also important to train people to be vigilant. Plus, governments are dealing with numerous technologies that can sometimes create additional vulnerabilities, which she says is becoming more complex with the advent of BYOD, IoT, wireless interconnectivity.