Godrej Group took note of Information security risks and very early on agreed to implement enhanced security measures across the group. This was almost 8 years ago when even banks, Insurance and technology driven industry were ramping up their security processes
By V Swaminathan
Godrej Industries & Associate Companies (GILAC) is a large conglomerate having diverse set of businesses which throw unique challenges at us every day. Each business operates in multiple geographies (including international) and has completely different line of business, level of automation, skill sets and awareness of people. As a result, the security solutions these businesses need are also different. Add to it the already complex landscape of new technologies and related risks which need to be addressed.
Being a part of this complex setup as CISO increases our understanding of existing , new and emerging risks in the IT /security landscape, about latest technologies and related information security requirements. It also pushes us to regularly update ourselves with new developments and innovations which can be used for the benefit of business.
Information Security in GILAC has always been given its due importance. ISO 27001 was implemented in 2008 and full-fledged Information Security function was established. The IT & Infosec Steering Committee chaired by our Chairman meets and reviews the IT and Infosec roadmap, new emerging risks in the technology landscape and approves measures to mitigate such risks.
Risks in our sector
Godrej operates predominantly in the manufacturing sector and has its own set of security challenges.
The manufacturing sector is steadily budging up the list of industries at higher risk of cyber crimes. Hackers are now realizing the attractiveness, value, vulnerability, and sensitivity of the manufacturing sector. This sector is more susceptible to cyber crimes because companies in manufacturing have not fully realized the importance of cyber security yet. They are not fully ready and equipped to cope with an attack.
The manufacturing sector players like FMCGs, locomotive, textile, pharmaceutical, chemical, and defense goods producers hold critical data and information. They conduct researches and developments. They have a cache of patent and IP related information and business secrets. This makes them an attractive niche for cyber criminals. The risks are greater in that, the manufacturers depend mostly on systems and networks that lack robust cyber defenses.
Apart from this, some areas of emerging risks are:
- Cloud computing
- Cyber security
- SCADA system security
- Bring Your Own Device ( BYOD)
- Internet of Things ( IOT)
Information Security @ Godrej Industries Ltd & Associate Businesses.
Godrej Group took note of Information security risks and very early on agreed to implement enhanced security measures across the group. This was almost 8 years ago when even banks, Insurance and technology driven industry were ramping up their security processes.
Every CISO dreams of implementing a fortified system in his organization which is virtually impenetrable and is immune to almost every risk. However, businesses have also to balance the costs of managing such a fortress Security system v/s the demand for a higher level of flexibility and ease of business operation. , sometimes, at the cost of security.
Our Chairman Mr Adi Godrej and all Business Heads have always extended their 100 per cent support in favour of having a good IT Security Infrastructure, even if it means some inconvenience in business processes.
Information Security team’s endeavour has always been to explain to the leadership team, Information Security Risks and its implication in the Medium and Long term. The Group has never shied away from investing in efforts to mitigate such risks.
Apart from the top management support, one of the key to the success of the Information Security function in Godrej is the collaboration with the CIO and the entire IT team, without whom the Security process would slow down. The CISO and CIO work together to implement practical and cost effective solutions which helps the organisation mitigate risks.
Data Leakage Prevention (DLP) & ISO 27001 at Godrej Industries Ltd and Associate Businesses
Godrej group operates in a very competitive business environment, especially our FMCG business where new innovations, product launches, marketing strategies etc. are very sensitive information. Godrej has a significant investment in its R&D initiatives in the FMCG, Agri and Chemical space and information security in these areas are very critical.
The group has made all efforts to protect such information through multiple ways:
- Regular Awareness created amongst employees about the information security policy, sensitivity of data and the need to securely store and share only on need to know basis
- Monitoring the flow of sensitive information through a DLP programme
- Hardware checks and monitoring at sensitive functions.
As mentioned earlier, ISO 27001 was implemented 8 years back. We have a robust process with Business Information Security Offices (BISOs) and Unit Information Security Officers (UISOs) regularly monitor implementation of Information Security Policies and processes.
Ongoing Security Initiatives:
- Delinking the SCADA systems from the Internet and completely segregating the SCADA infrastructure. This is extremely critical for some of our Chemical and other automated plants which can be very vulnerable to any external attack
- Data Leakage prevention and security data on the mobile computing platforms are priority initiatives as of now. We are addressing this in a very holistic manner through suitable policies, awareness and technology
- Internet of Things (IOT) is a major initiative in our FMCG business where Big Data, Predictive Analytics are gaining momentum. Robust Security architecture and monitoring mechanisms are in the process of implementation
To conclude, organizations are now heavily dependent on Technology solutions to drive business and Information Security requirements are getting challenged all the time. The field in which we CISOs operate is changing at a very fast speed. The Board of Directors of most companies are now demanding full scale updates on the Information & Cyber security practices of their organizations directly from CISO’s. CISO’s role will be extremely important and would become a catalyst in organizations growth agenda going ahead.
(The author is the Head – Corp Audit & Assurance, Godrej Industries & Associate Companies)
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]