Mphasis: Adjusting Risk Management for a Remote Work ForceChief Risk Officer Sethu S. Raman Describes Critical Steps
Mphasis, the IT service management company, has made many adjustments to its risk management strategy - including wider use of multifactor authentication - as a result of more staff members working from home, says Sethu S. Raman, senior vice president and chief risk officer.
"Particularly, some of the risks we foresaw with working from home, we ensured these were well addressed," he says in an interview with Information Security Media Group. "Some of them are customization of laptops and desktops and ensuring mass storage and Blue Tooth functionality is disabled wherever possible. And in some cases, this could not be achieved, so we got some compensatory controls implemented. A VPN with with multifactor authentication is the one single thing which is going to help every organization."
In addition, he says, the company "ensured encryption of desktops ... and we extended cloud proxy, URL content filtering and enhanced web activity monitoring capabilities to track user activity, along with the use of DLP and EDR technologies as a strategy for securing the remote workforce."
In this interview (see audio link below photo), he offers insights on:
- Creation of a cross-functional committee to address emerging risks;
- A new identity and access management strategy for securing remote access;
- Efforts to encourage adherence to corporate compliance and security policies with appropriate tools and technologies.
Raman, senior vice president and chief risk officer at Mphasis, is a senior risk management professional with 28 years of strategic and operational risk experience in financial and IT sectors across geographies. A veteran of the Indian Army, he formerly worked at CSC and Reserve Bank of India.