IIFL Finance is one of the leading players in the Indian financial services industry. The IIFL Group covers multiple markets, including wealth management, home loans, microfinance, and retail banking, and has 2,377 branches in more than 500 cities across India. The business is digital and dynamic. Rather than through acquisition, IIFL aims to grow by identifying opportunities in the market, customizing solutions, and moving quickly. The IIFL Group grew 37% in 2019 compared to 2018. With the onset of the pandemic, IIFL wanted their teams to be able to work from anywhere, at any time securely. It believes all endpoints on the network need to be secure, including the infrastructure of its employees working from home. The Group has a wealth of sensitive personal and financial data. To protect its corporate reputation in the eyes of regulators and customers, IIFL Finance must effectively manage security threats posed to its remote workforce and secure its financial data.
The Group wanted to strengthen cybersecurity for both, on-premises and cloud-based activity, and establish clear visibility of the threat landscape. IIFL Finance knows that the Cloud can help scale up its business quickly and aims to reach its customers through digital channels. But that presents both opportunities and challenges. And it believes that it can counter the challenges by effectively managing the security threats.
To address this requirement, IIFL Finance deployed security solutions from Palo Alto Networks. These solutions have helped IIFL in:
- Establishing end-to-end threat visibility, from the cloud to on-premises to devices
- Providing complete protection of applications and workloads in physical data centers, across LAN perimeters, and in multiple public clouds
- Increasing cloud-native application visibility and control
- Ensuring scale to accommodate business growth
According to an IIFL spokesperson who led the project, in 2018, the Group started its “security transformation.” The aim was to establish a coherent, long-term strategy that would support business growth and protect against threats. It would need to reflect the themes of cloud and mobility. IIFL conducted proofs of concept (PoCs) against agreed-upon criteria with several vendors. In addition to a PoC, Palo Alto Networks undertook a Security Lifecycle Review (SLR), a unique assessment offering that highlights vulnerabilities within an organization’s existing setup. The SLR identified high-risk applications, susceptibilities, and how the network might cope if traffic were to increase sharply.
“The PoC showed Palo Alto Networks to be way ahead of the others. Its features and functionality suited our growth strategy,” said the IIFL spokesperson. “It was clear Palo Alto Networks would give us scale and visibility.”
The Solution
Palo Alto Networks’ approach, based on the Strata network security suite, includes Next-Generation Firewalls; Panorama network security management for all firewalls — at the perimeter, in the data center, or in the cloud; and the WildFire malware prevention service.
The implementation across the perimeter, data center, and cloud was completed in February 2020, just weeks before the COVID-19 pandemic locked down the Indian economy.
Around half of IIFL employees were already enabled with remote working at that time, and the lockdown required the remainder to be equipped.
Anil Bhasin, Regional Vice President, India & SAARC at Palo Alto Networks, said, “The cybersecurity challenges – handling multiple clients and managing thousands of employees working remotely – that a large financial services company like IIFL face on a daily basis are immense. This has become even more critical in the wake of the current COVID-19 pandemic. We are confident that the dynamic nature of our platform will provide a secure environment for IIFL to safely access remote work capabilities now and in the future.”
IIFL now has clear visibility into its security posture. It is stronger today and more assured of its future. According to an IIFL spokesperson who led the project, the implementation ran smoothly, and Strata has proven no bottleneck to performance.
“Even as more transactions go digital and volumes increase, we’ve seen no downgrade in the experience for those working from home,” the spokesperson added.
Security Transformation at IIFL is not yet completed. However, the pandemic is likely to accelerate and advance IIFL’s roadmap. The spokesperson said IIFL is exploring the Cortex security operations suite by Palo Alto Networks with a view toward faster investigations, fewer alerts, and greater automation.
Cybersecurity for Rmote Workers
In an article written exclusively for CISO MAG, Diego Souza, Global Deputy CISO, Cummins Inc. said, “COVID-19 has not only created a new way to work but it has brought new challenges to the organizations to provide an adequate level of support to its employees aligned with security concerns in how to protect their data and system in this new extended work environment.”
In this article, Souza offers recommendations to security leaders to cope with the new security challenges posed to remote workers.
“Security leaders had to scratch their heads to provide quick security controls to support the business and enable the work from home opportunity,” writes Souza.
Read the complete article here.