Information Systems for Management

Sidharth E001 Shivam Garg E018 Rajeev Jain E025 Saumil Kakkad E026 Rahul Khosla E030 Darshit Morakhia E033 Prakhar Vashisht E057

Submitted to: Dr. Preeti Khanna

2013

Managing IT Security: Enterprise view GROUP 6

Table of Contents
Abstract ........................................................................................................................................... 3 Learning Objectives ......................................................................................................................... 3 Introduction .................................................................................................................................... 4 An overview of Wipro Technologies ............................................................................................... 5 Spirit of Wipro ................................................................................................................................. 5 Environment Factors ....................................................................................................................... 6 Organisation Strategies and Business Processes ............................................................................ 7 Organisational strategies ............................................................................................................ 7 Business Processes ...................................................................................................................... 8 Management process .............................................................................................................. 8 Operational process................................................................................................................. 8 Supporting process .................................................................................................................. 8 Enterprise Security .......................................................................................................................... 9 Enterprise Security Solution: Wipro ............................................................................................. 10 Security challenges and solutions in different industry sectors ............................................... 12 Banking & Financial Services Institutions .............................................................................. 12 Cost benefit Analysis (BFSI sector) ........................................................................................ 14 Manufacturing ....................................................................................................................... 15 Cost Benefit Analysis (Manufacturing Sector) ....................................................................... 18 Awards and Accolades .............................................................................................................. 19 SWOT of Wipros ESS solution .................................................................................................. 20 Strengths ................................................................................................................................ 20 Weaknesses ........................................................................................................................... 20 Opportunities......................................................................................................................... 20 Threats ................................................................................................................................... 20 PEST Analysis of Wipros ESS solution....................................................................................... 21 Political .................................................................................................................................. 21 Economic ............................................................................................................................... 21

Social ...................................................................................................................................... 21 Technological ......................................................................................................................... 21 Challenges ................................................................................................................................. 22 Management Perspective...................................................................................................... 22 Implementation Perspective ................................................................................................. 22 People perspective ................................................................................................................ 22 Ethical Issues ............................................................................................................................. 23 Actual Scenarios ............................................................................................................................ 24 RSA Security............................................................................................................................... 24 Sony's PlayStation Network ...................................................................................................... 25 AOL ............................................................................................................................................ 25 Future Scope ................................................................................................................................. 26 Conclusion ..................................................................................................................................... 26 References .................................................................................................................................... 27 Annexure ....................................................................................................................................... 29

Abstract
This case elaborates on the importance of IT security solution for firms in today's world which is so seamlessly integrated and interconnected, where Information security threats abound. Businesses have discovered new markets, new customers, new measures to reach them and have re-aligned themselves to suit the customer needs with the help of information technology. But it has come at a price. And the price is vulnerability as well as exposure to security threats internal as well as external. Information security is now a Business issue and not just a technology issue. Today, corporate knowledge and data are deemed to be the most important assets of any organization. Threats exist from both within the walls of each enterprise as well from external sources such as hackers, competitors and foreign governments. RSA security, Sony's Play Station Network and AOL security breaches are few examples of such security lapses. To counter such security breaches, leading IT firms have come up with Enterprise Security Solutions. The case presents the need for Information Security solutions and how they help Enterprises in safeguarding their assets and future scope considering the global scenario.

Learning Objectives
To analyze the Wipro's Enterprise Security solution for IT security To learn about the benefits that the customers accrue upon incorporating Enterprise Security Solution To understand the challenges faced to implement IT security solution

Introduction
In past two decades, business world over has encountered changes more than ever before. Consumerism, technology and globalization have paved way for businesses which are beyond conservative as usual models. The most important phenomenon has been the intertwining of Technology with businesses. Organizations are more dependent on technology than ever before. Information Technology (IT) has emerged as an integral part of commerce and trade. It is widely used not only in maintaining employee profile, client profile, accounting, tracking, automation systems but also in package sorting, assembly lines, marketing and communications. Internet has provided access to a large market which was so far inaccessible. However, the dependence of business on IT has also made it vulnerable to several potential threats. Information of clients and customers is sacrosanct to organization and sharing of this can have serious consequences. Also, businesses hold sensitive information about their employees, financial results, business plans and sharing this can put the organization in a precarious situation. When it comes to Technology companies, the story is no different. In fact, security is a bigger concern in such type of companies as any breach in security would directly impact their products and services. They would be answerable to any security breach which threatens the integrity of their products and places their enterprise at risk, i.e., customer data, transaction data and intellectual property. Such breaches not only mean financial loss which can amount to millions of dollars but also engender negative publicity which can have serious impact on brand and consumer trust. It can also undermine competitive advantage if trade secrets and intellectual property are exposed to competitors. There is always a threat of being a target of organized crime by terrorists as these confidential and sensitive data holds the key to many illegally gained profits.

An overview of Wipro Technologies

Wipro Ltd is a global information technology, consulting and outsourcing company with 140,000 employees serving over 900 clients in 57 countries. Wipro is the second largest IT services company in India. The company had revenues of $7.37 billion for the financial year ended Mar 31, 2012. It has its headquarters in Bengaluru. Wipro is globally recognized for its innovative approach towards delivering business value and its commitment to sustainability. Wipros prime focus is to leverage IT infrastructure for business growth and innovation for its partners. In todays world, organizations need to rapidly reengineer themselves and be more responsive to changing customer needs. Keeping this in view, Wipro helps its partners in developing a business model that is agile and flexible.

Spirit of Wipro
The Spirit of Wipro is rooted in current reality. It represents what Wipro aspires to be thus making it future active. The Spirit is an indivisible synthesis of all three statements. It means manifesting Intensity to Win, acting with sensitivity and being unyielding on integrity all the time. 1. Intensity to win 2. Act with Sensitivity 3. Unyielding integrity

Environment Factors
1. Demographic Factors: Wipro has leveraged changing demographic conditions to its use. While other sectors have limited representation of women, Wipro has given fair chance to them and have benefitted immensely because of it. It has a Women of Wipro policy to facilitate women working for the organization. 2. Economic Environment: Wipro had the early bird advantage. Its chief Mr. Azim Premji was a visionary who sensed the opportunity very early in his career. When Wipro entered the technologies industry, the import tariffs were high and software was not considered as a separate industry. Wipro was benefitted immensely by liberalization and saw its fortune booming with Indias economy. Today software industry caters to business in 95 other countries and Wipro is a key player. 3. Political and Legal Environment: The initial years for IT industry were not good. The business scenario in domestic market was hostile to it. The Indian economy was state controlled and exporters were considered as ineligible for bank loans. Slowly, the conditions changed and government played a key role in global expansion of industry leaders like TCS, Wipro etc. Wipro was quick to react and adapt to such legal and political changes. One of the key decisions was to diversify Wipros hardware and software business. 4. Technical Environment: Technology environment holds the key in this industry. Wipro has leveraged technological innovation to get ahead of its competitors. The market is highly cost sensitive and in order to keep happy and retain them, software companies need to constantly innovate to provide cost effective solutions. Wipro Technology has used Business Process Re-engineering to support innovative business process.

Organisation Strategies and Business Processes

Wipro Technologies is a market leader in providing Information security for its clients. Over years, it has delivered robust products and services to keep its customer satisfied.

Organisational strategies
It has adopted following business strategy to maintain its position: 1. Offshore IT Help desks: Wipro has set up several offshore IT help desks to provide services to its client in India as well as world over. These help desks provide IT infrastructure support and management. This includes desktop/laptop, servers, emails, operating systems, and network and connectivity issues. This has helped its clients in expanding their business across globe and gaining competitive advantage. 2. Providing help to IT users across locations and geographies: Todays competitive world demands quick and accurate solution for customers query. Also, a single window approach is must for answering these queries within guidelines of any existing service-level agreement. Wipro serves as single point of contact to the IT users across locations and geographies thus taking customers satisfaction to another level. 3. Remote management: Most of its clients have global operations. This calls for remote infrastructure management services to carry the business efficiently. Major remote management services include Workstation management, Server management, Storage management, Application support etc. 4. Knowledge base creation and update: Knowledge management is crucial for development of any organization. An updated and properly maintained knowledge base can help organization in preventing rework and help employees in taking more informed decisions. Wipro helps its clients in creation of such knowledge bases. This contributes to the intellectual capital of the organization and encourages free flow of ideas. 5. Performance Management and Reporting: Wipro helps its clients in ascertaining whether their goals are consistently being met in an effective and efficient manner or not. This is known as Performance management. Wipro provides solutions which can focus on the performance of an organization, a department, an employee, or even the processes to build a product of service etc.

Business Processes
Management process
Strategic Management: Wipros strategic management is one of the best. They have invested in projects and programs which support their organizations goals. They have grown through Diversification and have forged alliances that have helped them immensely. They tied up with GE in High tech equipment & machinery and acquired Infocrossing to gain entry in Infrastructure Management.

