How IIFL is Securing its Sensitive Personal and Financial Data
Image source: IIFL
While no industry is immune to data breaches, the financial services industry is particularly vulnerable to cyber attack. The reason is obvious, as the sector is known for its wide array of interconnected systems and the processing of millions of transactions every minute. In the present situation, with a chunk of the work being handled remotely and firms exploring digital channels to stay ahead of the game, the need for a strong security system becomes crucial.
A popular name in the Indian financial services industry, Indian Infoline Finance Limited (IIFL) was facing the unique challenge of securing its sensitive personal and financial data while its teams were working from anywhere, at any time.
The Mumbai based firm covers multiple markets, including wealth management, home loans, microfinance, and retail banking, and has more than 2,000 branches in more than 500 cities across India.
“Innovation is our opportunity, and technology is our enabler,” says A Shiju Rawther, EVP of Technology at IIFL. Emphasizing on its increased use of digital channel, he says technologies such as cloud allows us to start small and scale quickly. “Through digital channels, we can reach many people very quickly.”
Rawther informs as the company was disrupting traditional routes to market, and wants teams to be able to, this presents both an opportunity and a challenge. The group sits on a wealth of sensitive personal and financial data. To protect its corporate reputation in the eyes of regulators and customers, it must effectively manage security threats.”
In 2018, IIFL started a “security transformation,” Rawther informs. The aim was to establish a coherent, long-term strategy that would support business growth and protect against threats. It would need to reflect the themes of cloud and mobility. IIFL conducted proofs of concept (PoC) against agreed-upon criteria with several vendors and instilled faith in security firm Palo Alto Networks.
In addition to a PoC, it undertook a Security Lifecycle Review (SLR), a unique assessment offering that highlights vulnerabilities within an organization’s existing setup. The SLR identified high-risk applications, susceptibilities, and how the network might cope if traffic were to increase sharply.
Rawther says the SLR resonated with IIFL’s desire to find a long-term solution. “The PoC showed Palo Alto Networks to be way ahead of the others. Its features and functionality suited our growth strategy,” he says. “It was clear Palo Alto Networks would give us scale and visibility.”
Palo Alto Networks approach, based on the industry-leading Strata network security suite, includes Next-Generation Firewalls; Panorama network security management for all firewalls—at the perimeter, in the data center, or in the cloud; and the WildFire malware prevention service.
The implementation across the perimeter, data center, and cloud was completed in February 2020, just weeks before the COVID-19 pandemic locked down the Indian economy, pauses Rawther and adds, “Around half of IIFL employees were already enabled with remote working, and the lockdown required the remainder to be equipped.”
“The new solution enabled us to have full visibility of who is accessing our systems, and how they’re accessing the system, which was the missing link earlier, “says Rawther.
According to him, the security transformation is not yet complete but that he expects the pandemic situation to accelerate plans. IIFL is exploring the Cortex security operations suite by Palo Alto Networks with a view toward faster investigations, fewer alerts, and greater automation.
“We believe cybersecurity is never the most high-profile topic. It must be there in the background, ready to support the business. Palo Alto Networks too echoed similar ethos like us,” he says.
The engagement means IIFL now has clear visibility into its security posture. It is stronger today and more assured of its future. Rawther says that the implementation ran smoothly and that Strata has proven no bottleneck to performance.
“Even as more transactions go digital and volumes increase, we’ve seen no downgrade in the experience for those working from home,” informs Rawther.
The COVID-19 impact on the global cybersecurity market size is expected to grow from $183.2 billion in 2019 to $230 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 12.0% during the forecast period, as per ResearchAndMarkets. The market growth can be attributed to increasing focus on securing remote infrastructure and IP of enterprises due to work from home and remote services programs.
Increasing focus on cybersecurity as a key business imperative and not just as a support function is expected to drive the market, says researchers.
As Anil Bhasin, regional vice president, India & SAARC at Palo Alto Networks, believes that cybersecurity challenges – handling multiple clients and managing thousands of employees working remotely – that a large financial services company like IIFL face on a daily basis is immense. This has become even more critical in the wake of the current Covid-19 pandemic.
“The new solution can help IIFL evolve their IT environment to better support remote access solutions. We are confident that the dynamic nature of our platform will provide a secure environment for IIFL to safely access remote work capabilities now and in the future,” he says.