by Felix Mohan, Senior Vice President and Global Chief Information Security Officer, Bharti Airtel
Surprisingly, the biggest threat to an organization’s confidential data doesn’t come from hackers, but more often than not, from within. Organizations can lose control of confidential information through sloppy protocols or have it fall into the wrong hands through willful negligence, causing financial and compliance issues. Because of this, it’s becoming increasingly imperative that the Chief Information Security Officer has the ability to identify who has access to what information within the organization.
Ask any company–it’s not an easy endeavor. Especially when you think of giving access to a global workforce, external contractors, vendors and business partners. You can quickly see how not being able to identify user access can get out of hand.
As a leading global telecommunications company, Bharti Airtel operates in 20 countries across Asia and Africa, serving more than 200 million customers across our operation. We provide services ranging from mobile and data services to turnkey telecom solutions for national and international long distance carriers. With such a diverse telecom portfolio and broad geographic reach, our security needs are constantly evolving to ensure the security of our network.
Bharti Airtel’s network is a critical infrastructure, and is constantly under assault. Every day my team defends thousands of attacks on our gateways. Bharti has a very robust security infrastructure and our security team does an excellent job of combating threats.
A foundation to our security work is identity management, which enables us to effectively govern who accesses our systems, and examine what they do inside. Identity gives us the ability to gain a holistic view of our employees’, and partner employees’ roles, accesses, authorizations, entitlements, and policy compliance in a correlated manner. And, by using analytics we can flag outlying behavior and inconsistencies in role access, as well as expired access. For a company the size of Bharti Airtel, with over 20,000 geographically disbursed employees and partner employees, with hundreds of roles within the organization, having this kind of management is critical to secure our data and manage compliance. By using identity management software, we can consolidate users into key roles to simplify the management of the thousands of employees, and partner employees who each might have half a dozen roles into a smaller number. Additionally, analytics can help identify when an employee switches internal roles to remove the old access privileges.
As I travel and talk to other security executives, it’s clear that there’s an urgent need to shore up identity management with a more intelligent approach. Ensuring the identity of access to the Bharti Airtel network is critical–and that starts by knowing who has access to what. It’s the first step in an intelligent approach to security.