Operational process
Supply Chain Management: Wipro has a mammoth network of distributors, resellers and dealers in India. For distribution, they work with national distributors Redington, neoteric and Cyberstar and engage with 2,500+ resellers across the country and reach out to the market through their distribution system. (VARindia, 2013)

Supporting process
Customer Relationship Management: Customer support is very important part for successful marketing of products from high-tech computer networks to domestic appliances. It provides installation, inspection and maintenance to support their worldwide customers. In Service support Wipro clearly stands out as a company that ensures that all its customers receive due attention. The company has high quality and reputable pre- and after-sales services. The company tries to provide best experience to its customers with its high-quality support services. The companys sales services are well in order and occasionally when it does get complaints, they are addressed properly. At the heart of all business processes, is product development. Product Development: Wipro products are best in Styling, Performance & Reliability. Wipro achieves this by carefully analyzing the needs of the clients and then designing them accordingly. Products delivered by Wipro are developed to work in a green environment and thus promote Green Sustainability. (Wipro )

Enterprise Security
Companies across industries depend on products created by technology vendors to run their infrastructure, enable communications, deliver business and consumer applications, power mobile devices and facilitate social experiences. In many ways, these products have become the nerve center for business, which makes them highly visible targets for security threats intentional or otherwise. Enterprise Security covers all the stakeholders in a business internal to company as well as external sources. It provides a complete 360 degree security to the organization from various threats and protects systems against vulnerabilities. Enterprise Security solutions are robust mechanisms designed to identify threats, prevent encroachments, and protect and defend companys assets. They maintain the integrity of sensitive corporate data by adopting a comprehensive, cost effective, approach to address these challenges. The fundamental characteristics of Enterprise Security are as follows: 1. Define the security target: The organizations security target is the satisfaction of the security requirements of the organizations critical assets and processes. It depends upon organizations mission, and risk environment dynamics. 2. Availability: It refers to providing information to access information without interference or obstruction and to receive it in the required format. 3. Legal Compliance: It refers to prevention of financial losses and damage of reputation by adhering to government regulations. 4. Accuracy: It refers to reduced errors and analyzing large data correctly. 5. Authenticity: It focuses on providing original solution which helps in value addition. 6. Confidentiality: It works on preventing data dissemination to unauthorized officials. 7. Integrity: It works on providing complete, compact, and uncorrupted information. 8. Alignment with Business Strategy: ESM focuses on making security a core competency of the organization so that it is in line with the companys vision and mission. 9. Utility: The security system should work towards achieving the vision and mission of the organization.

Enterprise Security Solution: Wipro

Wipros Enterprise Security Solutions Division is currently the 3rd Largest Global IT Security Service provider providing end to end IT Security Solutions to customers globally. Wipro ESS has successfully executed complex security projects for several customers comprising of Fortune 1000 companies across Americas, Europe and Asia-Pacific. Their customer base includes some of the worlds leading banks, Financial Institutions, Auto manufacturers, Technology companies, Energy and Utility firms, Retail giants and FMCG businesses. The Security division consists of few Large IT Security practices - Security Consulting, Governance, Risk & Compliance, Application Security, Identity & Access Management, Data Security, Cloud Security, Mobile Security, Secure Product engineering, Infrastructure, Physical/Homeland Security & managed security services. Wipros Enterprise Security Solutions (ESS) (Refer to Exhibit 1) provides integrated end to end security & compliance solutions globally across a multitude of industry verticals like BFSI, manufacturing, healthcare and Oil & Gas. It addresses key challenges enterprises face while improving the agility of information security and compliance programs to cope up with ever-changing business and IT risks. It also assists customers in defining their security and compliance needs, best practice recommendations, technology evaluations, implementations and delivering managed and hosted security services. Solution offerings: It delivers integrated solutions via a combination of advisory services, transformation solutions and managed security services. 1. Advisory services: Tailored consulting services to assist customers with definition and formulation of a comprehensive IT risk management strategy addressing several aspects of an enterprise-wide security & privacy program. e.g. Security Strategy & Architecture, Enterprise Risk Management, Business Continuity, Security Asset Rationalization, Data Protection Modeling, Identity & Access Management, etc. 2. Transformation solutions: Expert services that leverage Wipros award winning integrated security & compliance solution frameworks to fast-track strategic security & compliance projects while achieving higher levels of IT risk assurance. e.g. IAM-on-a-Rack, Secure Payments, Wipro Card Vault (PCI), Data Protection & Loss Prevention, Physical & IT Security Convergence (SpiderNet), etc

10

3. Managed Security services: End-to-end integrated security & compliance programs delivered via a 24x7 global security operations center (GSOC) equipped with best-of-breed tools & technologies and a dedicated team of experts, enabling customers to achieve significant reduction in capital and operational expenses. e.g. Security Assurance Center, Identity Assurance Center, Managed PKI, IT Risk Office, Unified Security Operations Management, etc. addressing GRC, IAM, Data Security, Network Security and End-Point Security.

