How Infosys is strengthening its cybersecurity posture, CIO News, ET CIO | #microsoft | #hacking | #cybersecurity


With the pandemic, organizations had to pivot toward working from home and from cloud during a very short period. At Microsoft’s Future Ready, Vishal Salvi, Chief information Security Officer and Head of Cybersecurity Practice at Infosys, discussed how the company went through rapid and massive changes to adopt to the new mode of work and the role Microsoft played.

Infosys, the fourth largest IT services company in the world, successfully enabled its 280,000 employees across 50 countries to work remotely within weeks at the onset of the pandemic. The organization attributed this agility to its ability to keep pace with changing trends.

From a cybersecurity perspective, the attack threat surface increased dramatically during the pandemic because of rapid adoption of cloud, data, and analytics. Therefore, this period provided an opportunity for threat actors to exploit vulnerabilities. “Remote working has diminished the monolithic perimeter defense and I concur with one of Microsoft’s Zero Trust statement that identity is the new perimeter. Zero trust takes data as the central pivot, but it revolves around identity,” said Salvi.

Infosys saw unrelenting pandemic-related phishing attempts, advanced malware, various versions of ransomware attacks, and advanced persistent threats like organized crime against nation states and financial institutions. Microsoft O365 services like Azure AD, Azure MFA, Microsoft Intune and conditional access enabled Infosys to tag identity as user plane with device and data plane which translates to 360-degree security, striking the optimal balance between user convenience and control.

The world is now seeing an increased rate of digital adoption. What was earlier within the perimeter of an organization can now be anywhere on the internet, which is borderless and has no geographical control. “If security is an afterthought, companies can be left vulnerable. It is very expensive to implement security into your products and solutions after you have already built it,” said Salvi.

It is not just that the risks are increasing but the ecosystem is making leadership accountable for the management of cybersecurity risks. “Broadly, companies need to focus on four goals: finding a balance in the tradeoff between convenience and control; keep upgrading the cybersecurity posture; build a sense of cyber resiliency within the organization and build a cybersecurity culture within the organization,” Salvi added.

Infosys uses Microsoft Security and Compliance Center, and Secure Score dashboards guide IT and Information Security teams at Infosys to track and monitor latest and historical scoring based on Security controls enabled. It also provides actionable insights to improve the organization’s data protection capabilities and overall compliance posture. “The fact that security is the responsibility of each individual needs to be inculcated, Infosys has adopted multiple training programs in partnership with Microsoft towards building that culture. We also perform multiple phishing campaigns using Microsoft Attack simulation to determine and enhance user awareness. Tools like Azure Information Protection (AIP) increased awareness among employees on the significance of classifying and protecting information,” added Salvi.

“One thing that is clear is that we will not go back to the old legacy architecture that we had. We will have a modern, pivoted technology architecture that will allow employees to work from anywhere, any time and from any device. And this will be possible 24X7 in a trusted and secure manner,” said Salvi.



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

seventy nine − seventy seven =