Nishith Desai Associates keeps business risk at bay with infosec

By Dhwani Pandya, Principal Correspondent 18 Dec 2009 | SearchSecurity.in

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

More corporate infosec success stories: Reliance Capital's DRM and DLP team up for data protection Managed security service for risk management: The Kotak Mahindra story Dawnay Day AV India's information security risk management mantras

As a leading legal firm, Nishith Desai has to ensure that all document exchange happens in a highly secure manner. In its early days, the firm realized that it needs a strong network security framework. Its information security policy (which came into existence in 1990), is regularly updated to compensate for growing automation of processes and introduction of new devices. Surprisingly, although it deals in sensitive information, the company has developed an open, transparent and trust-based work culture. "In this work culture, we have to be careful while implementing certain information security policy and restrictions for people," says Mundarkar. "We have to justify the reasons for certain restrictions." Although it's contradictory to company's nature of business, it has been able to successfully maintain a trust-based work culture. Nishith Desai has not experienced any misuse of information by employees. However, Mundarkar believes that from a system point of view, information security cannot be ignored; his firm has taken several efforts to secure even minute details.

In order to ensure confidentiality of information, Nishith Desai decided to host its Microsoft Exchange and database servers in-house, instead of using a third party data center. The company has established VPN connections between all the office locations (which include Mumbai, Bangalore and California). Besides, it also has MPLS VPN connectivity between its Mumbai and Bangalore locations. The firm ensures that there is no use of personal mail. Since every Nishith Desai employee has a Blackberry device, the firm has a separate corporate policy on Blackberry usage. The Blackberry servers have an integrated system to monitor logs. Nishith Desai uses a solution from Ironport for policy based email monitoring and blocking spam. "Our prime aim was to ensure that no traffic moves through the public Internet," explains Mundarkar.

Nishith Desai has set up two data centers (at Mumbai and Bangalore). These data centers are claimed to be protected using Fortigate firewalls with Z level security. To ensure the security of endpoint devices like CD-ROM and USB drives on the network, Nishith Desai uses Symantec's Enterprise Suite (for virus protection and device blocking). The firm also uses Microsoft System Center essentials for patch management and health monitoring. This system generates e-mail alerts that provide details about all systems on a daily basis.

Although it deals in sensitive information, Nishith Desai has managed to develop an open, transparent and trust-based work culture.

In order to ensure smooth and secure document exchange with its clients, the Nishith Desai uses digital signatures from Verisign. "Certain clients who are apprehensive about confidentiality of information want us to authenticate and upload the information directly on their server," says Mundarkar.

According to Mundarkar, although its current network security framework sufficiently protects his company, security is a perpetual challenge. Due to this realization, Nishith Desai believes in keeping at least 60% of its technology budget for information security.

Even after setting up all these network security controls, Mundarkar wants to offer maximum flexibility to its users. The company has a work-from-home policy for lawyers who are often on the move. The company uses Elite 3E software to track the time spent by lawyers on each case. In order to secure remote log-ins of this particular system, Nishith Desai plans to use an authentication solution from RSA, which uses "digital cards". This digital card will provide a third level of authentication for system log ins. Nishith Desai plans to provide these cards on Blackberry devices, so that users don't need to carry traditional smart cards. Besides, he is also looking forward to invest in a document rights management solution to further secure Nishith Desai's intellectual property.

Tags: Enterprise risk management strategies,  Business compliance management,  Network and endpoint security tools and technologies,  Identity management, authentication and access control solutions,  Hacking countermeasures,  Incident response management best practices,  Risk Management Strategies,  Network Security Tactics,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise risk management strategies Clientless SSL VPN vulnerability and Web browser protection Information rights management helps L&T protect its knowhow Cloud Security Alliance releases top cloud computing security threats Voice data security risks on the rise, say experts Firewall audit tools aid compliance Interest in data leakage protection, event log management rises Improving regulatory compliance management through log analysis, SIEM Applying the ISO 27005 risk management standard Zeus Trojan continues reign infecting 74,000 PCs in global botnet Fraud risk management is key to avoid Wipro-like incidents Business compliance management Information rights management helps L&T protect its knowhow Voice data security risks on the rise, say experts Firewall audit tools aid compliance Interest in data leakage protection, event log management rises Improving regulatory compliance management through log analysis, SIEM Applying the ISO 27005 risk management standard Fraud risk management is key to avoid Wipro-like incidents Security awareness is the key... cultivate employee loyalty Jim Reavis on cloud computing security and regulatory compliance The TCS Website hack: Don't let your company join the list Network and endpoint security tools and technologies How to perform an Active Directory health check Information rights management helps L&T protect its knowhow Voice data security risks on the rise, say experts Firewall audit tools aid compliance Interest in data leakage protection, event log management rises Zeus Trojan continues reign infecting 74,000 PCs in global botnet Fraudulent mobile applications will threaten mobile banking security Mobile Reputation Security prototype from Symantec: A closer look RAM-scraping attacks are a rising -- but preventable -- threat What to do with network penetration test results

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary knowledge process outsourcing (KPO)  (SearchSecurityIN.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary