IARM Information Security

BACKGROUND

Please describe your company and your position there.

I am the MD for India and VP of Technology for Wall Street English which is a premium educational technology company which teaches teaching to Adult learners around the globe in both classroom and online.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire IARM Information Security?

Our Insurance company ran a security scan of our domains, network and infra and we failed in almost all areas, and had red flags in many parts. We were given a month to correct all deficiencies, or risk losing our cybersecurity insurance

SOLUTION

How did you select this vendor and what were the deciding factors?

We found that IARM was Chennai based and in the list of top 20 IT security vendors in India. They were also rated highly by other companies. In speaking to Ganesh the CEO we got the comfort level that IARM knows the problems we were facing and how to solve them with the best possible approaches

Describe the project in detail and walk through the stages of the project.

In February of 2021 our Insurance company ran an scan of our domains, network and infra and detected many vulnerabilities and risks. We got an F rating and were told to correct it and get a B rating to get the cybersecurity insurance renewed or risk losing it. In the First stage IARM did a similar scan to the insurance company and found that their report was valid and drafted a plan for us to address all the vulnerabilities and gaps in our IT security.

Up until that point there was no formal IT security practice or IT security team in Wall Street English. IT security was just a document that we shared to all new joiners and other staff. IARM staff worked diligently with our staff and started to clear out all the deficiencies in our cybersecurity one by one. Within 30 days they were able to help us address all the gaps that were detected in the scan by the insurance company.

When the insurance company ran a scan for the second time after 30 days we really go through with a B rating. The assistance provided by IARM was really valuable. We therefore engaged IARAM in Phase1 and Phase 2 of IT Security which is also like engaging a Virtual CISO. They ran the penetration testing, vulnerability assessment of all our network, systems, APIs, and platform for Chennai and Barcelona.

How many resources from the vendor's team worked with you, and what were their positions?

We worked with their CEO, Directors, Security Engineers and Consultants

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

Whatever gaps they detected, it was fixed with their suggestions. So by end of November 2021 we finished Phase 1 and 2 and were just hoping that all the gaps and potential risks were fixed for sure and that our security scan by the insurance company again in Feb 2022 will be positive. It did come positive. There were 0 errors or vulnerabilities detected! The insurance company as a result did not raise our premium at all!

They usually charge 30% higher each year. This showed us that IARM is a company that really knows their game and are on top of it. As a result we have now engaged IARM for getting us the ISO 27001 certification in 2022 and also start the 24x7 SIEM/SOC monitoring for us. The journey with the IARM team has been excellent so far and their leadership is highly forward looking and customer centric.

How effective was the workflow between your team and theirs?

The IARM team kept us updated and actively collaborated with our team at key junctions. Their reports were thorough and easy to understand,

What did you find most impressive or unique about this company?

The gave the best solutions at the best prices, and are focussed on making their clients highly successful. They have an excellent leadership team that advice you based on what you really need to do o be on top of cybersecurity and best practices.

Are there any areas for improvement or something they could have done differently?

No they were on top of their game and did everything right the first time.

BACKGROUND

Please describe your company and your position there.

We are into electrical safety and reliability. I am Heading Infosec and Quality systems function in this organization.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire IARM Information Security?

As per our customer requirements, we had to perform Security testing and get security certification for our IOT product and platform. Vendor should perform test against IEC 62443 standard and provide security certification for IOT product

SOLUTION

How did you select this vendor and what were the deciding factors?

IARM’s name popped while browsing for Best IOT product security testing vendors online, after a discussion with their team, we gained the assurance on IARM’s quality. IARM Information Security Pvt.Ltd, cleared our Vendor evaluation Process and then they were engaged for this project

Describe the project in detail and walk through the stages of the project.

We had to test their High End IoT Web application Development (IEC 62443 Standard) for possible Cyber Security loopholes and Data leak-points and have them fixed as per the recommendation as suggested by IARM Information Security Pvt.Ltd. team so that we have a robust and secure IoT web application in place. IARM excelled at providing their assessment capabilities by reporting guaranteed penetrable aspects in our application Infrastructure.

The team carried out an iterative test which involved the IOT hardware as well as the application associated. The results submitted were not just the output of Penetration Test application but had in-depth process verification using IEC 62443 of every stage this was involved in the IoT ecosystem as well as IoT Products and Solutions

How many resources from the vendor's team worked with you, and what were their positions?

The definite team composition was not revealed, whereas the project was handled meticulously with the guidance of a Team Lead, who was our point of technical contact and a Project manager, who was our point of coordination, and the project was kicked off systematically without hassle. Adding on the team demonstrated in-depth technical and process knowledge in the field of Cyber Security and specific to Industrial IoT and IACS Domain.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

Manav Energy has signed a Non-Disclosure Agreement prior to the start of this operation; hence any evidence of this engagement has the mandate to be confidential on legal aspects.

