Sify
manages Organon's security infrastructure
Background
Organon (a part
of the Akzo Nobel) - headquartered in Roseland,
NJ, USA - creates and markets prescription medicines
that improve the health and quality of human life.
Organon products are sold in over 100 countries,
of which more than 60 have an Organon subsidiary.
In India, OIL -
Organon India Ltd (Now known as "Infar") is headquartered
in Mumbai and has been in India for more than
35 years. It has 2 factories in and around Calcutta
involved in making bulk drugs and pharmaceuticals.
And a sales and distribution team spread across
the country with regional offices in Calcutta,
Delhi and Chennai. OIL has offices in Mumbai,
Calcutta, Delhi, Chennai and Hyderabad. Its datacenter
is independently situated in Mumbai.
All business critical
resources have been located in the Data Center.
These include: *
ERP application, which runs on IBM
AS/400 mainframe platform. (All users located
around the country log on to AS/400 to perform
updating of data, orders and other ERP related
operations using Citrix.) *
Mailing solution * Internal workflow applications
and DNS servers.
The OIL WAN (Wide
Area Network) rides on the Sify Network to connect
its offices across the country and the data center.
The WAN is an IP based VPN with a judicious mix
of leased lines and broadband as the last mile
to each of OIL's offices. OIL has Internet connectivity
in Calcutta & Mumbai. It has an IPLC between the
Mumbai datacenter and its OSAKA (Japan) headquarters.
The IPLC has been outsourced to provide access
to specific applications and for users to interact
with the Japan office.
The
Security Challenge
Over the past few
years, OIL has used IT as a means of increasing
operational efficiencies and as a business driver.
Therefore the company has invested substantially
in the following:
IT infrastructure,
Line building, Implementing ERP systems, e-mail
and other workflow applications. As an increasing
number of people were gaining access to business
critical resources through the growing use of
information technology, security became a real
concern for the top management.
As a corporate
that relies first and foremost on its expertise
in R&D, information assurance was high on the
priority list of the CTO. The challenge therefore,
was to gain an edge over competition by providing
higher levels of access to Business Critical Resources
& the Internet to its employees across the organization,
while maintaining an acceptable information assurance.
The
Sify Solution
The solution recommended
by Sify was divided into three phases:
i) Assessment:
As the first step a detailed information technology
infrastructure review was performed by Sify consultants.
This involved:
- Vulnerability
Assessment and analysis of the OIL infrastructure
- Detailed
study of OIL's internal policies
- Processes
and procedures pertaining mostly towards Information
Technology
- GAP Analysis
for OIL was conducted to uncover the inadequacies
of the current processes, procedures and practices
in accordance to the BS7799 standard for information
security. The scope for this study was the
Information Technology functions of OIL. Many
documents that formed the network study, security
policies, technical procedures and process
related documents were included in the scope
for this study.
All the IT processes,
both at the practical day-to-day implementation
and policy/guideline levels of OIL were studied
and analyzed. This included OIL's security policies,
change control processes, configuration management,
third party and internal supply and service level
agreements and any other necessary relevant areas
ii) Information
Resource Risk Assessment was the next
step, where the respective threats and vulnerabilities
were identified for the resources. The assessment
was done using best of breed commercial as well
as open source tools while the processes were
assessed with BS 7799 as a reference.
iii) Security
Architecture Design To mitigate these
risks, detailed and in-depth security architecture
design was recommended.
Supply
& Deployments: Best
of breed products were recommended to support
the security architecture design proposed for
OIL infrastructure. These products were in the
later stage supplied to OIL. Once the OIL management
approved recommendations, the technical security
architecture was deployed. This included:
- Reorganizing
IP addressing schemes for the enterprise
- Layer 2 VLANs
for internal traffic segmentation with centralized
access control for the VLANs
- Access control
using high performing Netscreen firewalls
- Real time
monitoring using ISS real secure network IDS
and host based IDS with fusion module for
real-time attack co-relation and monitoring
- Virus, worm,
spam and malware defense using TrendMicro
- Web usage
monitoring using Websense
- Firewall Log
analysis through WebTrends
The above technical
architecture was backed up by best practice policies
as well as processes to ensure mitigation of risks
discovered during the assess phase.
Benefits
to Organon
Several benefits
accrued to OIL after recommendation of Sify Security
architecture Design was implemented
- Ability to
open the network to the Internet, while ensuring
that the network is secure, and the performance
is not compromised
- Increasing
the productivity of the employees by ensuring
that during official hours only the resources
relevant to accomplishing their key result
areas are made available
- Better resource
management (such as bandwidth) through prioritizing
traffic
- Real time
monitoring of traffic accessing the business
critical resources, thereby avoiding malicious
activity by internal users while assuring
higher levels of access to the critical resources
- Increasing
the efficiencies (with respect to time and
effort saved) of the IT team by integrating
a firewall log analyzer within the infrastructure
- Montu
Das
|
