Prasenjit Mukherjee - General Manager-IT - BSES Power Ltd.( Reliance Energy Ltd)

CIO City >> Enterprise Security yearbook 2013 >> Insights Profile >>

Ensuring Security Through Enhanced Technology Devices By:- Prasenjit Mukherjee

"Rather than maintaining a local storage we would be taking cloud storage as a prime concern"

Use and Implementation of Cloud in business

In our line of business, wherein we handle critical customer information and the volume of data, security and regulatory guidelines are very much important and hence we have not thought immediately about any applications being put on cloud. However we shall be definitely looking in for cloud based operations soon as our data volume is increasing exponentially. Rather than maintaining a local storage we would be taking cloud storage as a prime concern.

On the other hand, when it comes to security, the service provider has a major role to play. We need to look into the SLA and business continuity and ensure that there is no data leakage.

Building an effective DLP programme

We are already into DLP program in collaboration with one of the top vendors in the world. All our applications are in the local environment, either on LAN or WAN connectivity and gets monitored and frequently audited to ensure that no data leakage happens. The mobile devices are checked to see how they are connected, the path they use, and what all application access the user has.

Ensuring Social Media as an asset for business

We have not gone majorly into social media or any promotions through it. We don’t have any plans about it so far.

Maximizing the cost efficiency for information security

We have to ensure the regulatory body which is constantly monitoring us that the customers are given quality power with minimum outages. This can be implemented only if we have proper information security system, wherein IT is the backbone. We give our customers the assurance that their information is in the most secured hands, and is hundred percent leak proof.

Mobile devices to minimize threat, loss and risk

We have empowered our field workforce with mobile devices and handheld devices, ensuring their security so that the data which is being used does not get manipulated. We have taken care by providing new set of Linux OS based devices to our end users, which uses data encryption technique.

We have already created VPN tunnels for our other mobile users through which employees get access to the central system. We have also created DMZ and placed public domain servers in that zone so that my main server farm is secured. ADS has also been implemented across our organization.