Similarly, global analytics company, CRISIL, has adopted a number of security measures. Nadir Bhalwani, Director Technology Operations and Information security, CRISIL updates, “From user environment perspective, we have implemented end-point protection which also includes virus and spyware protection, proactive threat protection, network threat protection, and network access controls. And for remote access, we have implemented an SSL VPN with end-point controls features and Citrix XenApp is implemented through SSL VPN.”
He further informs that CRISIL has also implemented a DLP solution on end-point and integrated it with web proxy and mail gateway, as well as implemented an SIEM solution to proactively monitor and correlate security incidents and events from different devices and systems. In addition, the company is also in the process of deploying a Privileged Identity Management solution to monitor and control privileged users across the infrastructure.
Sharing details about the security measures at Evalueserve, Jain says, “We deployed a governance, risk and compliance solution last year. And this year, we are moving further on the maturity curve and adding more processes to automation. Improved DR for global locations is another key initiative.”
Bharti AXA General Insurance is another company that has increased its focus on security and devised a multilayered
security policy to ensure protection against advanced threats.
Parag Deodhar, Chief Risk Officer, Bharti AXA General Insurance adds, “We are using multiple tools and solutions
required to protect against various security risks followed by risk assessment, and then decide on the tools required to mitigate the risks. We follow a multi-layered security policy in which solutions are not just technology tools but include changes in processes and preventive and detective controls as well.”
Similarly, to ensure security of the corporate data, SREI Infrastructure Finance is looking at implementing Information
Rights Management (IRM) within the enterprise. “We are working on the demonstration of a security initiative called IRM, which works for all unstructured data. It helps employees in defining which report will go to whom, for how long the information can stay, who can print the report, and after what duration the report will be deleted automatically. This technology may really help in securing unstructured data,” says Somak Shome, Chief Information Security & Compliance Officer, SREI Infrastructure Finance.
These examples clearly show that as threats have evolved, information security too has evolved from just being firewall, proxy, anti-virus management to risk management for all business units and enablers. However, organizations need to go beyond just deploying security tools. “More than tools, strategy of adoption plays an important aspect for new technologies like cloud and analytics,” asserts Peerzade.
Going forward, SMAC adoption is slated to grow further and it would be impossible for enterprises to resist these disruptive trends. To thwart new threats that will emerge with these trends, it is imperative for organizations to design a security framework that can handle the dynamic nature of data sources and possible threats associated with it.