"Mobile devices add a new dimension to this challenge and a continuous technology intervention  and investment is required to mitigate it."

Mobile devices to minimize threat, loss and risk

Public Sector Enterprises face constant information security threats due to growing pervasiveness of Mobile Devices. Employees, contract workers and other business associates carry their mobile phones and other personal computing devices in and out of company premises daily with little or no checks at the entry point. In absence of physical security for such gadgets, information and data security depends on security measures implemented at network level, client desktops and server machines. Large public sector utilities are usually slow in adoption of new security technologies making them more vulnerable to such information security threats. At NTPC, we have adopted mix of measures to counter such threats.

First step is to increase physical security at entry points by educating security personnel about threats from personal computing devices and ensuring authorized entry only, after thorough checking. All computing devices like Laptop/Notebooks/Tablet etc. are to be reported, checked and details recorded at entry gates. No personal gadgets are allowed inside Data Centers housing mission critical servers. We at NTPC do not encourage “Bring Your Own Device (BYOD)” trend; employees are provided workstations equipped with enterprise grade security solutions with automatic Anti Virus & OS patch updates etc. Wi- Fi access is very restricted, limiting the threats arising from employees using their own devices for company business. This currently excludes Mobile Phones but a mechanism is being developed to minimize threats from Mobile phones.

Second Step includes regular network security audits to plug gaps in network security framework and prevent entry of foreign device into NTPC’s private cloud. However, this is not foolproof due to fast changing security scenarios. So we adopt a strategy of regular internal security audits coupled with yearly third party audits to harden enterprise network security.

Third step is to educate users about mobile security threats and encourage them to invest in mobile security solutions for their personal security as well as company’s benefit. This can be done by either providing users with company issued mobile phones/devices or mandating installation of security apps on user’s mobile devices.

As the importance of enterprise data grows, so is the threat of data theft. Mobile devices add a new dimension to this challenge and a continuous technology intervention and investment is required to mitigate it. NTPC is working steadily to match global benchmarks in enterprise security to provide a hassle free productive computing environment to all its employees through a team of dedicated IT professionals.