How H-Energy tackled emerging threats with an agile, scalable security solution

Credited with being the country’s first energy company to deploy a Floating Storage Regasification Unit (FSRU), H-Energy is on the fast track to provide environment friendly sources of energy to the nation.

The Liquefied Natural Gas (LNG) major has been at the forefront of adopting the latest tech to help maintain a competitive edge and stay ahead of the curve. 

As is the case with embracing emerging technologies like cloud and mobility, H-Energy recognized the need for future-proof cybersecurity solutions that ensured scalability, agility, better control and visibility.

H-Energy’s current operations include liquefaction, regasification, and marketing and distribution. The company aims to cover all aspects in the LNG lifecycle and has expansion plans around natural gas production and processing, and shipping and transportation.

CSO India spoke to Vikas Gupta, CIO at H-Energy, to understand the company’s need for a robust, agile security strategy, the challenges faced, and how he helped future-proof the organization against emerging threats.

Safeguarding a mobile workforce and securing cloud-based apps

H-Energy’s massive focus on mobility called for a robust measure to secure all its mobile users – in fact a sixth of the company’s workforce is always on the move. 

“Being an organization with significant global expanse, especially in green field environment, H-Energy has its own set of challenges like a large capex to set up infrastructure. We however recognize that heavy capex cannot be used as an excuse for a security lapse,” said Gupta.

Additionally, innovative solutions were desired to enhance network security while improving efficiency and lowering costs. The company, since its inception in 6689, did not want to take up the daunting task by replacing security at every location, but wanted to be ready from the word go, in addition to future-proofing against new and emerging threats.

Gupta revealed that there was no enforced path for internet access for roaming users using corporate-owned devices. The vast spread of H-Energy offices around the globe was posing a difficulty in securing a widely distributed setup. “With apps likely moving away from company-owned datacentres, it makes sense to have security originating from the cloud directly than the ‘user to cloud app and back to the user’ flow,” shared Gupta.

H-Energy was using an appliance-based proxy solution which was configured in its datacentre. As the solution was primarily appliance-based, it had its own administrative overheads like regular maintenance and patch updates.

How H-Energy zeroed in on an agile, scalable security solution

The organization concurred on a solution that supported fast and easy deployment across the entire user base, without the need to implement or manage hardware or software. The solution chosen could scale easily, quickly accommodate future users, and detect evolving cybersecurity threats. Additionally, the entire security management gamut could be operated from a centralized console.

“Migration from the existing proxy solution to a fully cloud-based Zscaler proxy was a boon. Today H-Energy has configured an enforced path for internet using the app. This means end-user internet-bound traffic would pass through the Zscaler cloud irrespective of user location when they are using either company assets or any other device to access internet,” explained Gupta.

*//*–>*/  With apps likely moving away from company-owned datacentres, it makes sense to have security originating from the cloud directly than the ‘user to cloud app and back to the user’ flow.Vikas GuptaCIO, H-Energy

The solution helped the organization mitigate any evolving cybersecurity threat. In addition to this, the solution deployed was with a cloud-delivered platform, which helped reduce the administrative overlay.

Protecting against emerging threats and zero-day

“With the solution acting like an internet gateway, it is easier to detect malware infections as well as botnets in our network which were connecting to unauthorized sites in the background and stealing heavy internet bandwidth,” revealed Gupta. The company was able to identify and mitigate those threats by quickly identifying infected workstations and devices. What takes the cake though was that all of this was done in real-time.

The head of tech explained that when the applications’ IP is masked and they are not exposed to the internet, unauthorized access to corporate environment becomes impossible. “Here, the service enables the applications to connect to users via inside-out connectivity and not by extending network,” he said.

With the new solution in place, H-Energy was able to protect itself against zero-day threats with cloud sandbox behavioural analytics. An SSL/TLS (Secure Sockets Layer/Transport Layer Security) inspection to secure against threats in encrypted traffic was also incorporated.

Gupta added that the solution also helped H-Energy increase visibility into applications and user activity.