How effective was the workflow between your team and theirs?

Initially the Business development team did a very good job of boarding and associating us with the technical team. Later there was coordination between both parties as IARM has a very flexible workforce. IARM kept their word on the promised schedule and the expected outcome was delivered promptly. Overall, the entire team of IARM showed their expertise in the field of Cyber Security and true professionalism throughout the engagement.

What did you find most impressive or unique about this company?

IARM’s team was very developer friendly and were available on call when and where required. They take extra efforts to understand the client’s domain of operations. Their commitment to ensure that all identified security vulnerabilities are understood by us and their sincere efforts and follow up to fix all the security gaps were highly commendable.

Are there any areas for improvement or something they could have done differently?

IARM constantly updates their methodologies and tools based on every experience, so there are no recommendations to be given from our side. However, I would request the IARM team to forward us information on IoT Cybersecurity periodically in order to elevate our knowledge and awareness on IoT Cybersecurity.

BACKGROUND

Please describe your company and your position there.

Venkata Narayana Active Ingredients Pvt. Ltd. is one of India’s rapidly growing Pharmaceutical companies in India that combines the power of Science and Technology. A'm the AGM, Head - Information Technology

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire IARM Information Security?

To ensure the data security we decided to implement ISMS as per the ISO 27001:2013 and get certified the same. So we engaged IARM as a consultant to implement ISMS at VNAI.

SOLUTION

How did you select this vendor and what were the deciding factors?

Searched online and shortlisted 4 consultants. We chose IARM based on their professional approach and not compromised to get the work order. IARM created awareness about ISMS even before we finalise them.

Describe the project in detail and walk through the stages of the project.

From day one the team of IARM Information Security Pvt. Ltd., ensured that they followed the Project Management approach to carry out the defined deliverables for the ISMS Project. Starting with Gap Assessment, the team understood organization need and implemented appropriate policies and necessary technical controls. Team ensured periodic management update on the status of Implementation and timely response to communications.

How many resources from the vendor's team worked with you, and what were their positions?

A team of three Lead Auditors who were well versed and knowledgeable on Cyber Security and Privacy compliance helped us to achieve ISO 27001:2013 Certification for our organization.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

The final third party audit were smooth sailing and we are happy to inform that we were awarded the ISO 27001:2013 Certification without any nonconformance for our organisation for both our corporate office and Production Plant. Thanks to IARM team and Wishing you many more success in all your future. We looking forward to working with IARM Team in future as well. Keep up your good work

How effective was the workflow between your team and theirs?

The entire exercise was completed within the anticipated timeframe without need for intervention or management oversight. As the IARM team gained comprehensive understanding of our needs and were responsive to any inputs on the same.

What did you find most impressive or unique about this company?

With a lean team IARM completed this implementation with effective direct communication with all the stakeholder functions at our organization.

Are there any areas for improvement or something they could have done differently?

None to our knowledge

BACKGROUND

Please describe your company and your position there.

I am giving my contribution in Redmil Business Mall as Co-founder and CEO. RBM is a B2B Fintech organisation where we are working towards financial inclusion to the bottom of pyramid in India. and have successfully empowered 5 lakh + retailers with our platform.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire IARM Information Security?

We were looking for security assessment for our Mobile platforms. to ensure it's safety from any possible cyber attacks.

SOLUTION

How did you select IARM Technologies and what were the deciding factors?

We have been very professionally approached by their Business team. They have shown exceptional presentation and way forward to ensure best security for our platforms.

Describe the project in detail and walk through the stages of the project.

We have successfully complete assessment and vulnerability fixing for Android application and now moving ahead with Web platform and later server assessment.

How many resources from the IARM Technologies team worked with you, and what were their positions?

We had a project manager, 1 security analyst and 1 tester.

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

Yes indeed, after having resolved 9 vulnerabilities, we are now standing at better place to promote our platforms better without any fear of cyber attacks. Great work done by IARM team.

How effective was the workflow between your team and theirs?

They kept us update timely & have been supportive as well during the time of fixing of vulnerabilities with our technical team.

What did you find most impressive or unique about this company?

The best thing about IARM is their commitment. They haven't missed on any single timeline they have committed. Great professionals make them great in the market as well.

Are there any areas for improvement or something they could have done differently?

At this given point of time, No. I wish the all the best.

BACKGROUND

Please describe your company and your position there.

VDart Digital focuses on creating products and platforms which enable digital transformations within the Blockchain, IoT, Analytics, Cloud, Cybersecurity, and Artificial Intelligence spaces for our customers. We understand how to bring these new technologies together along with your existing data and systems to drive maximum value in a coherent holistic architecture. VDart Digital works with startups and established brands that are pioneering innovation in their respective domains. Our comprehensive knowledge, industry expertise and unique service capabilities have enabled us to leave a global footprint across U.S.A, India, Mexico, Brazil, Australia and the United Kingdom. I am working as the Manager for Information security for VDart.

