|
Fortifying IT security
At Wipro, role-based access bolsters the company's IT security
By Aditya Kelekar
|
 "All
the technical and physical security controls are managed and monitored
by 24x7 security operation team"
- Ashok Nayana,
General Manager, IT, Wipro BPO
|
Wipro BPO Solutions is a provider of Business Process Outsourcing
(BPO) focusing on the complex, voice and non-voice based segment of customer-care
services. Services are provided from delivery centers in the North America,
Central and Eastern Europe, India, China and Latin America.
The company also offers a global delivery model to service
the remote support needs of technology product companies using several channels
(voice, e-mail, Web chat, e-services etc.) on a 24x7 basis. The company handles
more than 12 million customer calls and in excess of 2 million e-mails a month
and have experience of transitioning multiple processes across its 19 global
technical support centers.
For the BPO, information security is part of the overall management and governance
system, said Ashok Nayana, General Manager (IT) at the company. The company
has deployed various technical, physical and logical controls in order to proactively
identify, contain and address any sought of incident or security breach with
the help of 24x7 IT security operations team, Nayana said.
"All these controls are deployed, managed and monitored as per the Information
security management (ISMS) framework which comprises of policies, procedures
and guidelines and is based on ISO27001 information security standard,"
said Nayana.
Wipro BPO Solutions has achieved ISO 27001 and SOX compliance.
In order to minimize the impact of insider threats, the company has deployed
various technical controls such as end-point security, user access management
and monitoring, network segregation and role-based and need-to-know-based access
for all users. Apart from deploying technical controls, the company has also
been practicing administrative controls like user awareness through mass mailers,
built-in-boards, induction programs and login banners. “All the technical
and physical security controls are managed and monitored by 24x7 security operation
team,” Nayana said.
The company has deployed various technical controls like desktop firewall, desktop
I/O device controls, restricted desktop environment at end points and URL filtering,
gateway firewall, IPS/IDS, proxy and VLAN segregation as gateway and core layer
controls to prevent leakage of any sensitive information. Apart from technical
controls, user awareness and trainings on information security and sensitive
information handling are also provided to all users to avoid leakage of any
sensitive information.
The company has a 24x7 IT security operation team which helps to proactively
monitor any information security breach or malicious activity in the network.
"In case, any such incident is identified, quick actions are taken to contain
the impact of such incident and then appropriate steps are taken to address
and find out the root cause of the incident. Further, preventive action is taken
to avoid repetition of such incidents," Nayana said.
All security incidents are handled and addressed as per incident management
policy and procedure guidelines which are part of ISMS framework.
aditya.kelekar@expressindia.com
|
