BONNE VIE

Menu

“A 360 degree approach to cyber security is the only way forward”

Pulak Das, Deputy General Manager- IT, Yazaki India Pvt Ltd, and IT Genius Award 2017 winner, discusses implementing a unique all-round protection of the company’s digital assets by establishing security shields at all vulnerable points. By Satyaki Sarkar

In his career spanning 26 years Pulak Das has worked in a variety of roles, gaining a unique perspective on the different functions and aspects of the IT industry. These include application development, data centre setup, WAN, LAN and SAP implementation, servers and data base administration, and virtualisation. Pulak has harnessed the knowledge gained to support the business function by bringing in technologies that reduce operational cost and improve performance. Simultaneously, with the growing threat of sophisticated virus attacks and data breaches, he’s worked hard to ensure his company’s digital security. Pulak was recently recognised with the IT Genius Award 2017 in Data Centre Excellence for his efforts in reinforcing and rebuilding the data centre security infrastructure for his organisation. Here, he tells us a little more about this implementation.

Preparing for any eventuality
“In light of the countless data breaches and compromises around the world, security is a huge concern. Several companies claim to have a robust security solution, but the attacks continue to happen because they are unaware of the many different points of attack. The infection could come from a number of sources like emails, web apps, spam mails, etc, and most of the time we only cater to a few of the most obvious ones. So to come up with a comprehensive security solution I conducted a detailed analysis and survey to find out the various existing weaknesses and entry points that could be utilised to target the system. I evaluated those vulnerabilities to better understand the measures needed to prevent them from being exploited. Our evaluation showed that 70 per cent of the attacks were taking place from the inside, while the remaining 30 per cent were from external sources. So we decided that the paradigm had to change, and we needed to first concentrate on the 70 per cent.”

A multi-layered security approach
“To start with, we decided to implement the existing solutions by hardening the systems as well as monitoring and tightening the number of external devices that came in contact with our systems, and the number of internal devices that went out. We implemented tightening protocols, hardened the file servers, and ensured that access management was tight enough to allow access only for essential requirements. We scattered the usage, segregated the file servers on a logical level as well as a physical level so that even if an employee accesses the server through an infected machine, the infection would be contained and not have a chance to spread across the network. We have a sandbox like setup with multiple controllers attached that allow us to shut off the system, if need be. This also lets us provide access to a very specific part of the server, as needed, without risking any kind of an infection of the entire system. We monitor the files being accessed, the changes being made, and have put in place two perimeter level guards, consisting of a virus scanner and a malware scanner, that any and all information has to pass through before entering the sandbox. This helps root out all potential viruses and malwares, preventing them from coming into contact with the critical system. Additionally, we have configured the permissions in the sandbox system in such a way that all known file encryptions (for example a file with a .crypt extension) are prevented from being written.”

“As a last step, in order to ensure data integrity and safeguard against data loss, we have also acquired another sandbox setup. So the data from the first sandbox is being continuously replicated and maintained, in a read-only mode, on the second sandbox. This helps prevent any malware from harming or corrupting the data, as there is no way of modifying it. Currently we are also working on enforcing a sixth level of protection, by taking the backup on a physical drive, namely, a tape drive. We are constantly on the lookout for the best technologies to use and the most advanced security safeguards to protect our company’s data and prevent any compromises.”

Overcoming challenges
“A challenge that was one of the most difficult to overcome was data segregation. All the data could not be business critical. So we had to decide the kind of data that we needed to segregate and implement the highest level of protection for it. For this, we got help from the Security Management System (ISMS) that we implemented to monitor and secure the countless devices that are used. Within ISMS the very first process itself is the identification of business critical information assets by various functions and departments.”

Looking to the future
“As a result of the steps we took we have had no security incidents at all so far and data compromises have stopped entirely. However, security is always a continuous process and one that needs to be consistently reinforced using the latest technology. Currently, on the advice of our OEMs, we are also upgrading the system with a host of new features, including ENS, DAQ, so that we can add further defence to the possibility of any potential attacks or data breaches. We expect to roll it out within the next two to three months.” 

Categories:   People, Interviews

Comments

Time limit is exhausted. Please reload CAPTCHA.