Case Study
The client is a leading global provider of a broad spectrum of financial services. They were facing security challenges owing to high-risk security posture caused by inadequate cloud security controls and inefficient security processes.
They engaged with Infosys to conduct a cloud security control assessment and remediate a high severity audit finding.
Infosys identified inherent risks and the false positive cases to efficiently assess the cloud security controls. We further provided a detailed report highlighting the level of risk in their current partner landscape and remediation roadmap .
Key Challenges
- Absence of security control assessment for third-party services involving cloud footprint, leaving the company vulnerable to potential attacks and subsequent financial fines
- Lack of evidence to conduct the cloud control assessment leading to inaccurate reporting
- Limited baseline data causing delay in closing the assessment process within statutory timeline
Ready to experience?
Talk To ExpertsThe Solution
Empowered security defenses with a secure cloud foundation
Analyzed the inherent risk dashboard for third-party services and identified false positives for accurate reporting
Identified adequate security control requirements for different third-party services based on criticality of business function and data classification
Identified gaps in the vendor’s response vis-à-vis available evidence to analyze deficiencies in security control requirements
Performed deep analysis of services lacking cloud footprint and prepared a false positive report with appropriate evidence
Provided guidance on vendor risk management specific procedures and templates as per client requirement helping them smoothly onboard the new cloud vendor
Performed detailed evaluation of data disposal for third-party services to ensure compliance with NIST standard 800-88 policies and mandates
Benefits
Elevating the cloud security posture with tailored assessment solutions
Reduced the audit severity of risks to third-party services by delivering agreed assessment within stringent timelines
Identified 37 non-adequate and 101 partially adequate security control services to help client determine the level of risk associated with third-party services
Enhanced the security assessment process by identifying 75+ false positives
Request for services
Find out more about how we can help your organization navigate its next. Let us know your areas of interest so that we can serve you better.
