‘The current model of remote delivery will soon become a norm’

0
Altaf Halde, Global Business Head, Network Intelligence

The COVID-19 crisis is slated to change the way businesses operate. In an exclusive interaction with CRN India, Altaf Halde, Global Business Head, Network Intelligence talks about the steps undertaken by the organisation to ensure smooth delivery of security services

As a security solution provider, how do you assess the current scenario and the lessons learned?  What’s your preparedness to handle such unprecedented situations?
When we are travelling in an airplane, we always hear, as part of the safety drill related to using oxygen masks, life jacket etc, “Please protect yourself first, before you protect others”. This is exactly the first thing that we did when we pre-empted the impact of COVID-19 situation. We first put our house in order, enabled work from home for our consultants, including our Security Operations Centre (SOC) which is measured on strict SLAs.

On priority, the support teams – finance, IT, admin, HR, and PMO – were moved either completely or partially to WFH. One challenge was our development team. While a lot of their systems were cloud-hosted, the big data setup of Elastic was in our server rooms. Hence, we enabled secure remote connectivity. We published detailed WFH guidelines and remote working security checklist. Once our house was in order and all our systems were enabled for WFH, we started reaching out to our customers.

How are you safeguarding your customers’ assets and premises in order to ensure continuity of their business operations?
In our line of business, when we are protecting data of customers, security is the utmost priority. Our business model is a mix of onsite as well as offsite. For offsite work, it was ‘business as usual’ with total transparency being maintained with the customers that delivery will continue to be done remotely. The same security modules, including secure VPN, network security, end-point security, etc – which is there in our SOC and also lie with other delivery teams – were enabled for the machines of our consultants.

However, when it came to onsite activities, it took a bit of time to convince customers of the zero impact on delivery. Here, I would like to convey thanks to our customers who understood the situation and helped us by giving company hardened machines and enabling their business continuity plan for smooth transition to offsite delivery model.

With the sudden rise in cyber threats and attacks in this period, how are you ensuring your customers’ data is safe and helping them mitigate risks?
Today, not many people are prepared for the onslaught of attacks due to the widened attack surface that they are exposed to. Some of the challenges include, but not limited to, more users with VPN credentials which means that phishing attacks will increase as most of these users are not trained to handle VPN access; IT support teams will rush to give access to remote users wherein a lot of security compromises will be done including scenarios where people will directly connect to the net using their private internet connection. This becomes an open invitation to the threat actors, which also means that IT support team will be receiving a lot of exception requests which they will have to allow for users.

In this time of total lockdown wherein your team can’t visit customers, how are you ensuring 24×7 service and support to your customers?
As mentioned above, our SOC and delivery, which works on 24×7, was enabled technically as well as from a process perspective. In specific context to onsite service expectations, safety of our team is of prime importance to us. It took us some time to explain and convince the customer that there will be zero impact on the delivery front, even if we do the delivery offsite. We shared our security policies and were able to explain to customers that it will be ‘business as usual’ for us.

Highlight some of the challenges being faced in providing service or support to the customers in this period?
Barring a few exceptions, all our clients had moved their staff offline. All staff working on overseas projects had been flown back. The challenges we faced were more in the mind – customers were not open to the offsite model. But constant communication and explaination about the security aspects like VPN, network perimeter, and end-point security, etc, which were in place and functioning well, helped remove the mind-block that customers had.

Soon we will witness changes in business models, wherein there will be far more remote workers in any organisation. In such scenario, what are the best cyber security practices, and how would Network Intelligence complement such a scenario?
We foresee that the current model of remote delivery will soon become a norm. This will be because responses will become faster and effective. Users and companies will realise that productivity is increasing in this model. So, we as a security services provider, would continue to partner with companies and provide our services, which will keep them prepared against the cyberattacks that will continue to increase.

Some of the best practices include:

  • Security awareness programme: Generic email reminders and how to avoid phishing
  • Regular phishing campaigns to test the users and increase their protection against opening malicious emails or suspected links
  • Email phishing monitoring
  • Log monitoring / threat hunting to identify of threat actors already inside the organisation
  • Firewall access control list review, using our home-developed solution for Firewall Rule Base Analysis – Firesec
  • Breach simulation to keep the company teams prepared in the event of an actual breach.

LEAVE A REPLY

Please enter your comment!
Please enter your name here