Spotlight

Taking a holistic approach to Information Security

Security is the key issue faced by corporate houses. Mahindra Special Service Group is a leading firm which provides Corporate Risk Consulting services to several global and Indian companies writes Malabika Sarkar

Set up in 2003 to service internal requirements, Mahindra Special Services Group (MSSG) is a strategic business unit under Mahindra & Mahindra, one of the most esteemed business groups of India. The company was founded, as a practice within Mahindra Consulting with the purpose of servicing M&M needs for corporate risk management. With a vision to be the leading player in de-risking solutions for business across verticals, on 1st April 2004, MSSG was hived off from Mahindra Consulting as a separate division under Mahindra & Mahindra and since then it has been a leading player in the field of Corporate Risk Management.

Speaking about the company’s focus area Capt. Raghu Raman, CEO, Mahindra Special Services said, “Our approach has been different from others. In MSSG we always focus on the outcome of processes rather than its mere correctness. Also having the high-end military background of the founders, MSSG is successful in demonstrating the weaknesses of current system by breaking them down.”

The dependence on Information & Intelligence exchange within and without the organization is growing which increases the risk exposure of organizations. MSSG help clients De-risk strategic business processes and operations such as product innovation, critical information and communication channels. Residual risks, especially those associated with third party access to sensitive information, are also identified and addressed.

MSSG was chosen as the InfoSec partner to a major FMCG company in 2003. From then onwards, it has grown and has done over 180 projects of varying sizes ranging from handling the corporate risk assignments of major conglomerates down to quick assessments of third parties. On this Raman said, “We believe our greatest value add is our ability to make the change stick into the DNA of the client company. It’s not about writing tomes of process documents, but about making those processes happen. Our clients believe we make the rubber meet the road.”

Handling some of the major projects with eminent brands like the Kotak Group, Hindustan Construction, Parle and Godrej, it works with major banks in the country. MSSG’s clients range from FMCG / Banks / retail / Manufacturing / BPO etc. The engagement is usually at the CXO level.

Talking about the various areas of working, MSSG has six major service offerings.

• Information Security Management System: The need to protect information assets is becoming a top management priority. The protection is necessary to keep the competitive advantage in the challenging market place. If an organization does not take structured steps to safeguard itself, the consequent losses could result in substantial damages in revenue, brand erosion and even legal culpability. Information needs to be protected across its life cycle and must be protected from unauthorized access, changes and non-availability. MSSG help organizations reduce risk and enhance competitive advantage by protecting their information assets and providing positive assurance on governance. It focuses on ‘Human Centric Approach’.
• Services offered:
• Current State Assessment (Discovery Assessment)
• Framework design, implementation & sustenance
• Business Continuity
• Continuous Audit and Monitoring
• Technical Advisory Services: Technology Advisory Services provides enterprises real time monitoring of their core communication infrastructure for proactive remediation of cyber threats. It enables enterprises to concentrate on their core business and provides a complete enterprise security solution. The Proactive security solutions are augmented by managed internal and external protection services
• Services:
• Assess state of IT security
• Develop IT security road map
• Supervise implementation of security projects
• Monitor IT Security on an ongoing basis
• Physical Security Advisory: It manages the risk of internal and external physical threats and provides security cover to fixed assets and personnel.
• Services:
• Physical security advisories for building and installations
• Advisory and liaison for insertion and ops in sensitive areas
• Close protection plans and advisories for key personnel
• Electronic counter surveillance
• Investigating code of business practices (COBP) violations
• Provide crisis management advice

• Change Management: Protection of organizational information is a daunting task. Despite increased spends on Information Security programs, corporate lose billions of dollar each year because of information leakages. Organizations seeking to improve their InfoSec Risk Posture face the challenge of training hundreds and sometimes thousands of employees. Training needs to be absorbing, useful and above all flexible. The challenges should be overcome within reasonable and measurable return on investments.
• Services:
• Develop and implement Corporate Risk Management Program
• Implement instructor led sessions
• Develop and deploy risk education tools
• Manage Information Security Awareness campaigns
• Governance Directorate: Implementing a Governance directorate to monitor and facilitate governance norms as decided by the management. Providing fast track redressal capability to management and providing capability on unbiased investigations.
• Services:
• Setting up and manning the Governance Directorate
• Developing and disseminating the COBP
• Conducting Ethical Dilemma workshop
• Investigations of governance violations
• Third Party Assessments: It manages risk of third party and assists them in improving their standards.
• Services:
• Inventorying and classifying Third Parties
• Developing the Risk Matrix
• Developing Controls& Positive Assurance Program
• Deployment of a Roaming Team

MSSG has its headquarters in Mumbai. Apart from that they have their offices in Delhi and Bengaluru. Chennai and Hyderabad market is operated from the Bengaluru office. The current employment strength of the company is 75 and is growing speedily. Talking about the work atmosphere for employees, growth opportunities and hierarchy structure Raman said, “The atmosphere is one where people are driven hard, but given extraordinary empowerment. Employees are trained to think like entrepreneurs and project CEOs. Employees are hired from varied backgrounds and more than 25% of our staff is drawn from defense forces. We also hire management graduates, engineers, process consultants and change management specialists.”

MSSG’s USP

Mahindra Special Services Group evaluates the information security posture, identifies the critical gaps and makes aware of their possible impact on the business in a professional and unique manner. This helps the client to embark on a journey to address Information Security holistically and enduringly all across the organization.

MSSG is committed towards its customer and are capable and effective in an international culture with high standards of quality. “We help our clients sustain and enhance their competitive advantage. We strive to secure our clients from risks known as well as the unknown. Our consultants mitigate these risks by implementing sustainable frameworks based on the buy-in of stakeholders before development and implementation of policy controls. This has been ratified by our clients who have chosen us over policy based frameworks,” expressed Raman.

In a recent survey conducted by MSSG among top corporate executives to assess the overall state of corporate security in India, physical risk and competitive intelligence were also in focus. According to the key findings of the survey, business executives in India are catching up with their global counterparts in recognizing and expressing concerns about the growing threats from corporate security breaches. The majority has planned to make corporate security risk management an integral part of their business.

Asked about, how important is Corporate Security Management for the Indian market, Raman replied, “Until now, surveys have looked at the global landscape and tried to draw lessons for the Indian companies. We have always advocated that the Indian panorama needs different treatment, and hence this attempt to understand the risks that are unique to our operating environment.”

With an aim to be one of the most admired firms operating from India, MSSG is focusing on the SME segment on a large scale, keeping in mind their passion about protecting Information Security Management. The most challenging role lies ahead which is to demonstrate and educate organizations about Information Security and the advantages of its implementation. The core values for MSSG are to deliver the promise, integrity and respect for the individual.

malabika.sarkar@expressindia.com