11

Security challenges and solutions in different industry sectors

Banking & Financial Services Institutions
In the past BFSI sector used legacy systems which were mainly standalone file servers. These file servers used to be updated in the night after the transactions for the day has ended. However, with the evolution of global banking and anytime anywhere services, the Banking and Financial services sector has undergone a sea of change. The services like ATM, mobile banking, credit card services and Stock market operations around the world require seamless transition of information. With the huge technological changes that has happened in the industry it has become imperative for BFSI sector to take sufficient measures to protect Information that flows through their networks. IT security plays a crucial role in BFSI sector because it not only involves money, but also involves trust of people in the entire financial system. The use of online banking is increasing day by day. Internet banking proves to be more convenient, less complex and more compatible to users. Banks have introduced the concept of mobile banking to increase their competitive edge by providing customers with better quality, low cost services and quick access of banking services on the go. But the adoption of online/mobile banking is inextricably linked to security. Over and above the regular IT issues. BFSI industry faces unique challenges in the face of increasing competition, narrowing profit margins, evolving cyber threats and ever-growing compliance requirements. All this has lead to high demand for information security in banking and financial institutions.

12

Outlined below are some of the key areas where Global BFSI customers leverage Wipro Enterprise Security Solutions to achieve their strategic business objectives.
Stakeholder Customer Business objectives Improved Customer Experience & Confidence Key Solution Areas Wipro Solutions Frameworks &

o Identity Theft & Privacy o Protection o Customer Self-Service o Profile & Password Management o o Vulnerability & Threat Mitigation at the source code & across software lifecycle o Infrastructure monitoring & protection o Online Fraud Prevention o Physical Security Convergence o Protection for high-value assets in motion o Attestation & Recertification o Anti-Money Laundering o Risk Assessments, Internal Reporting & 3rd party assessments o Compliance with multiple regulations (SOX, GLBA, PCI etc.) across multiple geographies o o

Bank/Financial Proactive Institutions Protection against Cyberthreats & Fraud

Protection of Physical Assets & Facilities

Regulatory bodies

Compliance & Risk Management

o o o

Mutual & Multi-Factor Authentication External User Identity Management Data Privacy leveraging De-identification Software Assurance Center Integrated Security Operations & Threat Management Real-time Fraud Prevention, Fraud Analysis & Case Management SpiderNet (Integrated 360 command, control, communications, computers & Intelligence solution) Access Governance Enterprise Role Mining & Analytics Integrated Security Operations Center (iSOC)Based Reporting Unified Compliance Framework (UCF) based GRC controls repository, enforcement & reporting

13

Cost benefit Analysis (BFSI sector)

Cost benefit Analysis has been done taking examples of three clients in BFSI sector of Wipro. Names of clients have not been disclosed by Wipro owing to privacy policies. Leading Global Payment Card provider 1. Wipros Integrated Security Operations Center (iSOC) for 16000 end-points addressing security alerts & advisories, Identity and Access Management operations, Data & Infrastructure Security resulted in cost savings of over USD 12.5 million over a 5 year period and YOY productivity increase up to 8%. 2. Wipros Managed Authentication Services (for hard & soft tokens) for 48000+ internal and external users resulted in reduction of cycle time per request from 55 mins to 25 mins, while adhering to SLA-levels of processing 97% requests within 2 days (for token provisioning). Leading Global Bank 1. Silos of identity administration for 3400+ applications across 7 countries were leading to severe process inefficiencies and high cost pressures. Wipros User Access Management as a Service (UAMaaS) framework is being leveraged in a 3-year engagement to consolidate global user identity administration, and delivered as a shared service across the customers enterprise resulting in predictable service-levels and cost-savings. Major UK-based Retail Bank 1. Consolidation of multiple fraud prevention solutions addressing multiple-channels (internet, mobile & offline) across retail & wholesale banking, insurance and wealth management businesses improved the bottom-line by reduction in fraudulent transactions while reducing the cost and burden of application maintenance. Leading US-based Diversified Financial Services Company 1. Privacy concerns around sensitive customer and financial data led to a Data loss prevention strategy & solution implementation to protect customer data and Encryption based protection of 130 million customer records across 30 applications 2. PCI DSS compliance was a major driver for a PCI pre-audit assessment and security posture analysis leading to implementation of Firewall Audit and re-architecting of Security incident & event management (SIEM) solution to better meet the needs of the business and achieve compliance. 3. Integration of SUN Identity & Access Management solutions and consolidation of Security Administration & Enterprise Directory management into a SINGLE service line leading to improved efficiencies. 4. Wipros 24x7 Security Operations Center and Warm Disaster Recovery site improved service levels and risk management at reduced costs 14

Manufacturing
The rapidly changing market dynamics and increased global competition has led to radical pressures on manufacturing organizations worldwide. They need to evolve according to needs of market with speed-to-market being an important factor. All this demand a leaner yet more productive workforce and efficient processes and systems. Manufacturing majors are innovating in various ways. Manufacturing processes are increasingly becoming automated; organisations are moving towards integrated systems & supply chain bridge across multiple eco-system partners. There is increased reliance on contractors & a mobile workforce. Earlier the networks which supported industrial process control systems were designed as selfcontained, proprietary architectures and were disconnected from the rest of the enterprise. Today, as various stakeholders like employees, suppliers, distributors, vendors, retailers etc are involved in the process; the manufacturing operations network is connected to corporate network and indirectly to internet. This connection allows quicker exchange of information between organisation and its stakeholders. ERP systems provide engineers with real time access to production data. It also enables suppliers to get information about demand estimations and supply raw material accordingly. So connecting to external networks has made the manufacturing process more agile and flexible helping suppliers and employees work more productively. While this has resulted in streamlined operations and efficiency in manufacturing process, with this connectivity comes additional risk in form of cyber attacks and security vulnerabilities from both internal and external sources. There are many examples of cyber attacks on manufacturing enterprises around the world. Attacks range from stealing information, to stopping the plant floor SCADA and PLC systems, which results in closing down production lines. While a denial-of-service (DOS) attack may be annoying in an office environment, it can cause serious safety problems on a control system network. So manufacturers need to protect their systems from attacks that can negatively affect production and plant safety, and put proprietary information at risk. Apart from regular IT challenges, enterprises also need to address other challenges such as stricter global compliance regulations, growing corporate espionage, industrial pilferage & theft and a constant risk of internal & external attacks on critical manufacturing systems. Wipro provides an end to end enterprise level security solution specially designed for manufacturing sector which envelops all the stakeholders and protects the organisation against potential threats from internal or external sources.

15

Stakeholder Government, Regulatory bodies, Organisation

Business Objectives Improved Enterprise Governance Controls & Reduced Cost of Compliance (for SOX, GLBA, PCI, etc.)

Business Implication o Stricter and increasing complex compliance requirements are difficult to implement & manage consistently across ERP & critical business systems o Privacy & sensitive data protection in nonproduction ERP environments o Intelligent role-based grants & revocation of access to systems for employees o Fine-grained user access rights for partners & contractors across multiple business critical systems o Risk based approach to Emerging technology adoption and integration o Plug missing SaaS, Virtualized and Cloud Security and Enterprise Mobility enabling infrastructure, processes and controls o Improve vigilance and an optimized physical security through convergence of multiple plant security systems o Reduced security personnel workloads

Wipro Solutions & Frameworks o Industry best practices based GRC Gap Analysis & Controls Definition o GRC Controls Automation for ERP systems o Enterprise Data Obfuscation

Employees, Partners, Contractors, Vendors, Suppliers

Improved internal & external user access control and accountability

o Wipro IAM-in-a-Rack o Automated Role-based Access Governance o Federated Access for external user access & auditing

Customers, Partners

IT investment optimization initiatives leveraging SaaS, Shared IT Services, Cloud Computing and Workforce Mobility Solutions

o IT Risk Strategy & Security Architecture Roadmap o Wipro CloudTrust platform o Wipro Identity Cloud o Wipro Mobile Security Solutions o Virtualization Security

Organisation

Reduce Industrial pilferage, risks from corporate espionage, and improve plant safety

o Physical Security Convergence Solution SpiderNet (Integrated 360 command, control, communications, computers & intelligence solution)

16

Stakeholder Organisation

Business Objectives Protect manufacturing operations from sophisticated attacks

Business Implication

Shareholders, Customers, Employees

Protect shareholder value by proactively preventing intellectual property loss

Wipro Solutions & Frameworks o Operational o Software Assurance technologies (SCADA & Center Integrated Security PLC systems) inherently Operations Center (iSOC) lack sufficient levels of for ongoing management. security and are easy targets for sophisticated attacks (e.g. Stuxnet) o Secure collaboration o Managed Data Loss enabled through Prevention comprehensive data loss prevention o Eliminate risks of insecure file sharing over network

17

Cost Benefit Analysis (Manufacturing Sector)

Cost benefit Analysis has been done taking examples of three clients of Wipro. Names of clients have not been disclosed by Wipro owing to privacy policies. Leading US based Nano-Manufacturing Major 1. Wipros Managed Authentication Services on an optimized delivery model reduced the cost and effort needed to address Token Inventory Management & Usage Reporting on a global scale. 2. Process & Control activity ownership and reporting enabled successful SOX compliance audits and elimination of process deficiencies. Leading US based Printer Manufacturer 1. One-touch role based access provisioning/ de-provisioning for over 20,000 internal users and over 100,000 external users. 2. Reduced risk from inappropriate access to systems and undue exposure from rogue & (exploitable) orphaned user accounts 3. Auditable access request workflows & approvals, customized access events audit report and consistent enforcement of password policies improved SOX compliance posture. 4. Reduced administrative overhead costs through simplified self-service account management and password resets & delegated administration and further optimization through a fully managed service Global Pharma Manufacturer 1. Transformation of existing GRC processes around SOX, Vendor management and IT Risk Management. Wipros Advisory and Managed solutions for IT GRC were leveraged to build a suitable framework, automating SOX compliance. Wipro Managed GRC Solutions reduce SOX compliance management overheads over a 5-year period. 2. Wipro IAM-in-a-Rack leveraged to roll out a centralized identity management system on a global scale providing a single point of control and consistent policy enforcement to meet regulatory compliance. Additional benefits resulted in reduced burden and cost of administration across multiple applications and systems.

18

Awards and Accolades

1. Global Product Excellence Award 2010 from Info Security Product Guide awarded to Wipros IAM-in-a-Rack Solution Framework 2. Best Innovation Award from KuppingerCole at European Identity Conference 2010 awarded to Wipros IDAM-in-a-Rack Solution Framework 3. Best in Data Protection Award 2010 from Network Products Guide awarded to Wipros Enterprise Data Obfuscation Solution Framework 4. Best in Application Security Award 2010 from Network Products Guide awarded to Wipros Software Assurance Center

19

SWOT of Wipros ESS solution

Strengths
Pricing power allows security solution providers to charge higher prices. ESS reduces risk of information theft and protect information integrity Prevents financial losses and damage to reputation by adhering to statutory requirements. Improves availability and productivity of customers service due to reduced security risk Organizations are going global and thus the departments need to work in tandem to prevent any security threat. This calls for efficient ESS solutions. 6. Regular update of ESS solutions creates market for solution providers. 7. Use of Security systems can help reduce insurance costs thus prompting organizations to embrace it. 1. 2. 3. 4. 5.

Weaknesses
1. 2. 3. 4. 5. Cost of implementation is very high Regular update of the software is required otherwise ESS system becomes obsolete. Any problem in the system leads to complete shutdown of work High staff turnover increases security cost Weak R & D can prove costly for the organization.

Opportunities
1. Many Small and medium enterprises are moving to web based model to serve large customer base and serve them better. This means more ESS solutions in future. 2. Organizations are going global and thus the departments need to work in tandem to prevent any security threat. This calls for efficient ESS solutions. 3. Regular update of ESS solutions creates market for solution providers. 4. Use of Security systems can help reduce insurance costs thus prompting organizations to embrace it.

Threats
1. System crash can lead to loss of sensitive data. 2. ESS systems require trained personnel to trouble shoot in case of system failures

20

PEST Analysis of Wipros ESS solution

Political
From the point of view of Managing IT Security, Political factors can be restrictions imposed on foreign firms from providing IT security solutions to strategic industries like Banking and Financial sector or Government websites or Department of Defence or other strategic industries like Nuclear power stations.

Economic
From Economic point of view, Enterprise Security solution provided by Wipro could face challenges in offshore markets by other rival competitors like Infosys, TCS, HCL etc providing similar solutions at competitive prices.

Social
From Social point of view, IT security solution must take care of apprehensions of the society in general. For ex. - One of the main concerns of UID is that there is a risk of data breach of personal information to the outside world thus risking the privacy of individuals. In IT security ethical issues play an important role. Humans are the weakest link in the security chain and lot of IT related security incidents happen due to the mismanagement or mala fide intent of humans.

Technological
From Technology point of view the Enterprise Security solution faces lot of challenges as well as opportunities. Increasing sophistication of cyber attacks aimed at financial institutions and companies is forcing them to take preventive measures which mainly revolve around IT security solutions. Also the change in technology like cloud computing makes it inevitable for IT security solution to evolve and offer a strong framework so as to help the sector grow. Earlier the companies could do with standard anti-virus and firewall packages offered by vendors but evolution in the Information Technology have exposed wide gaps in the security architecture. The nature of attacks ranging from phishing, virus, Trojans to worms (recent example in case being STUXNET) show that the IT security solutions need to continuously evolve to handle future challenges.

21

Challenges
Management Perspective
From management point of view, it is very important to think from following perspective 1. Is the ESS able to provide an envelope to a dispersed global workforce? 2. Is the ESS capable to handle multiplicity of information access, process, and transfer and storage mechanism? 3. Can the ESS deliver in wake of organizational attack/hacking/phishing? 4. Is the implementation cost within budget of the organization? 5. Will the ERP system be able to deliver the expected functionalities? 6. Whether users would be able to adjust and accept to changes within time? 7. Is there a business continuity plan in case ESS system fails to deliver? 8. What is the right time to replace/upgrade the system?

