Zero Trust framework, security operations simplicity, and 30% infrastructure cost savings for LOLC Holdings PLC

LOLC Holdings PLC (LOLC), Sri Lanka’s most profitable, multinational conglomerate has established its presence in Asia, Africa and Australia as a leading player in the international, micro, small & medium enterprises (MSME) sector.

The group is broadly diversified across Financial Services, Plantations, Leisure, Digital and Information Technologies, Advanced Technologies, Manufacturing and Trading, Strategic Investments, Constructions and Mining.

LOLC today, is the largest multi-currency and multi-geographic, inclusive finance platform in the world, backed by innovative advanced technologies. The conglomerate has its presence in Singapore, Sri Lanka, Cambodia, Myanmar, Indonesia, Philippines, Pakistan, Zambia, Zimbabwe, Nigeria, Tanzania, Malawi, Egypt, Kenya, Sierra Leone, Tajikistan, Kyrgyzstan, Maldives, Mauritius, UAE, Ghana, Congo and Australia.

Prasanna Siriwardana, Chief Information Officer (CIO), LOLC Holdings PLC, says, “The pandemic accelerated our need to focus on work from home (WFH) efficiencies and close any gaps with respect to security. This meant adapting our IT security measures to address new threats and remedying possible problem areas”.

Parakum Pathirana, Chief Information Security Officer (CISO), LOLC Holdings PLC adds to this as he recalls the enduring relationship the company has had with Palo Alto Networks over the last 12 years. “The journey with Palo Alto Networks began when the company saw a rapid expansion of its business and began migrating all its business applications to major cloud service providers”, says Parakum. LOLC has opted for several solutions from the Palo Alto Networks portfolio. “We pride ourselves on being amongst the first to adopt a social-first, mobile-first, analytics-first, and cloud-first organization, and this forward-thinking held us in good stead when the pandemic hit. We were the only organization in Sri Lanka that could run our call center from remote locations the next day with zero downtime,” he explains.

As a leading global conglomerate with businesses across varied sectors, LOLC needed to comply with multiple regulations, especially in the areas of finance, research, and innovation. When the company opted for perimeter firewalls, next-generation firewalls (NGFWs) were merely a buzzword, but the LOLC Tech team has ensured that they stay ahead of the game regarding IT security. With 345-plus IT staff based out of Colombo, Sri Lanka, all IT and security requirements are centralized.

There were several challenges that the LOLC Tech team had to overcome. The pandemic compelled users to connect from remote locations in different parts of the country through unverified connections. Prasanna elaborates, “As with all business leaders, with the new normal settling in, it was clear that our team at LOLC needed to explore ways to leverage the latest technologies to ensure operational excellence. This meant the continuous optimization of the IT operations in terms of quality, speed and security, while also looking to reduce infrastructure costs”. To add to this, LOLC often acquires smaller companies with legacy security solutions. “With smaller organizations, security and connectivity are often overlooked, and onboarding new companies means constant standardization efforts by our team,” he explains.

Another challenge the LOLC team faced was setting up new branches for their numerous business units, which translated to significant infrastructure costs and time and resource-intensive efforts. Filtering traffic based on applications was also cumbersome as the operational team needed to move IP tunnels in the data center.

LOLC wanted to take steps to strengthen LOLC’s security fabric for their on-premises data centers as well as the mobile workforce and cloud applications. The end goal was to have all the security sensors log incidents into one common data lake to stitch critical incidents together, automate response, and move the business ahead more rapidly.

LOLC was looking for a security partner who could help them achieve the following:

• Unified security policy with Zero Trust Framework
• Enterprise security: perimeter security, mobile workforce secure access, cloud security, application security, and IT and server protection
• Regulatory compliance
• Roadmap for an autonomous SOC

Bearing in mind that Palo Alto Networks is an industry leader, as they released new complementary security solutions via a single platform, LOLC saw the benefits of integration and automation to build on the existing base. Prasanna elaborates, “In my opinion, Palo Alto Networks offers solutions aligned to customer requirements, and it is advantageous that these solutions are available under the same umbrella. Most competitors provide only a part of the solution, forcing customers to opt for multiple solutions from multiple vendors. We have now reduced this to fewer products from one vendor.”

So far, LOLC has opted for NGFW for enterprise perimeter security, Prisma Access for mobile workforce secure access, Prisma Cloud for Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), and Cortex XDR for endpoint protection.

Previously, every time a business unit wanted to set up a physical branch, the company incurred substantial expenses arising from rental and infrastructure costs to even productivity losses while waiting for services to be fully functional. With Prisma Access, LOLC had realized cost savings of 30 percent during the setting up of a new branch.

Increased visibility allows ease of monitoring

With a cloud-technology focus, LOLC was ahead in the game and could cope with the challenge of remote work on account of the pandemic. After deploying Prisma Cloud, visibility and monitoring of multi-cloud environments is no longer a challenge. In addition, they have complete visibility into their security posture and compliance frameworks.

Simplifying mergers and acquisitions

With the acquisition of smaller companies—who usually deploy legacy security solutions and have weaker security controls—it was difficult to integrate users and the network securely previously. With the Palo Alto Networks security platform, LOLC does not need to invest in new NGFWs and infrastructure nor worry about compliance.

Flexibility for all users

With Prisma Access, LOLC can connect users from any network, anytime, and from anywhere, increasing user flexibility. The company has also benefited from a consistent user experience regardless of location.