Network access protection boosts physical security at Wipro

Wipro BPO and Wipro Infotech improve user identity management and compliance levels with the deployment of Microsoft Network Access Protection (NAP).

In 2008, Wipro BPO and Wipro Infotech found itself in a dilemma on the physical security front. Physical frisking of employees across its multiple locations was proving to be a tedious and time-intensive affair. Headquartered in Bangalore, Wipro BPO and Wipro Infotech has a global presence in countries such as the U.S. as well as in European geographies. To prevent unauthorized network access, it became necessary for the team to come up with an urgent measure to boost the organization's security infrastructure.

"Frisking was increasing the time of our security resources. So we started our search for a software solution which will help us eliminate physical frisking. We went to the market and evaluated a few solutions recommended by our partners," says Ashok Nayana, Wipro's general manager of technology.

Initially, the Wipro team found it difficult to convince the management. Finally, the CIO managed to explain this idea through different forums such as quarterly events.

As a result of this endeavor, Wipro BPO and Wipro Infotech recently completed the successful deployment of Network Access Protection (NAP) offered by Microsoft. The Wipro team managed to deploy this solution within one month for the 20 branch locations across India.

The Wipro team had two solutions in mind — Cisco's Network Admission Control (NAC) and Microsoft's NAP. "We evaluated these products and found that Microsoft was more suitable for our existing IT infrastructure. Apart from that, we have an enterprise license agreement with Microsoft, which is part of the entire bundled deal," says Nayana. Wipro has applications from Symantec, and Nayana says that the new Microsoft NAP is very much in line with the company's current security deployments.

The entire handholding for this project was done by Wipro's central IT team located in Bangalore — the server management team. Around two months back, a proof-of-concept was conducted, after which the team was fully convinced with the product's positive aspects. These advantages were then demonstrated to the management.

NAP deployment process started in July 2009, and the solution went live in September 2009. Initial problems popped during the NAP implementation process due to an Internet Explorer-related bug. "We had to upgrade Internet Explorer, and many of the machines did not have the updated version. We had to upgrade Internet Explorer across the organization before installing NAP. Apart from this, the machines used to hang after NAP installation. So Microsoft provided us with a patch to resolve this issue," says Nayana.

NAP deployment process started in July 2009, and the solution went live in September 2009. Initial problems popped during the NAP implementation process due to an Internet Explorer-related bug.

According to Nayana, the entire deployment was done in 15 days. However, fixing the bug took around 15 days. NAP has been deployed across Wipro BPO and Wipro Infotech offices in India and abroad. It is a mass deployment across 20 locations in India and eight foreign locations (which covers the U.S. and European locations). "The hand holding was performed by our server management team. However, the entire management and maintenance of NAP has now been taken over by our security team at a central level. We have selected project implementation guys from each location. We also conducted training centrally, which was done by Microsoft in Bangalore," says Nayana.

NAP controls network access based on a client computer's identity and its compliance with the corporate governance policy. This client-server based software solution is managed centrally using its dependence on Microsoft Active Directory for authentication. A central server and a backup server form the main constituents of its management setup. Client software installed on each endpoint checks the machine's authenticity depending on specified conditions. If a desktop or laptop does not meet the conditions, then it is quarantined.

"Earlier, we used to spend lot of money on security checks, which increased the number of resources to be hired. Also, it was pretty uncomfortable for our customers and employees. We have saved time and money after the deployment," says Nayana.

As part of Wipro's endeavor to further enhance its security levels, the in-house IT team has been providing feedback to Microsoft in order to take the NAP deployment to its next stage. "We plan to integrate biometrics with NAP. This will definitely be included within our NAP deployment's parameters," says Nayana.

Read more on Endpoint security