OPPORTUNITY / CHALLENGE

For what projects/services did your company hire IARM Information Security?

We looking for a company that would help us in achieving the ISO 27001:2013 certification.

SOLUTION

How did you select IARM Information Security and what were the deciding factors?

When we were searching online we found many companies with the same profile. We short listed them to 5 out of which IARM was a one of the leading companies in ISO/IEC implementers.

Describe the project in detail and walk through the stages of the project.

We had all the process drafted with policies and procedures in place. This helped us to identify the gaps in the system. We had carried out security audit which helped us to understand the potential risk on our infrastructure. WAPT was carried out along with VAPT to understand the risk involved. We cleared all the security recommendation that were sent in and all the vulnerabilities were addressed and closed.

How many resources from the IARM Information Security team worked with you, and what were their positions?

1. CISO 2. 1 Security analyst 3. 1 Process specialist

RESULTS & FEEDBACK

Can you share any outcomes from the project that demonstrate progress or success?

They were able to identify the risk and the gaps in the system. They helped in setting the process and drafting the policies to be in place for effective functioning of the organization. They took the time to teach us additional security practises. This helped us implement the industry best practises.

How effective was the workflow between your team and theirs?

It was very effective we used to have session on Zoom which helped us to propel our project.

What did you find most impressive or unique about this company?

They offered multiple services based upon request, and their services were very prompt in completing the project.

Are there any areas for improvement or something they could have done differently?

WAPT/VAPT testing took a bit longer but their expertise paid off in the end.

BACKGROUND

Introduce your business and what you do there.

Our energy company is an SPV incorporated by IL&FS Group under the energy platform (i.e. IEDCL) for implementation of the Thermal Power Project (“Project”), at Cuddalore in Tamil Nadu. The company is setting up 3180 MW thermal power plant in certain locations in India.

The project is being implemented in Phases. Phase I of the project is for 1200 MW comprising of 2 units of 600 MW each. Second phase shall have 3 x 660 MW.

I head the Information Services Function for the entire organisation which includes IT Infrastructure Support, Information Security for both IT and OT Networks.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with the vendor?

The Challenge’s that any organization would face with regards to Cyber Security and Information Security were no different for our organization as well. The Service Provider had the capability and trained and professional resources to identify the GAP and provide appropriate solution and services to the identified GAPS.

SOLUTION

What was the scope of their involvement? 

The Scope that was involved were to identify the Security Vulnerabilities within the organization entire IT Infrastructure including the corporate office, Plant Networks, Industrial Critical Systems (SCADA) Cyber Security Audit and as well as the hosted Data Centers.

Over and above, the awareness of Cyber Security and its relevance to the Business framework was an add on by the Service provider which helped to work on consecutive engagement with service provider. 

What is the team composition? 

The Project team has the technical assessment team specialized in Vulnerability Assessment, Penetration Test of Network, Web Application as well as Mobile Application. The Process evaluation pertaining to the compliance needs of the Business requirements was headed by the Compliance Process/Delivery Lead. The entire Project was overseen by the Project Manager and the Director of the Service Provider Organisation.

How did you come to work with the vendor?

Based on their presentation and capabilities and proof of concept approach, the service provider was evaluated to work with us. Meticulous verification of their capabilities and reference from other similar organization were taken into consideration before assigning the project to the identified Service Provider.

How much have you invested with them?

Even though this is a confidential information, we have so far invested about $10,000 to $50,000, over the period years to improve and enhance on the cyber security controls.

What is the status of this engagement?

We have made the engagement as one of the continuous effort processes. The management has included as part of the Business Program (i.e.) Systematic Security Assessment Program.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

Cyber Security and Information Security involving Confidentiality, Integrity and Availability are sensitive in nature. However, with a valid Non-Disclosure agreement, the evidence may be shared based on the Legal counsel final decision.

How did the vendor perform from a project management standpoint?

The Vendor/Service provider did spend a quite a good amount of time to understand the requirements and then it was revalidated from our end. The Scope of finally arrived with all the associated results of the Risk identification process and appropriate mitigation plan whilst carrying the project.

Similarly, all due attention to the sensitive nature of the project was well planned and necessary resilience were put in place in order to minimize any disruption during the Project Life cycle. The estimate of time was precise including the revalidation of the process.

What did you find most impressive about them?

Their documentation skills with the attention to details and playback session to under our requirements and to ensure that both the parties didn’t have any assumption was really impressive.

The agile nature of the work carried out was equally impressive. The entire team has the same focus stating “Security is nothing but being transparent” in the approach. Technical knowledge and their attitude to include everyone to contribute to this project was something unique to this organization.

Are there any areas they could improve?

I would recommend that they establish themselves in other international market so that they have better working opportunities with our other Group companies as well.