Express Computer

Home  »  Exclusives  »  Modern CISOs are not just protecting systems; they are safeguarding market confidence: Archana Venugopal, CISO, NCDEX

Modern CISOs are not just protecting systems; they are safeguarding market confidence: Archana Venugopal, CISO, NCDEX

ExclusivesArtificial Intelligence AIfeatures
By Sayantan Mondal
Archana Venugopal
0 12

At the National Commodity & Derivatives Exchange, cybersecurity is not an adjunct to operations; it is inseparable from the idea of a functioning market. Every trade executed, every price discovered, and every participant who logs in does so on an implicit promise of trust. For Archana Venugopal, Chief Information Security Officer at NCDEX, that promise defines the real scope of her role.

“In a market infrastructure institution like ours, cybersecurity is not a support function. It is a foundational element of market stability and confidence,” she says. The modern CISO, in her view, cannot be boxed into the narrow labels of risk manager or compliance custodian. “I see the role as that of a confidence steward and a strategic enabler.”

That framing is telling. At NCDEX, security is designed not to slow the exchange down, but to allow it to function without interruption in an increasingly hostile digital environment. Venugopal speaks of embedding security deeply into technology architecture, governance frameworks, and operational processes so that innovation and scale do not come at the cost of resilience. “When cybersecurity is integral to how the market operates and evolves, you can pursue transformation without compromising availability, data integrity, or regulatory expectations,” she explains.

The stakes for getting this balance wrong have risen sharply. Commodity exchanges have emerged as attractive targets for cyber adversaries precisely because disruption here does not merely affect IT systems, it can undermine market confidence itself. Venugopal has seen the threat landscape evolve rapidly. “Earlier, attacks were largely perimeter-centric. Today, we are dealing with sophisticated, multi-vector threats that target availability, data integrity, interconnected platforms, and even third-party dependencies.”

Denial-of-service attempts, credential misuse, supply-chain vulnerabilities, and the risk of subtle data manipulation now sit alongside traditional threats. Each carries a different kind of danger. “The greatest risk is not just operational disruption,” she says. “It is the potential erosion of market trust.”

That reality has sharpened her focus on resilience rather than the illusion of absolute prevention. “What keeps me most vigilant is ensuring uninterrupted market continuity in an environment of constant digital interconnectivity,” Venugopal notes. “Resilience, early detection, and preparedness are the only sustainable defences. Market infrastructure security is really about staying resilient in the face of the unknown.”

This thinking also shapes how NCDEX approaches modernisation. As exchanges evaluate cloud and hybrid architectures, concerns around latency, performance, and regulatory scrutiny often dominate the conversation. Venugopal is unequivocal that security-by-design is not at odds with these priorities. “In market infrastructure, security is not a constraint on speed or performance. It is the foundation that enables scale, resilience, and compliance.”

Cloud adoption at the exchange is therefore measured and risk-led, not opportunistic. Architectural choices are made to preserve deterministic performance for latency-sensitive systems while maintaining data control and auditability. “We are very deliberate,” she says. “The focus is always on market integrity and availability, not infrastructure flexibility for its own sake.” When security is embedded at the design stage, she argues, it actually strengthens system reliability rather than weakening it.

Beyond technology, Venugopal emphasises that protecting an exchange means safeguarding the integrity of the market itself. Cybersecurity cannot operate in isolation from data governance and market surveillance. At NCDEX, these functions work in concert. “Security teams protect systems and data flows, data governance ensures quality and access controls, and market surveillance analyses trading behaviour,” she explains. “When these insights come together, we can detect anomalies early, whether they point to a cyber event, data inconsistency, or unusual market activity.”

This convergence allows the exchange to distinguish between technical glitches and signals that may indicate manipulation or emerging systemic risk. “That coordination is essential,” she says. “It allows us to respond swiftly and decisively, and to sustain confidence in the fairness and orderly functioning of the market.”

The challenge multiplies when security extends beyond the exchange’s own walls. NCDEX operates within a vast ecosystem of brokers, clearing corporations, warehouses, banks, and service providers. In such an interconnected environment, Venugopal is clear-eyed about the risks. “Ecosystem security is collective security. Resilience is only as strong as the weakest trusted link.”

Her approach treats third-party security as an extension of the exchange’s own risk posture. Rigorous onboarding assessments, continuous monitoring, and controls calibrated to the criticality of each participant are part of the framework. But governance alone is not enough. “Collaboration matters just as much,” she says. “Regular information sharing, coordinated incident response, and clear escalation mechanisms ensure emerging risks are identified early.”

Looking ahead, Venugopal believes the role of the CISO in market infrastructure is set to expand further as digital participation deepens, particularly among farmers, FPOs, and rural stakeholders. “As inclusion grows, the CISO’s role shifts from protecting systems to enabling trust at scale,” she observes.

Wider access brings new complexities, varying levels of digital literacy, multiple access points, and greater dependence on intermediaries. The challenge is to ensure security remains protective without becoming exclusionary. “Security has to be intuitive and embedded into every interaction,” she says. “It cannot create friction for legitimate participation.”

That future, she believes, will demand even closer alignment with business, operations, and policy teams. “Ultimately, the modern CISO in market infrastructure is not just about safeguarding technology,” Venugopal reflects. “It is about enabling confidence, ensuring that digital access expands responsibly, with trust built into every layer.”

In a market where confidence is the most fragile currency, that responsibility may well be the most critical of all.

Sayantan Mondal

Sayantan is a Correspondent at Express Computer and CRN India, The Indian Express Group. His interest lies in technology and innovation across all industries. Sayantan holds a Masters degree in Media and International Conflicts from University College Dublin, Dublin, Ireland and a Bachelors degree in Journalism and Mass Communication from Amity University Kolkata, Kolkata, India.

You might also like More from author
Leave A Reply

Your email address will not be published.