HPCL-Praharee

HPCL is a 65,000 crore government undertaking that spends hundreds of crores

on IT every year. While they have a lot of SCM, CRM and other solutions in

place, there was a need to tap the network that was going beyond boundaries with

their increasing business. The HPCL network was open to outsiders like LPG

dealers and retailers. This was an area of concern, and they decided to

implement Praharee-an information security management solution. HPCL has

followed the MASS (Methodology for Architecting Secure Solutions) methodology

for architecturing the network infrastructure. The infrastructure operates in

four different security zones, namely uncontrolled (black), controlled (yellow),

restricted (orange) and secured (red). The ISMS methodology is established using

the PDCA model for Risk Assessment stage and the firewall, and IDS/IPS are used

for perimeter level. The system, therefore, uses unified threat mgmt;

appropriate identity and access management using IBM Tivoli are in place.



Radware DefensePro is used for web app protection. RSA 2-factor authentication
is being used to secure external access.

	Project Specs Business problem: Businesses like retail automation and LPG dealer networking opened up HPCL's network to other networks, making it unsecure IT solution: An information security mgmt system has been put in place Impact: HPCL is now ready to stand up to regulatory compliances like HIPAA and Sarbanes-Oxley when they come to India Implementation partner: IBM
M V Sreeram, GM-IT