LTTS is the engineering services arm of the L&T Group. With around 17,000 employees, some of whom live in shared residences, known as “Paying Guests” in India, juggling between enabling everyone to work remotely and security of the organization’s network and data was a major challenge the company had to face.
“During the early days of the pandemic, we not only had to enable our employees to work from their homes but to do so while keeping our networks and data secure,” says Sandeep Karan, the head of cybersecurity at L&T Technology Services (LTTS).
Using the security services offered by Microsoft, LTTS was able to redesign its security architecture through a single consolidated system.
The first step was connecting the VPN with Azure AD and enable multi-factor authentication for people. LTTS began using Microsoft Identity Manager to enforce conditional access to sensitive documents and data. Microsoft 365 E5 security structure was used to continuously monitor the organization’s security scores and fix problems preemptively.
“So far, we have managed to get everything we wanted. Right from Azure AD to identity management, multifactor authentication, getting insight from the dark web to see if any password has been compromised, conditional access, and attack simulator, everything is now interconnected,” says Sandeep Karan.
LTTS also used Microsoft Teams for collaboration between different teams such as delivery, sales, IT, quality, and human resources.
Over the last year, there has also been an increase in incidents of cyberattacks. For LTTS, this has led to more awareness around cybersecurity within the management, board, as well as its customers. In such a situation, it has become critical to move towards a Zero Trust framework, which allowed LTTS to restrict access controls to networks, applications, and devices without sacrificing productivity.
Before the pandemic, it was easier to ensure compliance (with policies) because employees were working from the office and the environment could be controlled. Conversations could happen behind closed doors. However, with the hybrid work model, Microsoft’s Insider Risk Management (IRM) ensures compliance by detecting, investigating, and minimizing malicious activities within the organization.
“Conversations around cybersecurity are not just limited to boards now and it has become extremely important to minimize risks and manage security across the organization. We use Microsoft attack simulator to conduct phishing simulations. If people fail that, we ask them to attend training sessions,” Karan added.
“In the end, employees are potentially the weakest links. It is important for organizations to invest in educating their employees and making them champions. Organizations that will succeed in doing this are the ones that will survive and have the least number of cybersecurity incidents. Now it’s important for organizations to see this as a cultural change, and not just a technological one.”
Read More:How L&T Technology Services is securing its IT infra – ET CIO