Post image for Fortifying the enterprise – Sachin Jain, Evalueserve

Fortifying the enterprise – Sachin Jain, Evalueserve

by amarinder on September 10, 2011

“A single instance of data leak can impact our entire company,” says Sachin Jain, CIO at Evalueserve – a leading Knowledge Process Outsourcing (KPO) enterprise.  As a KPO, the company is privy to sensitive information from clients across sectors. This makes data security paramount. However, Sachin and his team have transformed this challenge into a key strength – clients are impressed with Evalueserve’s stringent information security processes. Read on to know how they made it happen.

Chinks in the security armour

Evalueserve began their fledgling operations in Gurgaon, India, in 2000; today, they are a team of more than 2400 people across locations. Data security has always been vital given the nature of their business – associates access sensitive client information and conduct custom research. “We even help our clients draft and file patents,” says Sachin, explaining why it is critical to keep the data, residing in their network, absolutely safe.

The company has always been aware of the responsibility such information brings; even during their early years, they had measures to safeguard it. “We had a basic set up with a firewall. But we realized the importance of stricter information security – from compliance as well as business perspectives. We formed a core team to manage enterprise security,” he says. They began by creating policies and structures that evolved with their business. Grappling with different challenges, they adopted a step-by-step approach to fix gaps through which data could be leaked. This resulted in certifications and streamlined data sharing processes.

However, as technology evolved so did the business need. Using the latest technology solutions as business enablers meant greater complexities to manage. The company needed a more robust solution to ensure that email access, inadvertent data leakages, instances of employees sharing official information through personal mail ids, etc., did not pose as risks.

Strengthening the links

This is where the Websense Data Loss Prevention (DLP) solution fit in. Implemented at the enterprise level, it covered Evalueserve’s network and also data end points. So, data on laptops, phones, and other mobile agents was secured against leaks and thefts. It also allowed blocking of a category of websites compared to a more tedious blocking of individual sites. Moreover, data on mobile devices was protected from hard-to-detect malware. Tailored workflows for different business units meant each unit could define critical information, and spot policy violations relevant to the operations.

The solution’s features ticked the other right boxes too: simple architecture, low hardware requirement, and easy integration with existing infrastructure. It also offered the requisite flexibility and came with a centralized console to simplify management and reporting.

ACPL, a Platinum partner of Websense and a leading information security solutions company, was able to successfully demonstrate through a Proof of Concept (POC), the value of Websense DLP solution in terms of data leakage protection, compliance support, policy enforcement and cost savings.

Of course, it encountered user resistance; but that faded away once the employees saw the benefits. To make change management easier, the enterprise also focused on knowledge sharing. “We have e-learning modules, quiz tests, posters, screen savers etc., to introduce and reinforce the security policies.” The company culture ensures that anyone who joins the team gets educated about the security policies and complies with them. Sachin also knows that the trick lies in keeping things simple. “It’s on the roadmap: simplifying the Websense security solution we use as much as possible, so that we don’t build complexity into it,” he says.

Safety becomes the norm

How long did the implementation take? It began with data classification where Evalueserve’s different business units had to organize data into different categories based on its sensitivity and use – from confidential to what could be in the public domain. After this, they identified keywords and sources through which data could be leaked (email, FTP, etc.). Soon, policies were aligned to strengthen the initiative. The phased implementation approach will soon see completion; but the early results have already started trickling in. These include:

  • Instances of breaches and data security violations have decreased.
  • Employees are more sensitive to data security policies and manage critical information better.
  • Gaps in business processes (such as data leakage through personal IDs) have been fixed.

“The key challenge was to properly classify the data and Evaluserve team had good understanding of what was important to them. The POC showed security breaches & identified broken processes, this made Evalueserve confident of DLP solution,” said Sukhpal Singh Sandhu, Head – Information Assurance, ACPL Systems. “ACPL has good experience of deploying large and complex DLP solutions, they had required expertise to handle project of this magnitude and we are extremely happy with ACPL support in successfully rolling-out the project,” says Sachin Jain.

Clients have also been impressed with Evalueserve’s commitment to data security and the security framework being followed. “In one of the instances, one of our clients had asked for an hour slot to review our security policies and controls. When they saw the controls we have in place in addition to ISO 27001 certificate, we wrapped up the talks in just 5 minutes!” Smiles Sachin. Evalueserve’s commitment to information security and data protection has resulted in more business, and greater approval through client audits, which Evalueserve is open to, at any point in time.

What were the other steeping stones to this successful solution? Apart from classifying and identifying information, the team is managing false positives. The fine-tuning is still underway and will eliminate instances that seem deceptively similar to data breaches.

Creating the winning combination

Reflecting on the entire process, Sachin discusses the key lessons learnt. He stresses on the need to get adequate representation from all business groups for such initiatives. “You cannot drive it alone,” he points out. “Understand the nature of your business; try the solutions available and then take a decision. It is important to identify the kind of solution and tools, which are relevant to your business and do not compromise the organization’s productivity or efficiency. Strike the right balance between being nimble and fast, and staying protected and safe.”

Related Posts:

Previous post:

Next post: