CIOIN

Sandeep Phanasgaonkar

President and Group Technology Officer, Reliance Capital

"Getting people, process, and technology to work together seamlessly ensured that all critical data is secure."

Executive summary

CIO 100 Winner: For financial institutions, that handle sensitive customer information, security is foremost. Read how Reliance Capital initiated a multi-pronged data security strategy that helped make the organization stronger, more secure, and more compliant.

If it's true that information is the currency of today's organizations, it's even truer for financial institutions, which process sensitive data that translates directly into revenue. The loss or misuse of their data can impact both the bottom line and top line, costing these companies in revenue and reputation.

Sensitive to these business concerns Sandeep Phanasgaonkar, president and group technology officer, Reliance Capital, identified what was needed in order to protect sensitive customer and corporate information. The thrust was to mitigate data loss risks from roaming users, avoid the distribution or replication of critical documents by unauthorized users and get users to adhere to standards enforced by several international regulatory bodies.

The corporate data confidentiality strategy he envisaged stood on four key initiatives: data flow analysis (DFA), document rights management (DRM), data loss prevention (DLP) and encryption security. The four projects worked hand-in-glove to identify critical data within business units, identify users with access to that data, mark out systems on which it was stored, analyze the processes and channels which allowed data to flow outside the organization and then implement data protection strategies. "We identified several broken business processes which resulted in a violation to our data protection strategies through this project and corrected or removed most of them," says Phanasgaonkar.

Today, the Rs 66-lakh project has brought access rights to 2,700 critical documents - and growing - and they are being monitored. Phanasgaonkar says that from their DLP console, they've seen a drastic reduction in the number of critical documents that are sent out without being secured. Moreover, assets like laptops are monitored and protected even when they are not connected to the corporate network. Endpoint security has been deployed in the assets of all roaming users to prevent potential data leaks.

"We believe that adopting this holistic strategy has ensured a proper and coordinated approach towards data security and guarantees that no channels are left unmonitored. Getting people, process, and technology to work together in such a way that each initiative is interlocked into the other helped make sure all critical data was secured," says Phanasgaonkar.