“The lockdown in India happened quite suddenly and at that moment nobody knew what the future of work would look like,” says Satyavrat Mishra, Assistant Vice President – Corporate IT, Godrej Industries Limited.
Mishra attributes the success of this migration to early adaptability of technology. The Godrej group, whose business interests span across industries like consumer products, Diversified Agri Business, chemicals, real estate and housing finance, had implemented a complete Enterprise Mobility Security (EMS) Suite, along with Microsoft Defender for Office 365 (erstwhile Office 365 Advance Threat Protection) for email security back in 2018.
While the conglomerate’s journey towards enabling employees to work remotely had started before the lockdown, it still did not have a ‘work from home’ culture. One of the biggest challenges Godrej faced was related to identity and security. In an office, there are physical boundaries, hence it is easy to secure the perimeter. With remote working, that wasn’t the case any longer, which made the job of securing the company’s networks and data became different and much more challenging.
“The one thing that worked in our favour was that we’d already adopted Microsoft’s cloud-based solutions for secure connectivity earlier, but we were using it for a smaller user base. After the lockdown, all we had to do was roll it out for all our employees,” Mishra says.
Godrej uses over 150 business applications across verticals, and each of them was connected to Azure Active Directory (AAD) to enable Single Sign-On (SSO) authentication. The company made sure that this solution was enabled not just for employees, but also their vendors and consultants.
“Earlier, there used to be discussions on how to secure the perimeter, how to put more security and network access control solutions. Now, we’re implementing Zero Trust frameworks. That is a major paradigm shift in the way that a security team would define resource access. There’s no hardware ensuring security in a remote work model. All of it is via SaaS-based solutions,” Mishra added.
After the breach, when the company had a security review meeting, it became very clear that it could not opt for multiple security solutions from different partners. Godrej Group zeroed in on Microsoft, which gave it tools for multifactor authentication (MFA), Single Sign On (SSO), and mobile security.
With Microsoft, the integration process was completed in six months. “Had we opted for different solutions, it would’ve taken us a couple of years just to roll them out. Then each solution would’ve required separate teams with expertise to deploy, manage, and monitor them,” Mishra pointed out.
The dependence on digital applications has increased because of the pandemic, which has led to an increase in cloud access and cloud usability. Before embarking on a big journey towards cloud adoption, companies need to be aware of emerging technologies like cloud support plan management, cloud security, and posture management.
“In addition to this, there is a lot of awareness needed for employees to understand cyber hygiene. As it became clear that the hybrid workplace model will continue, we began to let our employees know if there had been a problem in their workstations. If a person was going to a malicious website, for example, they’d be notified about it. While all these incidents were recorded earlier too, now we have started capturing this to understand user behavior and launched an employee user behaviour scorecard which is similar in design to a CIBIL scorecard used for Credit Score. It comprises Threat Score and Awareness Scores. This has helped us in creating user groups based on overall scores and we use that to run campaigns and simulations with Attack Simulator in Microsoft Defender for Office 365 for awareness,” Mishra added.