IIFL Finance is one of the leading players in the Indian financial services industry. The group covers multiple markets, including wealth management, home loans, microfinance, and retail banking, and has more than 2,000 branches in more than 500 cities across India. The business is digital and dynamic. Rather than through acquisition, IIFL aims to grow by identifying opportunities in the market, customizing solutions, and moving quickly. The IIFL Group grew 37% in 2019 compared to 2018
“Innovation is our opportunity, and technology is our enabler,” says A Shiju Rawther, EVP of Technology at IIFL. “Cloud allows us to start small and scale quickly. Through digital channels, we can reach many people very quickly.”
This presents both an opportunity and a challenge. Disrupting traditional routes to market, IIFL wants teams to be able to work from anywhere, at any time—but it must enable this securely. The group sits on a wealth of sensitive personal and financial data. To protect its corporate reputation in the eyes of regulators and customers, it must effectively manage security threats.
In 2018, IIFL started a “security transformation,” in Rawther’s words. The aim was to establish a coherent, longterm strategy that would support business growth and protect against threats. It would need to reflect the themes of cloud and mobility. IIFL conducted proofs of concept (PoCs) against agreed-upon criteria with several vendors. In addition to a PoC, Palo Alto Networks undertook a Security Lifecycle Review (SLR), a unique assessment offering that highlights vulnerabilities within an organization’s existing setup. The SLR identified high-risk applications, susceptibilities, and how the network might cope if traffic were to increase sharply.
Rawther says the SLR resonated with IIFL’s desire to find a long-term solution.
“The PoC showed Palo Alto Networks to be way ahead of the others. Its features and functionality suited our growth strategy,” he says. “It was clear Palo Alto Networks would give us scale and visibility.”
Palo Alto Networks approach, based on the industry-leading Strata™ network security suite, includes Next-Generation Firewalls; Panorama™ network security management for all firewalls—at the perimeter, in the data center, or in the cloud; and the WildFire® malware prevention service.
The implementation across the perimeter, data center, and cloud was completed in February 2020, just weeks before the COVID-19 pandemic locked down the Indian economy. Around half of IIFL employees were already enabled with remote working, and the lockdown required the remainder to be equipped.
“Palo Alto Networks means we have full visibility of who is accessing our systems, and how they’re accessing the system,” says Rawther. He goes on to say security transformation is not yet complete but that he expects the pandemic situation to accelerate plans. IIFL is exploring the Cortex™ security operations suite by Palo Alto Networks with a view toward faster investigations, fewer alerts, and greater automation. “Cybersecurity is never the most high-profile topic. It must be there in the background, ready to support the business. We feel Palo Alto Networks understands our business. They speak our language.”
The engagement means IIFL now has clear visibility into its security posture. It is stronger today and more assured of its future. Rawther says the implementation ran smoothly and that Strata has proven no bottleneck to performance. In his words, “Even as more transactions go digital and volumes increase, we’ve seen no downgrade in the experience for those working from home.”