Wibmo has collaborated with Microsoft for securing its technology landscape and has implemented the Zero Trust architecture. In addition, Wibmo holds PCI DSS, PCI-3DS, PCO-SSF, ISO 27001, ISO 27701, GDPR, SOC 2 certifications for security and privacy.
As companies across the fintech ecosystem leverage digital capabilities to fortify themselves with business resilience and agility, Wibmo has been at the forefront in evolving its Zero Trust deployment to respond to a remote work environment while dealing with the growing intensity and sophistication of cyberattacks. During the pandemic and even now when work from home is extended, Wibmo wanted to ensure security controls are mobilised starting from network packets to endpoint.
The Zero Trust model assumes breach and verifies each request as though it originates from an open network, instead of assuming that everything behind the corporate firewall is safe. Every access request is strongly authenticated, authorized, and encrypted before granting access. Everything from the user’s identity to the application’s hosting environment is used to verify the request and prevent breach. Having a strong identity-whether that represents people, services, or IoT devices- is the critical first step to the success of a Zero Trust security approach to decide on access decisions. Following Microsoft’s example, the Zero Trust security model for Wibmo is based on three core principles- verify explicitly, use least privileged access, and assume breach.
The collaboration with Microsoft has enabled Wibmo to improve and control its security landscape, achieving endpoint and cloud security controls leading to robust governance and mitigation of internal and external risks. With the Zero Trust security framework, Wibmo has been able to:
Modernize identities and endpoints: Automated validation of the identity and endpoint to ensure that the identity has least privilege access and devices used are fully compliant to its Information Security policies. The endpoints are secured and managed by Microsoft Defender for Endpoint. This enables Wibmo to minimize costs with a unified and integrated platform and protect users, devices, and data with intelligent, cloud-scale security
Secure the hybrid workforce: Wibmo can now verify user identities with strong authentication methods while keeping workforce secure and productive and enforcing granular access controls with real-time adaptive policies. Integrated security signals detect threats faster and proactively prevent attacks.
Transform employee experience: Wibmo has been able to automate end-to-end identity lifecycle management to quickly onboard or offboard users. It has provided seamless access to all apps and simplified app discovery from anywhere which in turn helps in reducing IT overhead by empowering users with self-service experiences.
Extend protection across the digital estate: Wibmo has automated its identity governance to control access to resources for all users. With this it can intelligently detect and respond to compromised accounts and devices and is able to extend protection for the entire digital estate across organizational boundaries, clouds, and platforms.
Speaking on this Pravin Kumar, CISO, Wibmo said, “In collaboration with Microsoft, Wibmo is the one of few fintech companies to implement Zero Trust architecture in the Indian Fintech landscape. Moving to a Zero Trust Architecture is not a one stop shop process, but it entails a series of constructive and cohesive steps in covering Confidentiality, Integrity, Availability and Privacy to achieve the end objective.
Terence Gomes, Country Head – Security, Microsoft India, said, “In a world where identity is the new battleground, adopting a Zero Trust strategy is no longer an option, it’s a new business imperative. Zero Trust is a proactive, integrated approach that relies on intelligence, advanced detection, and real-time response to threats. We are pleased to support Wibmo in strengthening its security posture with our global expertise in Zero Trust security deployments. Wibmo’s experience reinforces the need for a new security model that effectively adapts to the complexity of the modern environment while protecting people, devices, apps, and data wherever they’re located.”