Copyright © 2005 - 2019 IDG Media Private Ltd. All rights reserved.

Reproduction in whole or in part in any form or medium without express written permission of IDG Media Pvt. Ltd. is prohibited.

KUSHAL JADHAV

AWARDS WON

CSO100 Award 2019

Kushal Jadhav is currently the chief manage and CISO of Aditya Birla Sun Life Insurance. Jadhav has over a decade of diversified experience in governance, IT risk management, information security and business continuity. He has worked extensively in BFSI domain and driving governance and enterprise wide projects in complex environments.

KEY SECURITY INITIATIVES

Multiple vulnerabilities in applications developed and overtime increased the risk exposure due to growing digital footprint. Only checkpoint that Aditya Birla Sun Life Insurance had as a toll gate process was security testing before application went live. Moreover this also caused delays due to discovery of vulnerabilities at the last minute. Manual tracking of vulnerabilities required effort, prone to errors dependent on the team to perform assessments. As a solution the organization created an end-to-end application security lifecycle (ASLC) framework. This empowered IT to develop secure applications without much dependency on the information security team. Key functions implemented were technical vulnerability management solution, a detailed guideline on secure coding for various tiers, use of open source and free tools for architecture review and threat modelling. Some of the benefits the organized leveraged were development of secure application during the coding stage itself resulting in very few vulnerabilities discovered in manual or penetration testing automated real-time; tracking of vulnerabilities and continuous monitoring of assets for vulnerabilities; enabling IT teams to track performance by vendor managed assets empowering IT to conduct scans, manage vulnerabilities and provide closure continuous workbench to test applications in development lifecycle to find vulnerabilities and rectify at source ensuring no last minute surprises and improving time-to-market of final applications