Strengthened the cloud security posture of a leading European investment firm through comprehensive risk assessments

The client is a leading global provider of a broad spectrum of financial services. They were facing security challenges owing to high-risk security posture caused by inadequate cloud security controls and inefficient security processes.

They engaged with Infosys to conduct a cloud security control assessment and remediate a high severity audit finding.

Infosys identified inherent risks and the false positive cases to efficiently assess the cloud security controls. We further provided a detailed report highlighting the level of risk in their current partner landscape and remediation roadmap .

Key Challenges

Absence of security control assessment for third-party services involving cloud footprint, leaving the company vulnerable to potential attacks and subsequent financial fines
Lack of evidence to conduct the cloud control assessment leading to inaccurate reporting
Limited baseline data causing delay in closing the assessment process within statutory timeline

Talk To Experts

The Solution

Empowered security defenses with a secure cloud foundation

Analyzed the inherent risk dashboard for third-party services and identified false positives for accurate reporting
Identified adequate security control requirements for different third-party services based on criticality of business function and data classification
Identified gaps in the vendor’s response vis-à-vis available evidence to analyze deficiencies in security control requirements
Performed deep analysis of services lacking cloud footprint and prepared a false positive report with appropriate evidence
Provided guidance on vendor risk management specific procedures and templates as per client requirement helping them smoothly onboard the new cloud vendor
Performed detailed evaluation of data disposal for third-party services to ensure compliance with NIST standard 800-88 policies and mandates

Benefits

Elevating the cloud security posture with tailored assessment solutions

Reduced the audit severity of risks to third-party services by delivering agreed assessment within stringent timelines

Identified 37 non-adequate and 101 partially adequate security control services to help client determine the level of risk associated with third-party services

Enhanced the security assessment process by identifying 75+ false positives

Experience

Insight

Innovate

Accelerate

Assure

Application Development and Maintenance

Business Process Management

Consulting Services

Incubating Emerging Offerings

Strengthened the cloud security posture of a leading European investment firm through comprehensive risk assessments

The Solution

Benefits

Elevating the cloud security posture with tailored assessment solutions