Implementation Perspective
While implementing ESS Solution, we must keep following points in mind 1. Can Social and technical aspects of the overall system developed in parallel? 2. What is the failure rate for ESS Systems in the sector or industry it is being implemented? 3. When to configure the ESS solution so that it can be used effectively? 4. Is there any extension or extra software which needs to be added for proper functioning of the system?

People perspective
From people point to view, it is important to make sure the following 1. Is the team educated and skilled enough to take up the development? 2. Have the management made an attempt to educate people about new solution? 3. Are the people who have already worked with ESS systems being utilized? Are employees clear about the goals and objectives behind implementing ESS solution?

22

Ethical Issues
The major ethical issues surrounding the security vendors are as follows: Confidentiality: It refers to preventing the revelation of information to anonymous individuals or systems. For instance, banking sector outsources their customer services to Business Process Outsourcing (BPO). So there is a possibility that the BPO workers, if not trained properly, can misuse the confidential credit card data. Integrity: Integrity means that data should be in uniform form undetectably. It is violated when a message is actively modified in transit. For instance in phishing, people modify website data for mala fide purposes to acquire information such as usernames by falsely pretending as a trustworthy entity in an electronic communication. Other important ethical issues raised by information systems include maintaining accountability for the consequences of information systems, setting standards to preserve system quality that protects the safety of the individual and society, and preserving values which are essential to the quality of life in an information society.

23

Actual Scenarios
RSA Security
Date: March 2011 Cause: Phishing attacks by hackers posing as people the RSA employees trusted Impact: Possibly 40 million employee records stolen. In March 2011, two separate hacker groups worked in collaboration with a foreign government to launch a series of spear phishing attacks against RSA employees, posing as people the employees trusted, to penetrate the company's network. EMC reported last July that it had spent at least $66 million on remediation. But according to RSA executives, no customers' networks were breached. John Linkous, vice president, chief security and compliance officer of eIQnetworks, Inc. doesn't buy it. "RSA didn't help the matter by initially being vague about both the attack vector, and (more importantly) the data that was stolen," he says. "It was only a matter of time before subsequent attacks on Lockheed-Martin, L3, and others occurred, all of which are believed to be partially enabled by the RSA breach." Beyond that, Linkous says, is the psychological damage. "The breach of RSA was utterly massive not only from a potential tactical damage perspective, but also in terms of the abject fear that it drove into every CIO who lost the warm-and-fuzzy feeling that the integrity of his or her enterprise authentication model was intact. Among the lessons, he says, are that even good security companies like RSA are not immune to being hacked. Finally, "human beings are, indeed, the weakest link in the chain," Linkous says.

24

Sony's PlayStation Network

Date: April 20, 2011 Cause: Inconsistent application of security controls across the organization Impact: 77 million PlayStation Network accounts hacked; Sony is said to have lost millions while the site was down for a month. This is viewed as the worst gaming community data breach of all-time. Of more than 77 million accounts affected, 12 million had unencrypted credit card numbers. Sony was unable to trace the originator of attack. The hackers gained access to full names, passwords, e-mails, home addresses, purchase history, credit card numbers, and PSN/Qriocity logins and passwords. "It's enough to make every good security person wonder, 'If this is what it's like at Sony, what's it like at every other multi-national company that's sitting on millions of user data records?'" says eIQnetworks' John Linkous. He says it should remind those in IT security to identify and apply security controls consistently across their organizations. For customers, "Be careful whom you give your data to. It may not be worth the price to get access to online games or other virtual assets."

AOL
Date: August 6, 2006 Cause: Accidental release of data containing confidential information of users in public domain Impact: Data on more than 20 million web inquiries, from more than 650,000 users, including shopping and banking data were posted publicly on a web site. AOL Research, headed by Dr. Abdur Chowdhury, released a compressed text file on one of its websites containing 20 million search keywords for more than 650,000 users over a threemonth period. While it was intended for research purposes, it was mistakenly posted publicly. AOL pulled the file from public access by the next day, but not before it had been mirrored and distributed on the Internet. AOL itself did not identify users, but personally identifiable information was present in many of the queries, and as AOL attributed the queries to particular user accounts, identified numerically, an individual could be identified and matched to their account and search history by such information. The breach led to the resignation of AOL's CTO, Maureen Govern, on Aug. 21, 2006. 25

