Tech Mahindra offers innovative and customer-centric digital experiences, enabling enterprises, associates, and the society to Rise. A USD 5.2 billion organization with 121,900+ professionals across 90 countries helping 997 global customers, including Fortune 500 companies, Tech Mahindra is focused on leveraging next-generation technologies including 5G, Blockchain, Cybersecurity, Artificial Intelligence, and more, to enable end to end digital transformation for global customers. Tech Mahindra is one of the fastest-growing brands and amongst the top 15 IT service providers globally. Tech Mahindra has consistently emerged as a leader in sustainability and is recognized amongst the ‘2021 Global 100 Most sustainable corporations in the World’ by Corporate Knights.
Tech Mahindra is part of the Mahindra Group, a USD 19.4 billion federation of companies that enables people to rise through innovative mobility solutions, driving rural prosperity, enhancing urban living, nurturing new businesses, and fostering communities. The Mahindra Group enjoys a leadership position in utility vehicles, information technology, financial services, and vacation ownership in India and is the world’s largest tractor company by volume. It also enjoys a strong presence in renewable energy, agribusiness, logistics, and real estate development. Headquartered in India, Mahindra employs over 2,56,000 people across 100 countries.
When providing services integrated with a business’s core operations, the exchange of confidential and sensitive customer data is necessary. Tech Mahindra takes this responsibility very seriously and has established a dedicated Information Security Group divided into multiple functions led by their CISO.
In 2019, led by the CISO, the team looked for an effective solution for identifying potential issues that could lead to a data breach or other security issues within their large and complex ecosystem and further strengthen the overall IT security. They investigated multiple solutions before finally settling with UpGuard.
Almost a year later, powered by UpGuard, they have further improved to a more robust security posture. UpGuard’s solutions help them continuously monitor their external ecosystem for data breach vulnerabilities and throughout their vendor network.
Like any large service organization, Tech Mahindra has multiple internal applications created and managed by the CIO & project teams. Because these applications would often be published online, it was essential to ensure their security and mitigate the possibilities of data breaches.
Before UpGuard, all security-related reconciliation activities and inter-team collaboration were partly done manually. Though already being done as a process, multiple teams participated in the risk management audits from a spreadsheet and semi-automated checklist. Managing vendor risk was also another task that required dedicated people efforts.
Primarily, the information security team at Tech Mahindra wanted to have the ability to identify and respond swiftly to any cybersecurity risks. The requirements were divided into two categories:
- Depth of the solution: The ideal solution needed to identify risks from servers, anything techmahindra.com related, and specific IP addresses.
- Breadth of the solution: Domain discovery and open port analysis.
- Speed of the solution: The ideal solution needed to identify risks ASAP.
- Scalable - The ideal solution needed to scale alongside a growing business rapidly.
- Methodology - The ideal solution needed to alert the team of any data breach risks and suggest efficient remediation processes.
- Pricing - The ideal solution needed to have competitive pricing.
A trial run demonstrated how UpGuard could meet all of Tech Mahindra’s specified requirements considering UpGuard’s superior vulnerability scan results which led to a partnership with UpGuard to defend their end-to-end ecosystem.
UpGuard empowered Tech Mahindra to automate their risk management program by further:
The risk management program was made simple with UpGuard. Initial scanning instantly surfaced all security risks before go-live, and their associated remediation processes kicked in. This kept Tech Mahindra’s resolution efforts highly efficient, with the team prioritizing and addressing security risks. Any unauthorized or shadow IT assets could also quickly be identified and taken down using the real-time scans from UpGuard.
To assess each vendor’s security posture, Tech Mahindra scans their vendors’ primary website in the Upguard Vendor Risk solution. Any vulnerabilities identified are highlighted, and the vendors with low-security scores would be required to remediate the same and complete security risk assessment questionnaires (mostly ISO 27001) tailored by UpGuard to scrutinize their security posture.
It becomes easy to monitor hundreds of vendors on the UpGuard platform with instant email notifications if the vendor’s score drops below the threshold set based on risk or business. Details related to the risk enable having a targeted conversation with the affected vendors.
UpGuard’s scan results provoked constructive conversations between team members about the root causes, leading them to review and further tighten internal processes. It was easy using UpGuard to assign to team members or technology owners by inviting them to the UpGuard platform through its remediation feature.
UpGuard has assisted in streamlining Tech Mahindra’s security processes and is also empowering new security offerings. With the resulting increase in operational efficiency, Tech Mahindra is positioned for impressive, and most importantly, secure growth.