Microsoft helped us extend enterprise security to employees’ homes: Roman Rafiq, IGT Solutions


If you’ve tried rescheduling an airline ticket, modifying a hotel booking, or interacted with customer care support for some of the largest airlines in the world, the odds are high that an IGT Solutions employee helped you in the process.

The 24-year-old organization, which employs over 20,000 customer experience and technology specialists, provides Business Process Management (BPM) and digital services to global companies across technology and travel and hospitality industries.

“When we service clients in the airline and hospitality sector, we help in aiding millions of online bookings while dealing with sensitive personal and financial data. The biggest challenge for us is to comply with privacy regulations and data protection laws of diverse geographies which we serve,” says Roman Rafiq, vice president – global IT & security, IGT Solutions.

Since the onset of the pandemic, IGT’s responsibility became even more crucial as millions of customers began to alter their bookings. Besides disruption in travel plans, COVID-19 also fundamentally changed how and where IGT employees worked.

“With Microsoft security solutions, we were able to provide flexible work experience from home and yet ensure corporate security objectives are well met,” Rafiq adds.

Microsoft Stories India recently caught up with Roman Rafiq to understand the evolving threat landscape, the importance of identity and data protection, and the changing perceptions about security with business stakeholders.

Edited excerpts from conversation follows:

What are some of the biggest security challenges that arise while servicing industries like travel and hospitality?

The biggest opportunity in today’s environment is providing good customer experience. We also aim to provide the quickest resolutions for our end customers. While doing all this, we also ensure that data security and compliance are taken very seriously.

When we service clients in the airline and hospitality sector, we help in aiding millions of online bookings while dealing with sensitive personal and financial data. So, the biggest challenge is to comply with privacy regulations and data protection laws of diverse geographies which we serve.

At the same time, managing employee work experience and balancing productivity with security is equally important.

How does IGT Solutions overcome these challenges?

The idea of security and compliance has changed completely in the last two years since the pandemic hit us. Security has become the most essential factor for companies, not just for the board members but customers and investors as well.

We have to ensure that the data in transit and data at rest are completely secure. Additionally, there is a need to have strategic visibility of our security infrastructure and continuously work towards improving our security posture. That’s why over the last few years, our focus has been on acquiring solutions which give better cyber hygiene and visibility across identity, data, and devices across this digitally evolving ecosystem.

In the last one year, we adopted Microsoft’s security platform, which is cloud and AI powered, and we observed that it not only helped us improve our security posture, but also enhanced our customer and employee experience, which is core to our mission.

How has Microsoft helped in strengthening IGT Solutions’ security posture?

We migrated our existing infrastructure to Microsoft Azure and moved from on-premises productivity solutions to M365, which helped us address issues of enterprise risks around archival, compliance, and business continuity.

During the pandemic, we were seeking a newer security model that suits a flexible mobile workforce, and protects identity, devices, apps, and data via an agentless experience.

One of the biggest challenges during the pandemic-induced lockdown was the inability to ship machines to new employees or those who’d returned to their home cities and in some cases, even villages. We implemented Windows Virtual Desktop (WVD) to configure their personal machines with our security polices across Europe, the USA, and India. Not only that, but we also added audio telephony services on WVD for customer support very effectively.

We also deployed Microsoft Intune and Azure AD for all our employees for identity protection. With the help of Intune’s Auto Pilot feature we could enable our employees to be productive from day one. It became very easy for new employees to securely onboard new devices and apps without IT involvement and resulted in cost savings and agility across IGT’s employee onboarding experience.

Traditional perimeter-based network defense has become obsolete as now people don’t always work from office network. With the help of Microsoft’s security solutions, we embraced the Zero Trust model. This helped us assume breach security model and implement the principle of least privilege access.

We have successfully deployed Windows E5 powered by Microsoft Defender for Endpoint (EDR) across the organization. Microsoft Secure Score helps us continuously improve our security posture. Its threat hunting capability helps us take additional and proactive line of defense against malicious actors that may have breached endpoint security. We have also optimized our Security Operations Centre with the help of Automated Investigation and Response (AIR) features.

How has the role of cybersecurity leaders evolved in the last few years?

Nowadays, an organization’s security posture has an impact on new business acquisition. Today, when we receive any Request for proposal (RFP) from a new client, they first want assurance on appropriate security postures and landscape in place. The biggest advantage of investing in Microsoft’s security solutions is the sense of confidence it brings to our existing and potential clients about a robust security posture.

Another change is that after the pandemic, the management has started looking at security as an essential and critical aspect of a business.