CSO100 Award 2019

Biju John is the Senior General Manager at Wockhardt. He joined the company in 2013 as a Deputy General Manager, and has been with Wockhardt for close to six years now. Prior to his stint at Wockhardt, he worked at Tata Consulting Engineers.


At Wockhardt, Sr. General Manager Biju John shared that different teams managed its IT systems, networking systems and security controls with privilege access. However, as the company assessed the risk of internal and external attacks attributed to privilege accounts, it took the task of strong policy enforcements quite some time back. Wockhardt recognized that privileged passwords needed to be stored in encrypted format, but they were generally stored in excel sheets. To overcome this challenge, the healthcare major implemented a Privilege Account Management (PAM) solution. The PAM solution provided a rule and role-based restricted privileged access to target systems. The privileged access was granted only on a 'need-to-know' and 'need-to-do' basis - the foundation for a robust identity and access control management. Secondly, the critical system password management was moved from admins to the PAM solution. All critical system passwords are changed every day, which means an attacker has only 24 hours to crack the 24-character random password. A complex 12-charater password takes two centuries to crack. The PAM stores all the passwords in an electronic vault, which is AES 256-encrypted, making it impossible to crack. Additionally, multifactor authentication was also implemented, which makes sure that even if the attacker compromises the first level of password, he cannot move further into the system. The Security team can carry out session monitoring and detect suspicious activities in real time.