Our Approach to Cybersecurity
Infosys is a global leader in technology services and consulting enabling clients in 46 countries to navigate their digital transformation.
Being the custodian of customer's and other stakeholders’ information and information assets, it is our prime responsibility to ensure an effective Cybersecurity program.
Cybersecurity has been an important issue for corporations of all sizes due to the ever-growing number of cybersecurity breaches resulting in financial, data loss, and reputational damage. Cybercrimes are becoming more and more sophisticated, professional, and extremely lucrative. We recognize that multifold increase in attacks globally, increased cost of compliance, overarching regulatory mandates, emerging technologies and more have made Cybersecurity a must-have for organizations in all industries, sizes, and geographies; and on this regard being proactive and well ahead of the curve is the only way to survive. This has hence brought upon an unprecedented expectation from customers and other stakeholders in assuring digital trust with our secure by design, integrated approach with the right cybersecurity strategy and tactics through an effective cybersecurity program.
Infosys is committed to
- Protect the confidentiality, availability, and integrity of information assets from internal and external threats
- Ensure and maintain stakeholders trust and confidence about Cybersecurity
The executive Cybersecurity governing body is in place to direct and steer:
- Alignment of Cybersecurity Strategy and policy with business and IT strategy.
- Value delivery to stakeholders.
- Assurance that Cyber risks are being adequately addressed.
Cyber Security Strategy and Governance
Infosys Cyber Security is an amalgamation of Cyber security strategy that is aligned to the business goals, supporting Infosys cyber security framework – SEED and a strong cyber governance program that is driven through the information security council.
The high-level objectives of the Cybersecurity program at Infosys are:
- Proactive business security and employee experience
- Continuously improve security posture and compliance
- Effective management of cyber events and,
- Building a security culture
Infosys’ cyber security framework is built basis leading global security standards and frameworks such as the National Institute of Standards Technology (NIST) cyber security framework and ISO 27001 which is structured around the below four key areas:
| S |
Security management system Governance tier to lead and manage cyber security program of Infosys. The domains in this tier are governance and management in nature for successful Orchestration of different domains of the Cyber Security Framework |
| E |
Enterprise security layer ‘Defense in depth’ approach to secure information and information assets. The domains in this tier are based on the path followed by Information as it flows through different information layers within the organization |
| E |
Evolve and transform Set of domains that we are focusing on to evolve and transform within the Infosys Cyber Security Framework |
| D |
Detect and respond Capability to identify occurrence of a cyber security event, implement appropriate activities to take action, and restore services impaired due to such cyber security incidents |
The framework also entails a comprehensive Cybersecurity maturity model which helps to ascertain the Cyber Security maturity as well as benchmark against industry peers on an ongoing basis.
This helps in continued oversight and commitment from the Board and Senior Management on an ongoing basis through the Information Security Council (ISC) and the cybersecurity sub-committee.
In keeping with the ‘defense in depth’ philosophy, we have deployed several layers of controls to ensure that we keep ours, as well as our clients’ data, secure and thereby uphold stakeholders’ trust at all times.
Cybersecurity Management and Reporting
The Cybersecurity practices at Infosys have evolved to look beyond compliance. The comprehensive Cybersecurity metrics program has been contributing to the continuous improvement of the existing security practices and in integrating Cybersecurity within the business processes.
Information management, being an essential part of good IT governance, is a cornerstone at Infosys and has helped provide the organization with a robust foundation. There is a concerted effort from top management to our end users as part of the development and implementation process. Additionally, care is taken to ensure that standardized policies or guidelines apply to and are practical for the organization’s culture, business, and operational practices. Cybersecurity requires participation from all spheres of the organization. senior management, information security practitioners, IT professionals, and users have a pivotal role to play in securing the assets of an organization. The success of Cybersecurity can only be achieved by full cooperation at all levels of an organization, both inside and outside and this is what defines the level of commitment here at Infosys.
As a final level of defense, we undergo many internal audits as well as external attestations and audits in a year at an organization level (e.g.: SSAE-18, ISO 27001) as well as client account audits to assess our security posture and compliance against our obligations on an ongoing basis.
There were no material cybersecurity incidents reported in Fiscal 2021.
Our industry contributions and thought leadership
We have been promoting Cybersecurity through various social media forums such as LinkedIn, Twitter, and YouTube; sharing our point of views, whitepapers, service offerings, articles written by our leaders, their interviews stating various perspectives, and podcasts through our corporate handles providing cybersecurity thought leadership. Large volumes of contribution have gone into these forums to bring in awareness and appreciation of Cybersecurity in general over time.
Cybersecurity skill management
With the increasing demand for Cybersecurity jobs and a skilled workforce, Infosys has taken several measures to counter the Cybersecurity talent crisis as well as in skilling, retaining, and diversifying its Security workforce in areas such as application Security / Secure development lifecycle.
Cybersecurity team members undergo technical as well as behavioral trainings on an ongoing basis. Infosys internal training programs, as well as external bodies with cybersecurity subject matter expertise, are leveraged for the same with a strong focus on learning through the classroom as well as on-the-job trainings.
Over 1,500+ professionals underwent Purdue training on cybersecurity
Infosys utilizes its partnership with NIIT to have its professionals undergo a cybersecurity Master’s Program
Awards and accolades
Infosys is a global leader in emerging technology and an early adopter of best practices and sustainable measures. These have attracted industry recognitions such as:
| AFE - Systems and Processes: Bronze Award ‘20 | AFE - People Development: Silver Award '20 |
| Palo Alto JAPAC Cortex Partner of the Year Award '20 | Check Point Emerging Technology Partner of the Year Award '20 |
Innovations and service offerings
We have a portfolio of Cyber Security service offerings and solutions to strengthen our capability. In the last financial year, we have made huge progress in the Cyber Next modules like Cyber Intel, Cyber Scan, Cyber Hunt, Cyber Central and have also onboarded customers to these solutions and platforms. We have strengthened our Threat Detection and Response portfolio with an additional sub-offering on ‘Ransomware Protection’.
- We have strong strategic partnerships with over 25+ global partners to help enhance and strengthen our cybersecurity solutions.
In the endeavor to serve our customers with assured digital trust, we have built several POVs and videos with the help of our highly professional SMEs.
- WiSe (Women in Security) initiative emboldens our strong belief in diversity and equal opportunity and has a core member team of over 40 women.
- Our leadership is always at the forefront to guide and support the teams. We have had over 75 leadership connect sessions to talk to the employees, understand and resolve their issues.
- We address the emerging cybersecurity landscape and defend against current and future threats with a global network of seven Cyber Defense Centers spread across EMEA, US, and APAC, and a strong set of innovation hubs and integrated platforms.
