To better prepare for situations like COVID-19 crisis, enterprises must define a framework that has security and business continuity as a priority, feels Nazmeen Ansari, CEO, Matrix3D Infocom
As a security solution provider, how do you assess the current scenario and the lessons learned; what’s your preparedness to handle such unprecedented situation?
As a security solution provider, we see the current scenario as totally unprecedented one. Enterprise clients, especially in the BFSI domain, have always had a business continuity plan. However, other industries have not taken this seriously and maybe, they affected to a larger extent.
Looking at this crisis, there are two crucial realisations for the industry:
- There will be major outage and every business needs a plan to continue delivery of services in order to ensure it survives after all this gets over
- Digital transformation, wherein we look to implement technology tools to do things in a more efficient manner, should have work-from-home and bring-your-own-device (BYOD)as a critical part of the programme.
Since our security practice is based on digital transformation and cloud migration, most of our clients have either migrated or are in the process of moving to cloud and implementing best practices on security. We have also understood new challenges from new customers and accordingly , we are adapting our service offerings to ensure that there is more control and monitoring of data, even if there is no crisis.
How are you safeguarding your customers’ assets / premises in order to ensure continuity of their business operations?
As mentioned earlier, most of our customers are on cloud, and those who are not, need to be enabled through other services. This is not a good time to start transformation, but rather enable the client to access their resource with least disruption. Here, we provide an ‘Insta-Connect’ service that enables the client to access their on-site digital assets through VPN and there is no training required. For a few clients, we have already started the first phase of moving data to cloud. This period of low business allows the client and us to define a better architecture to ensure that it will be business-as-usual and is also allowed even if there is no physical access to office premises.
With the sudden rise in cyber threats and attacks during this period, how are you ensuring your customers’ data is safe and helping them mitigate risks?
There are two threats during this period. The first one is cyber threat – people are accessing company data through unsecured devices and in the process becoming easy targets for hackers. The second is the lack of good identity management, monitoring and control practice, which is more of an operational risk.
For technology related risks, we follow the best industry standards like two-factor authentication, end-to-end encryption, server endpoint security, and much more. Our current service ‘Cloud Connect’ helps companies to get their data on Microsoft Cloud and here, we leverage the security of the platform with our expertise in configuration.
For those businesses where security is of the highest priority, we have ‘Virtual Workspace’, where the entire computing and data resides on a virtual machine. This ensures that data leakage, data monitoring and other data security practices that are not technology driven are also taken care of and the organisation is protected from vulnerabilities of the user’s machine in an uncontrolled environment. We also insist clients to undergo our ‘Security Awareness Training’ programme, so that their employees can understand and protect themselves from technology risks at home.
In this time of total lockdown, how are you ensuring 24×7 service and support to your customers?
As a security solution provider, remote assistance has always been our strong point. For the past one year, the teams of our clients have been demanding work-from-home in normal situations; the lockdown has just given an opportunity for the users who resisted this to adapt. Our digital helpdesk allows customers connect for support through Cloud Connect, wherein our engineers resolve the issue through a remote session conducted through Microsoft Teams that offers complete desktop control. Our framework is strong enough to handle any operational issue virtually.
Highlight some of the challenges being faced in providing service or support to customers during this period?
The roadblock is with the companies where they have ignored the adoption of technologies like cloud, collaboration, and taken security lightly with no strong identity management system. Since it is now too short a time to design a work-from-home model, the customer is transferring data by whatever means available like e-mailing files or sharing on free service accounts. I believe they will have a challenge to get data back and now have no control on data that has already been shared. Design of a good, secure business operational system cannot be done overnight; it requires creating the baseline and the willingness of the management to follow, and invest in security and digital transformation to ensure business continuity. We hope that enterprises would realise and change once this crisis is over.
Soon we will witness changes in business models, wherein there will be far more remote workers in any organisation. In such scenario, what are the best cyber security practices for customers? And how would you, as a security solution provider, complement in such a scenario?
Rather than seeing them as remote workers, the design should be such that people are able to work from anywhere and anytime. This model will work in case of site outage and also strengthen their security. The first service where we see an opportunity is scaling our security operations centre to help customers keep systems in good shape, do a security audit to ensure that data is protected, and not rely on on-premise controls to handle data security.
The second service would be a quicker and easier roll-out of cloud transformation services. Whenever a site is not available or accessible, the customer can still connect to all employees, collaborate, and ensure that business processes are not hampered.
What’s your message to customers, so that they are assured of full support today and in the days to come?
Customers should start embracing technology quickly, define a framework that has security and business continuity as a priority, start with an audit immediately to find the lapses and preparation for such situation, and enhance the ease of doing business. Companies should follow the industry guidelines – like SEBI has for Mutual Fund companies and stockbrokers or RBI has for the BFSI sector. I believe each industry regulatory body should have a robust cyber security framework. Once they truly adopt these practices, their support requirements will come down and they can do business whatever may be the situation.
If you have an interesting article / experience / case study to share, please get in touch with us at firstname.lastname@example.org