Ensuring a secure network for employees became critical with the emergence of hybrid work

The cybersecurity landscape has fundamentally changed, with the hybrid work environment. At L&T Technology Services (LTTS), the cyber infrastructure was designed to support only a small percentage of people to work remotely. Being primarily an engineering R&D services company, a lot of the work was done on high-end computers. Hence, security became a crucial factor when the organization was forced to work remotely owing to the pandemic. 

LTTS is the engineering services arm of the L&T Group—one of India’s largest conglomerates with business interests across construction, financial services, manufacturing, engineering, and technology. With around 17,000 employees, some of whom live in shared residences, known as “Paying Guests” in India, juggling between enabling everyone to work remotely and security of the organization’s network and data was a major challenge the company had to face.

Before the pandemic, LTTS had deployed multiple on-premise security solutions to safeguard its employees. With hybrid mode becoming prominent, an upgrade to a comprehensive security infrastructure and shift to cloud-based solutions was the need of the hour.

“During the early days of the pandemic, we not only had to enable our employees to work from their homes but to do so while keeping our networks and data secure,” says Sandeep Karan, the head of cybersecurity at L&T Technology Services (LTTS). 

LTTS undertook various tools to see what makes the best fit to reimagine its security infrastructure in a hybrid work scenario. While every tool or system would have helped in some way, it was challenging to develop a comprehensive understanding of risks. Using the security services offered by Microsoft, LTTS was able to redesign its security architecture through a single consolidated system.

The first step to a secure working environment meant connecting the VPN with Azure AD and enable multi-factor authentication for people. LTTS began using Microsoft Identity Manager to enforce conditional access to sensitive documents and data. Microsoft 365 E5 security structure was used to continuously monitor the organization’s security scores and fix problems preemptively.

With majority of work being done on SaaS applications or applications opened in internet, LTTS ensured all these apps were integrated with Azure AD, thereby giving them the advantage of enforcing conditional access. Microsoft App Proxy was extensively used and it became the primary gateway for employees to open applications on the internet.

“So far, we have managed to get everything we wanted. Right from Azure AD to identity management, multifactor authentication, getting insight from the dark web to see if any password has been compromised, conditional access, and attack simulator, everything is now interconnected,” says Sandeep Karan.

To enable seamless shift to hybrid work, LTTS also relied on Microsoft Teams for collaboration between different teams such as delivery, sales, IT, quality, and human resources. In order to better manage devices in different locations, LTTS implemented Hybrid Join through Azure AD, which truly enabled the hybrid work model.

Over the last year, there has also been an increase in incidents of cyberattacks. For LTTS, this has led to more awareness around cybersecurity within the management, board, as well as its customers. It has become important to protect the employee’s identity along with their devices. In such a situation, it has become critical to move towards a Zero Trust framework, which allowed LTTS to restrict access controls to networks, applications, and devices without sacrificing productivity.

Before the pandemic, it was easier to ensure compliance (with policies) because employees were working from the office and the environment could be controlled. Conversations could happen behind closed doors. However, with the hybrid work model, Microsoft’s Insider Risk Management (IRM) ensures compliance by detecting, investigating, and minimizing malicious activities within the organization.

“Conversations around cybersecurity are not just limited to boards now and it has become extremely important to minimize risks and manage security across the organization. We use Microsoft attack simulator to conduct phishing simulations. If people fail that, we ask them to attend training sessions,” Karan added.

“In the end, employees are potentially the weakest links. It is important for organizations to invest in educating their employees and making them champions. Organizations that will succeed in doing this are the ones that will survive and have the least number of cybersecurity incidents. Now it’s important for organizations to see this as a cultural change, and not just a technological one.”