HPCL is a 65,000 crore government undertaking that spends hundreds of crores
on IT every year. While they have a lot of SCM, CRM and other solutions in
place, there was a need to tap the network that was going beyond boundaries with
their increasing business. The HPCL network was open to outsiders like LPG
dealers and retailers. This was an area of concern, and they decided to
implement Praharee-an information security management solution. HPCL has
followed the MASS (Methodology for Architecting Secure Solutions) methodology
for architecturing the network infrastructure. The infrastructure operates in
four different security zones, namely uncontrolled (black), controlled (yellow),
restricted (orange) and secured (red). The ISMS methodology is established using
the PDCA model for Risk Assessment stage and the firewall, and IDS/IPS are used
for perimeter level. The system, therefore, uses unified threat mgmt;
appropriate identity and access management using IBM Tivoli are in place.
Radware DefensePro is used for web app protection. RSA 2-factor authentication
is being used to secure external access.
|
|
||
M V Sreeram, GM-IT |