Our security consulting services span business and technical needs. We can tailor our delivery and recommendations based on your target audience and specific requirements.
Defining Policies & Controls
With SOX, HIPAA, PCI, and other industry regulations being enforced, it is mandatory for organizations to secure their IT environment and implement controls to ensure that only valid users have access to their resources. We work with you on defining controls around:
User requests to access Data (at rest, in motion) managed by Applications( internal, third party, mobile...) hosted on an Infrastructure ( networks, data centers, cloud, mobile...)
While using security best practices as a guideline, the risks we identify and the priorities we assign to them align with your specific area of business. Once we have reviewed and analyzed your environment, using available documents, interviews with staff and hands on assessments of technical controls we prioritize our findings, and provide recommendations, for addressing them both in the short and longer term.
Our health check services are typically centered around solution deployments you might currently have in place. We are very pragmatic about our findings, and focus on your business drivers and priorities as opposed to simply identifying standard areas for improvement. We can also review source code from a performance and exception handling perspective.
Business Process Modeling and Architectural Design
Security solutions are only as good as the standards, business policies and processes that they are built around. Our consultants bring a wealth of experience and technical know-how to the table. They can facilitate or drive discussions within all levels of your organization to help define a clear set of policies and processes that can be then be implemented using appropriate tools and technologies.
Identity & Access Management
The importance of identity and access management has dramatically increased in recent years. Our services in this area include:
User Friendly Identity & Access Management (IAM)
We offer end to end solutions that administer and manage identities and accesses for employees, consultants, customers/consumers, vendors and suppliers.
If your users are familiar with a service delivery process and interface, you probably want to use the same forfulfilling their identity and access requests. We recognize this and offer end to end solutions that integrate IAM technologies with service offerings from vendors like ServiceNow. IAM solutions are still used under the covers for request completion, with appropriate security controls enforced. We specialize in designing and , configuringout-of-the-box solutions as well as developing customized solutions.
We offer end to end single or simplified sign on (SSO) solutions for users managed through your internal identity solutions as well as for federated identities from within the Cloud. We specialize in integration of multiple authentication schemes using biometrics, OAuth, SAML, physical and soft tokens, RFIDs etc.
Role Management and Governance
Role or attribute based access controls simplify policy based authorization and assurance. We offer end to end services that encompass role definition, role management, periodic certification of accesses and ongoing governance.
Reporting and Analysis
The ability to audit identity and access related functions ensures that you can identify anomalies easily in the event of a breach or security event. We offer services for design and implementation of manageable reporting and analysis features, that can support the constantly changing threat landscape.
Application & Data Security
Ensuring application and data security in today's environment, which typically spans internal networks, the cloud and everything in between, is challenging. We offer services to:
Periodically (or one time) scan deployed applications, or application code, identify vulnerabilities and provide recommendations for remediation. Scanning can be performed either locally on your servers, or remotely from our location.
Implement libraries that abstract security complexities of underlying technologies, and the constantly changing threat landscape from application developers.
Develop guidelines that can be used by your organization when working with third parties and managed service providers to ensure that security controls are put in place based on your standards and policies.
Applications and data can be hosted anywhere --> on the internal network , in the DMZ, in data centers, in the cloud etc.The key challenge here is that security controls may differ from one environment to the next.
We provide services to help you define controls, settings, permissions, policies such that a homogenous security posture can be implemented across the distributed landscape.
Security Intelligence & Analytics
In today's distributed environment, where fuzzy boundaries are the norm, it is more important than ever to monitor who is accessing what and from where.
Once monitoring controls are in place, the next challenge is to collate all the data collected and perform analysis on it, to reduce noise, and identify anomalous patterns that require further review. For example a user accessing a system regularly between 9:00 a.m and 5:00 p.m PST, suddenly attempts to sign on at 3:00 a.m PST from an unregistered device and unrecognized location.
We offer services around automated security event collection, policy definition, risk analysis and proactive as well as reactive incident management.