/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/post_banners/wp-content/uploads/2015/06/securing.jpg)
With the ever-changing threatlandscape, enterprises are trying multi-prongedapproaches in combating digital security issues. To keep up with the evolving security threats, Happiest Minds, a provider of digital services, also wanted to ensure a strong security framework and processes.
SETTING THE AGENDA
To provide a comprehensive and actionable view of its security ecosystem, the company set a threepronged agenda. Its first objective was to gain the ability to drill down and analyze infrastructure logs for forensics and alerts. Secondly, it wanted to enhance security awareness in the company and thirdly, it wanted to provide a dashboard for the leadership team.
GETTING ON TO TASK
With this backdrop that paved the way for the genesis of the ‘Security and Compliance Dashboard’ initiative, the company looked at achieving the key objectives, including monitoring software license usage, BYOD usage, and rogue Wi-Fi. The company also wanted to gain insights regarding status of end-user device protection, password management, and ISO audit and compliance. Further, it wanted to ensure server patch management to plug security vulnerabilities.
With these parameters in mind, the company at the beginning of FY14 implemented a security infrastructure to ensure that identity management is centralized via active directory for the entire company infrastructure. It deployed Microsoft System Center suite and Symantec Endpoint solution to manage end-user devices. “The goal from a security standpoint was to have a comprehensive view of all of the company’s key security infrastructure and provide a single pane view of the security and compliance parameters to the leadership team,” says Darshan Appayanna, CIO, Happiest Minds. The company implemented an ‘agentless’ BYOD solution that provides real-time information of traffic generated from wireless devices, asset information like jail broken devices, etc. The solution also identifies unusual traffic patterns.
Quips Appayanna, “We have also invested in a full-timeIT compliance director to head this initiative. Moreover,we have rolled out Microsoft System Center’s software center feature where all legal applications that can be used by the company are available for download, along with a correlation tool that can drill down and drill through event logs. All the information from various tools are knit together in the dashboard that provides a single pane view of our security ecosystem.”
HOW IT WAS DONE
The company collaborated with several vendors to create this seamless security infrastructure. For instance, it adopted Juniper’s STRM for centralized logging, monitoring, and reporting of key network infrastructure. This product was chosen after evaluating competing products and also the ecosystem that it had in the market. “It was the most comprehensive tool that helped meet our objectives. Meanwhile, the agentless wireless device management was provided by i7 Network’s Peregrine. We did not find any other agentless device management product as user privacy was a big factor in our evaluation,” informs Appayanna.
The other tech interventions the company made include ones like enhancing Microsoft System Center to deploy software center into all managed devices and Microsoft Excel to consolidate and correlate the different data points from the different systems. “Instead of creating a website, we found that collating the data in Excel helps end users to do further analysis on the dashboard easily,” adds Appayanna.
THE RoI
One of the biggest deliverables out of the project is that the company’s top management team now gets a monthly update on the state of the security ecosystem and this has improved awareness about the importance of information security across the entire organization. The project has also resulted in better mapping of security vulnerabilities reported in the infrastructure, which have come down to half, as this dashboard also drives the maintenance staff to keep the key software up-to-date.
At the end of the day, the project at Happiest Minds drives home the point that due diligence of the existing pain points, creation of an expectation list, and taking it forward with the right set of vendors is key to ensuring optimal results and better RoI.