IT giant, Infosys, has half a dozen strategic partners it relies on to deliver key components of its security stack. Executives from the company talk about Infosys’ longstanding partnership with RSA.
Longstanding partnership with RSA
The Infosys executive tasked with protecting the company’s vast, worldwide infrastructure is Vishal Salvi, CISO and Senior Vice President. He said: “We have half a dozen strategic partners that we rely on to deliver key components of our security stack: RSA has been one of this select group for almost a decade.” The first RSA solution implemented on a company-wide basis was the RSA SecurID Suite, linking the frequently separate disciplines of managing user access rights with identity governance and user lifecycle management into a single unified set of tasks. The RSA SecurID Suite provides Infosys with the ability to mitigate identity risk without impeding daily operations. With multi-factor authentication, access management, identity governance and user lifecycle solutions, it helps to strengthen security, ensure compliance and accelerate business growth. The Suite enhances access protection across all channels, including web, mobile and SaaS applications, with a wide range of authentication methods, including mobile push to approve, biometrics and SMS, as well as traditional hardware and software tokens.
Performance and protection
Following the success with the RSA SecurID Suite, the RSA NetWitness Platform for threat detection and response was implemented in 2014. K Lakshmi Narayanan, AVP and Head of Cybersecurity Technology and Operations, said: “Key factors in our selection process were the solutions’ ability to scale and their sheer performance numbers; we have such a large environment and are growing so quickly that it was imperative that any security measures we put in place didn’t compromise our users’ ability to continue working efficiently.”
“The RSA NetWitness Platform won by having superior throughput capabilities and its flexibility to be precisely customised to support our business goals. At that time we averaged 150,000 events per second [EPS] and have since experienced peaks of 600,000 EPS. I understand this to be one of the largest counts in the region for any company and RSA NetWitness Platform has been able to handle these volumes without any issues.”
Comprehensive coverage
The ability of RSA NetWitness Platform to assimilate and process data from multiple sources has resulted in its deployment across key areas of the Infosys infrastructure. It is integrated with all of the Infosys network, security and management platforms, as well as used extensively with cloud-based domains, such as Microsoft Azure, AWS and Microsoft Office 365. “We collect almost 100 different types of log files and use these for a wide number of purposes, including event correlation, real-time alerting, forensic analysis and ongoing compliance with standards like HIPAA, SOX, PCI DSS and ISO 27002,” said Lakshmi. “RSA NetWitness Platform enables the experts in our cyberdefence centre to really understand the true nature, scope and impact of an incident and empowers them to take immediate, targeted action.”
Massive scale, minimal overhead
Building on the impact and effectiveness of its growing portfolio of RSA solutions, an initiative to enhance operational efficiencies by rationalising risk management, controls and assurance processes resulted in selection of the RSA Archer Suite. RSA Archer facilitates the business-level management of Infosys’ entire range of governance, risk and compliance requirements. “We particularly valued the ability of RSA Archer to support our compliance objectives while simultaneously improving overall performance and we’re able to do this without imposing restrictions on the organisation,” said Lakshmi. “We now have a largescale deployment, containing nearly five million records from more than 35 applications. Due to its flexibility, we’ve also been able to further leverage the platform to create several custom applications for IT change management and our enterprise security incident management team.”
Salvi said: “My goal is to leverage automation as much as possible, while at the same time push both visibility and accountability throughout the organisation. The best way to achieve this is to consolidate the intelligence from multiple sources and multiple vendors into one centralised system. RSA Archer is the vehicle we have selected to accomplish this.”
Business-driven security
Salvi said: “We have a very extensive and complex infrastructure to protect and we have enjoyed a collaborative relationship with RSA over an extended period of time. I view it as a two-way partnership where we both contribute and we both benefit. RSA’s portfolio of products delivers what customers need.”
He said: “The RSA mantra of ‘Business-Driven Security’ totally resonates with me. This really is the only way that effective security can be deployed. The Infosys executive team does a good job at clearly articulating the company’s business goals and RSA is one of the key partners I use to ensure that my organisation accurately supports these priorities.”