How can Security aid innovation? Blog

ZestMoney

How can security aid Innovation?

At ZestMoney, we pride in our innovative workforce and our technology is the back bone of our company. Given our rapid growth and as a fin tech company, we take very seriously our responsibility to secure our customer data and to protect our employees from malicious actors. Historically, security has been the enemy of innovation as restrictive rules are imposed on employees preventing them from embracing the latest technology. At ZestMoney, we have embraced an innovative security strategy where our employees are central to our cyber security and are aided by technology to stay secure. This blog shares our experience in building a best in class security program.

Our overall cyber security framework: Defense in depth

ZestMoney

Technology:

In the modern day, it is incumbent on us as a service provider to make sure that our key assets stay well protected. At ZestMoney, we have invested in multiple types of cybersecurity ranging from features offered by Platform vendors like Google, Amazon and Sophos. We also engage with our partners, contractors and customer support personnel to make sure that their security technology is up and running. We also use best practices in framing our security policies so that they do their work in a noninvasive way so that our employees are free to do their job

Processes:

Along with technology, it is important for us to define the right processes- right from how customer support responds to specific types of customer requests to the apps made available to our employees for productivity related tasks to how we respond to employee requests for new tools. A key lesson for us here is that processes need to be nimble enough and flexible enough for employees to adopt new tools and security related approvals should not constrain innovation. To ensure that security does not constrain innovation, it is important that processes take advantage of the other 2 elements of our security strategy: Our technology and our people.

Our people: Democratizing Security

However, a key part of this blog is the work we have done in partnership with SecurityAdvisor in fortifying our people as part of #SecureZest initiative at ZestMoney. Our people are our firewall and our people are our first responders too.

Our humans as our firewall with Just in time personalized coaching:

The nature of threats continues to fundamentally change. Even till a few years back, phishing accounted for 90% of incoming threats. Today the mixture of threats continues to evolve with email remaining a major threat vector, but threats from the cloud, online activity, new forms of collaboration (For example Slack or Microsoft Teams) are rapidly rising. An average employee now uses 100’s of apps. Several of these can be used by malicious actors to steal data.

To immunize our employees against these threats, we use a state of the art system to understand the risk profile of our employees- not all of our employees are susceptible to the same threats. We run a personalized awareness campaign for each of our employees. We do this in bite sized chunks so that employees can focus on what is important- innovation!

The key to an effective awareness program is engaging content and delivering this content to the right users at the right team (Just in time personalized content!)

Our humans as our first responder:

We can also use our humans to report phishing emails, turn on 2-FA, use rights management tools and overall drive security by preventing and reporting incidents. The awareness program (Delivered as 5 min modules and sometimes even as 30 sec capsules) is intended to democratize security by making our humans the first responder. This is a disruptive new construct in security as it is not just the SOC that responds to security incidents but even our employees who are now our eyes and ears on the ground.

Measuring Security:

As a fin tech company, we believe in measuring ROI even for security. Below you will find our charts showing how incidents detected have dramatically decreased as a result of both enabling and coaching employees and an improved security posture (Do note these are counts of incidents detected and by focusing on the root cause of infections, we are eliminating infections altogether thereby reducing the attack surface area for our company). At the end of the day, the cost of security is eternal vigilance!

AUTHORS
  • Author
    Ganesh Muralidhar

    Director- DevSecOps at ZestMoney

  • Author
    Sai Venkataraman

    CEO at SecurityAdvisor

Published on : July 10th, 2019

Learn how SecurityAdvisor can help your team

Schedule some time to talk with one of our experts and they will show you how we can help your organization.

Get a demo Today