Future Scope
Businesses are increasingly becoming dependent on Technology. Because of use of technology, the world is becoming like a global village and it is easy to trade across borders. Owing to this, organizations need to incorporate technology to expand their business opportunities. With introduction of cloud computing, firms are set to take web based business models to the next level. Even small and medium enterprises are trying to mark their presence on global level. This means more and more reliance on technology in coming future. However, exposure of organization to technology also means security issues. There can be organizational attack, terrorist attack, hacking or phishing. As we have seen in the cases mentioned in the report, such occurrence of security issues not only means financial losses for the firms but also an irreparable damage to the brand which the organization has built over years. In case customers sensitive data is being compromised, the organization might lose further business with the client. Thus, while firms make fortunes leveraging globalization and liberalization, they would not mind spending a part of it on security. This clearly means that firms providing Enterprise Security Solution are here to stay and have a huge scope. Moreover, even the firms using enterprise security solutions from existing vendors need to get security solutions updated on a periodic basis. So firms providing ESS would never run out of business.

Conclusion
With rapidly changing business environment, IT has become an integral part of business processes. The world is shrinking and businesses get a competitive edge by being connected to their stakeholders. But this has also brought several issues. Security breaches can result in millions in financial losses. Over and above the monetary impact, negative publicity can have a serious impact on brand image and customer trust. This has the potential to undermine competitive advantage, particularly if confidential corporate trade secrets and intellectual property are exposed to rivals. If security glitches are not identified and remediated quickly, it can pose a huge threat to overall business of the company. So it has become imperative for organisations to be proactive and employ measures to protect their assets from various threats and vulnerabilities. When businesses are interlinked in a complex web of stakeholders, looking at IT security in a holistic way and managing the threats at enterprise level is the way ahead.

26

References
1. Abhijeet Khadilkar, T. P. (2011, November). Overcoming Security Shortcomings:Why Tech Companies Must Embrace a 360-Degree Perspective. Retrieved March 14, 2013, from Cognizant website: http://www.cognizant.com/InsightsWhitepapers/OvercomingSecurity-Shortcomings-Why-Tech-Companies-Must-Embrace-a-360-DegreePerspective.pdf 2. About Wipro. (n.d.). Retrieved March 18, 2013, from Wipro website: http://www.wipro.com/about-wipro/ 3. Armerding, T. (2012, February 15). The 15 worst data security breaches of the 21st Century. Retrieved March 18, 2013, from CSO website: http://www.csoonline.com/article/700263/the-15-worst-data-security-breaches-of-the21st-century 4. Enterprise Application Security,Enterprise Security Solutions | Wipro. (n.d.). Retrieved March 14, 2013, from Wipro website: http://www.wipro.com/services/businessapplication-services/enterprise-security-services.aspx 5. InformationWeek News Network. (2011, February 7). An insight into data security issues in banking sector unveiled. Retrieved March 17, 2013, from Informationweek website: http://www.informationweek.in/security/11-0207/an_insight_into_data_security_issues_in_banking_sector_unveiled.aspx 6. Infosys Limited. (2011). Enterprise Security Solutions. Retrieved March 18, 2013, from Infosys website: http://www.infosys.com/IT-services/infrastructure-managementservices/service-offerings/Documents/enterprise-security-solutions.pdf 7. Microsoft Corporation. (2007). White paper - Securing the plant floor. Retrieved March 18, 2013, from Microsoft website. 8. Spirit of Wipro. (n.d.). Retrieved March 18, 2013, from Wipro website: http://www.wipro.com/about-wipro/Spirit-of-Wipro/ 9. VARindia. (2013, March 19). 10. Vishal R Ambhire, P. S. (2011, October). Information Security in Banking and Financial Industry. Retrieved March 19, 2013, from IJCEM website: http://www.ijcem.org/papers102011/ijcem_102011_17.pdf 11. Wipro . (n.d.). Retrieved March 19, 2013, from http://www.wipro.com/products/ 12. Wipro Enterprise Security Solutions (ESS). (n.d.). Retrieved March 18, 2013, from Linkedin website: http://www.linkedin.com/groups/Wipro-Enterprise-SecuritySolutions-ESS-3874489/about 13. Wipro Technologies. (2010). ESS Overview for BFSI. Retrieved March 14, 2013, from Wipro website: http://www.wipro.com/Documents/ESS_Overview_for_BFSI.pdf 27

14. Wipro Technologies. (2010). ESS Overview for Manufacturing. Retrieved March 14, 2013, from Wipro website: http://www.wipro.com/Documents/ESS_Overview_for_Manufacturing.pdf

28

Annexure
Exhibit 1 Wipro ESS solution portfolio

Exhibit 2 Wipro ESS competency areas - Manufacturing

29

Exhibit 3 Wipros key competency areas - BFSI

30