Credit bureau firm Equifax invests $1.25 billion in cloud-first strategy

Credit bureau firm Equifax is investing over $1.25 billion in a bid to transform itself into a leader in data security, roping in cloud control, compliance and management player C3M to drive its strategy.

“Security is of paramount importance to us,” said Jamil Farshchi, Chief Information Security Officer at Equifax. A key part of Equifax’s transformation is to be cloud-first. “While some organisations are concerned about the risks the cloud presents, we believe that the cloud provides an opportunity to be even more secure than legacy on-premises environments,” Farshchi told BusinessLine.

Lynchpin of strategy

Equifax sees C3M as the lynchpin of its cloud security strategy, as it provides it with the ability to monitor and secure all of its cloud assets in real time, all the time (something that is not possible in traditional on-premise environments). As a result, Equifax is able to ensure that its portfolio of controls — over 100 specific controls — are in place and operating effectively. In addition, C3M provides it with the ability to automatically remediate control weaknesses.

“So, for example, if a developer misconfigures a cloud instance by not implementing firewall rules, C3M will automatically detect, alert or disallow this from happening at all, which significantly reduces the risk of a security issue,” Farshchi said.

Greater visibility, accuracy

Farshchi disagreed with the view that when transitioning assets/operations to the cloud, organisations could lose visibility and control over those assets/operations. Traditional security controls may not work in certain cloud environments, but if cloud implementations are done correctly, organisations will actually have far more visibility into assets and operations, he said. With technologies like C3M coupled with standardised processes, organisations will have greater visibility, data accuracy and control over their environments than they do in traditional environments.

Responding to another question, he said low-cost services of cloud products don’t directly translate into greater risk. “By leveraging the right controls, processes and technologies, as we do at Equifax, organisations can manage these risks by establishing appropriate visibility and guard rails to detect and eliminate unauthorised usage. It is my belief that by leveraging security tools like C3M — tools that are easy to implement, intuitive to use, and transparent to the end-user — organisations can reduce the security constraints that are typically imposed on end-users, which then encourages them to follow standard processes because it’s easier to do the right thing vs finding insecure workarounds like shadow IT to get their work done,” Farshchi added.

Traction in US, UK markets

Kochi-based Aswin Unnikrishnan, Head - Operations, C3M, said the US entity of C3M was set up in late 2018 and the Indian entity in early 2019. All its operations and development happen from its offices in Kochi and Bengaluru. “We are a team of about 25 at the moment. What sets us apart from a regular start-up is that we are fully boot-strapped,” Unnikrishnan told BusinessLine.

For a product that is little over a year old, the Cloud Control platform has seen great traction in the US and UK markets, he added. Equifax is one of the early adopters of the platform. “They came onboard when the product was still in its initial stages. Today, we are in talks with several of the Fortune-1000 companies across industries, including some of the biggest in the world to help them secure their cloud journey,” said Unnikrishnan.