Fortifying Cybersecurity: L&T Finance’s Strategic Alliance with Netskope
CXOToday has engaged in an exclusive interview with Mohd Imran, Chief Information Security Officer at L&T Finance
What emerging cybersecurity or cyber risk pain points has L&T Finance been facing in recent years?
Like many large organisations in the last decade, we have witnessed strong cloud adoption and SaaS applications’ sprawl within our teams, along with a significant increase in data movements within, and in and out of our network as the business world became more data centric. Being a financial organisation governed by stringent regulations, we have strived to always remain ahead of the curve in terms of cybersecurity, and have gradually increased our capabilities to gain visibility into any shadow IT and our increased attack surface, including cloud threat vectors, and ensure sensitive data was not being accessed by the wrong people or going where it shouldn’t.
However, after a few years, we ended up with a complex security stack, and our primary objective in more recent times was to look at what we could consolidate, and make it easier and less expensive to manage.
How has your security and networking stack evolved in recent years to remove these pain points, and how has your collaboration with Netskope started?
Netskope came into the picture more than two years ago when we started using their Cloud Access Service Broker (CASB) solution. We have since rolled out more of their solutions in an effort to consolidate our security stack, and continue to adjust our cybersecurity and data protection standards to the evolving threat landscape.
In doing so, we also started using their Unified Management Console, which provides us with a unified view of our multi-vendor network and security infrastructure, which we can manage from a single place. It also delivers advanced analytics, visualization and control that make it easier to detect where risk exists and where actions are necessary, and also helps us report on the business value of cybersecurity investments.
Nowadays we have most of the security components that a SASE platform can offer, including CASB, Data Loss Protection (DLP), and a Secure Web Gateway (SWG), which we all manage from the Netskope platform.
What are the main criteria encouraging you to gradually strengthen your collaboration with Netskope?
As explained we started with their CASB solution to gain complete visibility over our growing cloud and SaaS applications ecosystem, and in the process get rid of any shadow IT. We also chose their DLP to ensure data protection across web, emails and endpoints, along with their SWG because they offer high flexibility and granularity in defining and fine-tuning policies for monitoring and protecting data, people and endpoints. Beyond the solutions, we also saw value in consolidating and simplifying our security stack, and making it possible to manage everything in a single place.
Finally, the fact that they have built a private cloud infrastructure in India with eight data centers is also an advantage for an organisation like L&T Finance with strong regulatory and data sovereignty requirements, and provides our employees with a better user experience.
How did the implementation phase go?
The initial CASB implementation was fairly quick and smooth, and acted as groundwork for easily rolling out more Netskope services. Although Netskope is a channel driven business, they took ownership with Professional Services involvement along with trained partners, to ensure we were working towards the expected outcomes, and their Customer Success Management team also regularly checks-in to ensure those technical investments always help us work towards our broader business objectives.
What have been the main benefits of working with Netskope? Can you substantiate with any performance metrics?
From a technical perspective, we have managed to considerably strengthen our data protection capabilities, and consequently mitigate risks of data breaches, including from accidental or intentional insider threats. We have also gained full and unified visibility and control of our cloud and SaaS ecosystem, ensuring that any app or services used at L&T Finance is known and sanctioned.
From a business perspective, these migrations have allowed us to reduce our infrastructure and maintenance costs, while maintaining high cybersecurity and data protection standards. The significant reputational and financial repercussions that a cybersecurity incident can have on organizations have made it a key conversation at board level, and an essential component of any business strategy, and I’m glad our investments in this area are helping keep L&T Finance internal and external stakeholders safe from threat actors.
Are you planning / considering further developments with Netskope in the upcoming months or years?
We currently leverage a majority of Netskope security solutions, including CasB, Email Gateway DLP, Endpoint DLP, and SWG. Our upcoming initiative involves prioritizing Cloud Security Posture Management (CSPM). Presently, we are refining the deployed Netskope solutions to maximize their effectiveness, aiming to efficiently manage the solution. This effort is geared towards aiding the organization in safeguarding sensitive data, thwarting unauthorized access, and enhancing visibility through granular security controls.
