- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
With about a million customers, ICICI Bank manages close to Rs 50,000 crore (US$10.8 billion) in assets. A lot of that money is processed by about 550 bank applications that both its customers and about 10,000 of the bank's employees use. However, it was not always clear how open to vulnerabilities these applications were. It was not a state of affairs, the bank wanted to continue. "The bank wanted a high level of assurance for all its applications," says Pravir Vohra, Group CTO, ICICI Bank, "Within 18 months."
Highlights
-- The framework prioritized applications for various levels of testing and the workflow coordinated 300 security tests and their re-tests.
-- The project cost Rs 45 lakh but ensures that the bank's applications are more reliable from a security standpoint.
The problem is traditional application security testing takes between 10 to 15 days to do. "At that speed, it wouldn't have been possible to cover the entire bank's applications in 18 months," recalls Vohra.
He needed to get organized if his vendor was to cover all those security tests within deadline. To start off, 300 applications were shortlisted as high-priority cases. Then, to meet the 18-month deadline, Vohra and his team created a multi-pronged strategy. Crucial to their approach was a customized application risk assessment framework and a workflow.
The framework prioritized applications for various levels of testing and the workflow coordinated 300 security tests and their re-tests. Vohra says it helped reduce the lead time to start a test from three-to-six weeks to two to five days.
He also invested in an automated scanner, which cut the time wasted in doing manual testing for simpler flaws, and negotiated with his vendor for better prices given the large number of tests.
What also helped quicken the process was simpler, standardized reporting templates, which people understood and could act upon. To help manage the project, his team used a dashboard which gave executives a snapshot of the security posture of any application and showed progress.
Despite all the planning, the job wasn't easy. "Testing and fixing a wide range of application platforms was a significant technical challenge. The sheer breadth of the platforms was a huge challenge," says Vohra.
The project cost Rs 45 lakh but ensures that the bank's applications are more reliable from a security standpoint. It also reduced the cost of security testing by a third.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment