Top Story

Case Study: Protecting Customer Data in Financial Services

A guardian keeps a watchful eye on the IT infrastructure of a financial services company. Being vigilant and acting on alerts helps protect critical customer data and infrastructure

Story Highlights

  • MOFSL needed to monitor its assets round the clock with advanced visibility solutions.
  • Needed to carry out regular security audits to identify threats/weakness in the environment.
  • Sequretek helped MOFSL create a threat management strategy.

Motilal Oswal Financial Services Ltd (MOFSL) caters to over 900,000 customers with Rs. 44,963 crore plus depository assets. It has PAN India coverage across 2,200 locations in over 500 cities. The company’s offerings include capital markets businesses (retail broking, institutional broking & investment banking), asset & wealth management (asset management, private equity & wealth management), housing finance & equity-based treasury investments. MOFSL has won several awards and is ranked among the best financial services companies in India.

Pankaj Purohit Sr. VP & Head of IT, Motilal Oswal Financial Services
Pankaj Purohit Sr. VP & Head of IT, Motilal Oswal Financial Services

Pankaj Purohit Sr. VP & Head of IT, Motilal Oswal Financial Services said, “Since we are in financial services our customers’ data is critical to us.”

As its business grew, it became a challenge for the company to keep a close watch on its infrastructure, and to react to security threats.

THE CHALLENGE

The internal team at MOFSL ensures security at various layers and have various technologies in place to provide authentication, identity management, and access control, with defence-in-depth security principles to protect against external as well as internal risks.

However, monitoring the network became increasingly difficult for the company as it expanded its operations across the country. MOFSL needed to monitor its assets round the clock with advanced visibility solutions. It also needed to carry out regular security audits to identify threats/weakness in the environment.

So MOFSL turned to Mumbai-based Sequretek, a startup focused on Information Security and the Information management space. Sequretek has a state-of-the-art security operations centre (SOC) and a team of qualified security experts monitor infrastructure 24X7. They also offer advanced threat protection services and patch software and applications proactively to protect an organisation’s infrastructure from threats and ransomware attacks.

RELATED STORY: 10 Reasons Why Your Organisation Must Outsource Security

“Sequretek enables us to solve various challenges through its offerings: network monitoring, providing threat intelligence, application security testing, infrastructure security testing, vulnerability analysis and penetration testing, etc. They also ensure that all the compliance requirements for our organisation regarding information security, are met and updated as per the regulatory and compliance requirement,” said Purohit.

Sequretek an MSSP (managed security service provider), enables Motilal Oswal to be vigilant and secure. The Sequretek team constantly monitors the MOFSL network and hunts for abnormalities in its traffic. All applications also undergo strict application security testing with support from Sequretek Engineers.

SECURITY STRATEGY

Sequretek helped MOFSL create a threat management strategy. It involves identifying a potential threat and defusing it before it can spread on the network. The Sequretek team does a thorough audit of the network to remove all instances of malware. With help from global threat intelligence sources, Sequretek periodically issues threat intelligence reports that alert MOFSL (and other clients) of current threats (like ransomware). These reports or technical advisories include detailed instructions to patch and update applications. The controls and technical advisories safeguard MOFSL against future threats and are built on industry security standards and best practices.

Working with the Sequretek team, MOFSL’s IT team began by analyzing the current infrastructure and available policies. A GAP-Assessment was carried out by Sequretek, which identified the gaps in MOFSL’s environment. It could also compare the state of its security with the norms followed in the industry. Then it designed and implemented policies and procedures that strengthened its security posture.

“Sequretek helps us to protect our mission-critical data by continuously monitoring our network and server infrastructure. They alert us to any possible intrusion attempts; our in-house team along with the Sequretek team work on these alerts round the clock. Sequretek also plays an important role in auditing our security controls and recommending ways in which we can improve our security posture,” said Purohit.

TOP MANAGEMENT SUPPORT

The important thing is that the IT team at MOFSL has the complete support of its top management for all its information security initiatives.

“All the information security policies and procedures are reviewed by the members of top management periodically. Authentication, identity management, access control with defense-in-depth security practice are currently instrumental in the organization; this clearly shows the view the top management holds for Information Security,” said Purohit.

CONCLUSION

Because of the very nature of its business (financial services), MOFSL must do everything it can to protect customer data. That means keeping a vigilant eye for the latest security threats and taking remedial action. But it is not possible for a single company to do this all on its own as the universe of cyber security is so vast.

What Motilal Oswal Financial Services needed was round-the-clock monitoring, deep analysis and the expertise of security experts. And this is where a security operations centre can help.

The Sequretek team constantly monitors the MOFSL network and hunts for abnormalities in its traffic. All applications also undergo strict application security testing with support from Sequretek Engineers.

Sequretek is a ‘guardian angel’ to MOFSL.

Tags

Brian Pereira

Brian Pereira has over two decades of journalism experience. He is the former Editor of CHIP and InformationWeek magazines in India. You can write to Brian at: brian9p@gmail.com Twitter: @brian9p Linkedin: https://in.linkedin.com/in/pereirabrian