OYO beefs up cybersecurity framework with Bug Bounty Program launch

It is the age of frauds and being in the hospitality business, OYO Hotels & Homes is quite aware that periodically the company has to ramp up its efforts to improve its information security framework as well as roll-out stronger ethical hacking and bug bounty programs to encourage continuous improvement and collaboration with ethical hacking experts.

This is a development, which the OYO says is in line with its commitment towards ensuring data privacy and building a robust cybersecurity network.

According to Jagbir Singh, Engineering Manager - DevOps and InfoSec, OYO Hotels & Homes, “One of our biggest assets is the trust our customers, partners and employees place in us. We understand that trust is hard to earn and easy to lose. One key responsibility in earning this trust is protecting the data our customers and other stakeholders have with us from any unauthorized use. Our team of 1100+ world-class security, network and software engineers and external partners across multiple geographies is at work 24x7 ensuring the protection of this data, so our customers and stakeholders can rest easy.”

The Bug Bounty program that the company aims to introduce is towards ensuring that there is a credible and continuous flow of positive feedback from independent security groups and individual researchers to mitigate against any bug or shortfall in the company’s systems.

This, the company says, is in line with the established practice of recognition and reward for ethical hackers who help responsibly investigate shortfalls within the tech architecture of several tech companies including the likes of Silicon Valley giants like Facebook, Google, etc.

OYO says it has accordingly developed an improved responsible disclosure policy to encourage honest and responsible reporting of any potential risks.

Additionally, OYO has partnered with a specialized cybersecurity startup, AppSecure/Hackerhive, that connects companies and ethical hackers to help the former discover and fix security vulnerabilities and is in the process of developing a full-fledged bug bounty program.

revealing further, OYO says that its employees are trained and sensitized at every step of operations. All new joiners at OYO go through information security training as part of the New Employee Orientation. The company’s software developers and other Information Security personnel also attend a mandatory quarterly refresher since the technology in this space are dynamic and evolving very quickly. There is also an annual mandatory refresher training for all existing employees, admits OYO.

Commenting on this announcement, Anil Goel, Group Chief Technology and Product Officer, said, “We have a robust and world-class security team comprising of in-house and external experts employing best in class security techniques including virtual private networks/cloud, firewalls, intrusion prevention and detection devices (IPS and IDS), security training for all engineers, static and dynamic code analysis, regular vulnerability assessments and network penetration tests. In today’s digital world, a cyberattack is a real concern. Hence, in line with our efforts to continually improve, we are investing in ethical hacking programs as well.”

OYO also joined hands with other technology companies to address the issue of increasing online frauds and save guests from cybercrimes. Along with other companies, OYO met the Reserve Bank of India (RBI) representatives and made a joint representation on the issue that also addressed the plan on how to curb these online frauds followed by a meeting with other stakeholders in the telecom industry.

The company has said that it has a long way to go and as it continues to amplify investments in this ever-evolving space, it aims to continually improve.