Case Study: Protecting Customer Data in Financial Services

by | Nov 26, 2017

Banking and Financial Services

Motilal Oswal Financial Services Ltd (MOFSL) caters to over 900,000 customers with Rs. 44,963 crore plus depository assets. It has PAN India coverage across 2,200 locations in over 500 cities. The company’s offerings include capital markets businesses (retail broking, institutional broking & investment banking), asset & wealth management (asset management, private equity & wealth management), housing finance & equity-based treasury investments. MOFSL has won several awards and is ranked among the best financial services companies in India.

Pankaj Purohit Sr. VP & Head of IT, Motilal Oswal Financial Services

Pankaj Purohit Sr. VP & Head of IT, Motilal Oswal Financial Services

Pankaj Purohit Sr. VP & Head of IT, Motilal Oswal Financial Services said, “Since we are in financial services our customers’ data is critical to us.”

As its business grew, it became a challenge for the company to keep a close watch on its infrastructure, and to react to security threats.

THE CHALLENGE

The internal team at MOFSL ensures security at various layers and have various technologies in place to provide authentication, identity management, and access control, with defence-in-depth security principles to protect against external as well as internal risks.

However, monitoring the network became increasingly difficult for the company as it expanded its operations across the country. MOFSL needed to monitor its assets round the clock with advanced visibility solutions. It also needed to carry out regular security audits to identify threats/weakness in the environment.

So MOFSL turned to Mumbai-based Sequretek, a startup focused on Information Security and the Information management space. Sequretek has a state-of-the-art security operations centre (SOC) and a team of qualified security experts monitor infrastructure 24X7. They also offer advanced threat protection services and patch software and applications proactively to protect an organisation’s infrastructure from threats and ransomware attacks.

RELATED STORY: 10 Reasons Why Your Organisation Must Outsource Security

“Sequretek enables us to solve various challenges through its offerings: network monitoring, providing threat intelligence, application security testing, infrastructure security testing, vulnerability analysis and penetration testing, etc. They also ensure that all the compliance requirements for our organisation regarding information security, are met and updated as per the regulatory and compliance requirement,” said Purohit.

Sequretek an MSSP (managed security service provider), enables Motilal Oswal to be vigilant and secure. The Sequretek team constantly monitors the MOFSL network and hunts for abnormalities in its traffic. All applications also undergo strict application security testing with support from Sequretek Engineers.

SECURITY STRATEGY

Sequretek helped MOFSL create a threat management strategy. It involves identifying a potential threat and defusing it before it can spread on the network. The Sequretek team does a thorough audit of the network to remove all instances of malware. With help from global threat intelligence sources, Sequretek periodically issues threat intelligence reports that alert MOFSL (and other clients) of current threats (like ransomware). These reports or technical advisories include detailed instructions to patch and update applications. The controls and technical advisories safeguard MOFSL against future threats and are built on industry security standards and best practices.

Working with the Sequretek team, MOFSL’s IT team began by analyzing the current infrastructure and available policies. A GAP-Assessment was carried out by Sequretek, which identified the gaps in MOFSL’s environment. It could also compare the state of its security with the norms followed in the industry. Then it designed and implemented policies and procedures that strengthened its security posture.

“Sequretek helps us to protect our mission-critical data by continuously monitoring our network and server infrastructure. They alert us to any possible intrusion attempts; our in-house team along with the Sequretek team work on these alerts round the clock. Sequretek also plays an important role in auditing our security controls and recommending ways in which we can improve our security posture,” said Purohit.

TOP MANAGEMENT SUPPORT

The important thing is that the IT team at MOFSL has the complete support of its top management for all its information security initiatives.

“All the information security policies and procedures are reviewed by the members of top management periodically. Authentication, identity management, access control with defense-in-depth security practice are currently instrumental in the organization; this clearly shows the view the top management holds for Information Security,” said Purohit.

CONCLUSION

Because of the very nature of its business (financial services), MOFSL must do everything it can to protect customer data. That means keeping a vigilant eye for the latest security threats and taking remedial action. But it is not possible for a single company to do this all on its own as the universe of cyber security is so vast.

What Motilal Oswal Financial Services needed was round-the-clock monitoring, deep analysis and the expertise of security experts. And this is where a security operations centre can help.

The Sequretek team constantly monitors the MOFSL network and hunts for abnormalities in its traffic. All applications also undergo strict application security testing with support from Sequretek Engineers.

Sequretek is a ‘guardian angel’ to MOFSL.

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The Rise of AI Agents in Business

AI agents are revolutionizing how businesses operate, innovate, and engage with customers while reshaping workforce dynamics and decision-making processes.

The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles

Return to Business as Unusual
Return to Business as Unusual

Remote working is no longer a benefit, luxury or convenience. It’s also more than a current make-do for organizations looking to conduct business as usual.