The Unencrypted Story of a Data Security Warrior

By Pamela Chan

Anuradha Lipare had always known she wanted to work in technology. Born in India to parents who ushered her towards the banking sector, she reluctantly spent her high school years studying Commerce to appease their wishes.

“All the while, I thought: This is exactly the opposite of what I want to do,” Anu recalls. After graduation, she told them that she would be doing ‘computer things.’ And that she did.

At twenty years old, Anu enrolled herself at a nearby computer training school where she spent the next two years working part-time and taking courses. It was here that her love of technology bloomed, and where she wolfed down all she could about the then-emerging world of technology. She asserts:

“I don’t have any regrets on the path that I have chosen. I know I’m on the right track.”

Anu found her start in the field engaging with ‘old’ technology — adjusting instruments in data centres, installing security devices like firewalls, and mounting various technical devices on racks. Down the line, she became particularly fascinated with the management side of security, “I wanted to learn more about information security management systems, how to implement standards like ISO, GRC, and COBIT, and how to build trust with users,” she explains. Ultimately, she decided to pursue this as a career.

If her parents had known anything about Anu, it was that once she had made a decision on something, she would stick to it. So, when the travel bug bit her after over a decade of working as a security consultant in Mumbai, India, she set her sights on starting a new life in Southeast Asia. With papers signed to a brand new role in Malaysia, she took off to start a new chapter in her life.

When Life Gives You Lemons

However, the first few months in Malaysia saw a sour turn of events. “When I landed, the company told me that there is a hiring freeze and that I have to wait for six months for my onboarding,” Anu explains. Not one to readily turn back and head home, she took this time to kill three birds with one stone: traveling around the region, extending the validity of her Malaysian visit visa, and applying to other roles.

She reaped the fruits of her labor, landing a role as an Audit & Compliance Lead at IBM for two years, then as YTL Communications’ Senior Information Security Manager for the two years after. She wrapped up her time in Malaysia at e-commerce platform Lazada.

“After Lazada’s acquisition with Alibaba, I was promoted to Lead Information Security for the GRC department and was asked to relocate to Singapore,” she says. After nearly eight years in Malaysia, Anu packed up and moved next door to the sunny city-state.

Make Way for the Guardians of Gojek

Rounding out just over three years at Lazada, Anu was eager to grow her knowledge even further. She explains, “Now that I had worked in e-commerce, I wanted to learn about both the data privacy and business aspects of supply chain management, transport, and logistics. Understanding business processes helps you identify and mitigate the business’ particular privacy risks better.”

When Anu learned about Gojek’s brand new Global Head of Data Security & Privacy role, she knew this was the exact opportunity she was searching for. Here, her decades in the field would be utilized to its full extent.

“I was a one-woman army,” she states, “We had a cybersecurity team led by George [Do], but I was the first member of our Data Security & Privacy department.” Anu was tasked not only with assembling her team and establishing their interlock with the wider organization, but also designing an overarching governance framework to be implemented in every department.

In a nutshell, Anu translates, implements, and executes legal requirements into technical controls. This necessitates frequent collaboration with virtually every team in the organization, promoting the education and awareness of data security and privacy best practices, and keeping well-versed with the latest data privacy laws in each operating country. Perhaps most importantly, she works to build a deep sense of trust amongst the business and its users, developing a reliable platform for everyone in its ecosystem.

Such a duty can only be fully realized when all parties understand and uphold this mission. Through their collective efforts, Anu affirms that the perception of data security and privacy is far-reaching at Gojek:

“Stakeholders here understand that data and cyber security isn’t just a legal requirement, but a business requirement too. It’s a way for them to build customer trust, build a data-centric company, and generate revenue from the data.”

According to this 2019 report by cybersecurity company Datto, ransomware — when a user’s data is threatened unless a ransom is paid — remains the most prominent malware threat. The UN Disarmament Chief reported a 600% increase in cybercrime emails since the start of the COVID-19 pandemic. Evidently, Anu’s role comes with great responsibility. Her two most recurring hurdles include mitigating cyber threats when user data is stored in the cloud and when they’re in third-party hands.

However, it's obstacles like these that keep her on her toes. She explains, “I learn something every day — about the new threats that arise and about how to best protect ourselves and safeguard our data.” Her unrelenting desire to acquire knowledge is driven partly by her desire to become a lecturer one day, where she hopes to share practical knowledge of her time in the security field.

Anu’s Quick Takes on Fortifying Our Security Posture

Anu has wholly utilized her interest in computers as a guiding light throughout her life and career. Her long-standing passion for technology has morphed into an expertise in data security and privacy that now ensures the safety, trustworthiness, and reliability of our Gojek ecosystem.

With the prevalence of cybersecurity threats such as phishing and malware attacks on the rise, she shares her top tips on improving our online security posture.

For consumers/end-users:

• Be cognizant of what data you share and where you share it
• Understand that you have a right to question what data is being collected and for what purpose
• Do a digital cleanse of all your dormant accounts
• Always read security advisories carefully
• Build strong passwords, change them often, and enable two-factor authentication when possible

For organizations collecting data:

• Publish privacy policies and only process data that are mentioned in the policy
• Constantly assess your data & cybersecurity maturity level
• Implement controls to protect your consumers’ data and trust
• Practice data minimization by only collecting data required for your business

And finally, when asked what she would say to people who simply could not care less about data security and privacy, or claim they have ‘nothing to hide’: “It’s simple,” she says with a shrug, “Just be prepared to have your data misused.”

Need we say more?

Check out more stories from the vault here.

Oh, and we’re hiring: