Security & Resilience
- Identity & Access Management (IAM)
- Data Loss Prevention (DLP)/ Information Leakage
- Security Incident Event Management (SIEM)
- Securing the Extended Enterprise
- Technology Resilience
IAM helps clients to address risks and improve the efficiency of access management in large and/or complex environments.
Why is it an issue?
- In FS organisations, IAM solutions are implemented to address recurring access management issues and audit/control points
- Regulatory requirements require demonstrable access management capabilities to be in place through access certification solutions and services
- To improve efficiency and controls – automated provisioning and reduced sign-on can result in increased efficiency, increased control and increased business satisfaction
Our solutions cover all components of IAM including:
- Access governance – implementation of a business-friendly control framework that consistently enforces policy across HR processes and IT infrastructure and application access
- Enterprise identity – provision of a framework for access control and user administration that is integrated with HR joiner, mover, leaver processes with a single mechanism for requesting access
- Customer identity - enable a streamlined customer registration process and risk-based security framework across all products and services with seamless network access for corporate customers
- Information rights management - gain control of digital information by securing and tracking where it is stored and how it is used
- Cloud identity services - provide a seamless user experience by integrating cloud-based services with internal access control through federation. Reduce helpdesk costs by automating user provisioning and password management
- Privileged access management - separate high-privileged capabilities from regular user capabilities. Implement privilege user access management solution to audit access to administrative accounts.
- Reduced sign-on
High profile data loss and leakage due to security breaches have created intense publicity and significant regulatory action against the organisations responsible. High-profile losses have affected many private and public sector organisations, but data loss incidents are still common. The most common forms of information leakage incidents are still unprotected data downloaded to removable media (USB/CD drives) and sent via email.
Why is it an issue?
- Organisations need to comply with a range of legislation and regulations including the Data Protection Act, Financial Services and Markets Act (FSMA) and PCI DSS.
- There is cost to getting it wrong, the biggest of which is likely to be reputational and a loss of confidence from your customers, clients and suppliers. As well as fines, there are also wider financial implications such as:
- Breaches cost UK companies an average of £1.73 million or £60 per record (Ponemon Institute 2008 annual study: UK cost of a data breach)
- It is estimated that over 70% of all cases are due to insider negligence
- A DLP assessment quantifies the amount and type of data that is being mishandled and helps to inform and quantify remediation activity
- A DLP implementation allows continual assessment, alerting and blocking of data movement and transfer actions that violate defined policies.
To make effective and informed decisions, organisations need to be able to harness, process and make sense of potentially thousands of non-stop information feeds across a vast global technology estate.
SIEM supports compliance with control requirements for effective incident detection via log monitoring (e.g. SOX and PCI DSS) by increasing the visibility of security threats through the aggregation and correlation of disparate information sources. Implementation of an SIEM system allows reduced security operating costs through automation of existing manual compliance checks.
Why is it a key issue for organisations?
- Mergers – it provides a technology integration/overlay of security operations processes and supporting technologies
- Insider threat monitoring – monitoring administrator and privileged user activity
- Application monitoring – who is accessing potentially sensitive data within applications
- Business integration – joining from IAM directories and other sources to alert against access violations/attempts.
- We can provide an assessment of your current log monitoring
- We are able to advise on product selection
- Design, build and deploy your SIEM system
- Developing business processes and associated roles and responsibilities to help ensure effective use of your SIEM system
- Providing training and awareness to help your staff understand how to use the SIEM system
Organisations are typically highly reliant on third parties to bring cost savings, improved agility and a high quality of service to their customers. As a result, sensitive information and resources become shared and held externally. The organisation must rely on the controls of the third party in order to protect these assets.
Organisations are typically held accountable for data losses within their third party providers. They therefore need to understand which third parties hold their information, what sensitive information is held, and if the controls implemented are sufficient to protect their information.
Why is it an issue?
- The FSA and the Information Commissioners Office (ICO) both expect organisations to ensure their third parties securely protect customer/employee data and to implement controls covering the aspects of people, process and technology
- There is cost to getting it wrong – from fines, time incurred in responding to regulatory investigations, and reputational implications
- Given the thousands of third party relationships large organisations typically have, it is a complex and time consuming problem which presents budgetary and resourcing challenges for organisations in managing efficiently.
Our extended enterprise security services help clients to:
- Review, categorise and prioritise their supplier base in order to determine what type of security assessments are required for each supplier
- Understand contract issues (e.g. is the contract silent on security, is there a right of audit, are responsibilities for co-sourced services clearly defined etc.)
- Execute supplier assessments ranging from Control Self Assessments (CSA), short 1-2 day assessments through to deep risk assessment covering multiple days/weeks
- Gain insights into third parties attitudes and practices
- Help establish clear accountability and governance (e.g. the allocation of roles and responsibilities between the organisation and third parties providing co-source services is particularly critical)
- Understand the residual risk in suppliers, make decisions and prioritise mitigating actions
- Track issues and risk management activities
- Understand how their activities compare to their peers and industry best practice in this area.
Most organisations are struggling to improve or maintain the resilience of their critical technology infrastructure and applications. Increasing complexity and data volumes continue to challenge availability and recovery capability. Many organisations still fail to get the basics right, whilst others strive to improve both the speed and confidence in their recovery process should the worst happen. If IT is critical to your business then technology resilience should be a top priority.
Financial services institutions are increasingly being held to account for technology failures by their regulator, particularly where this impacts payments, customers or market participation. They therefore need to be confident that their most critical systems and dependencies are resilient, that the management processes over these systems are robust and that they can respond and recover quickly in the event of a failure.
Why is it an issue?
- Increased system complexity and data volumes challenge resilience and recovery capabilities
- Designing and implementing near zero system failure and zero data loss strategies requires careful balancing of availability, resilience and recovery solutions
- Organisations are not necessarily able to conduct adequate fail-over tests to prove resilience or recovery
- Organisations need to meet industry required and system specific regulatory requirements.
Our technology resilience services help clients to:
- Establish or enhance IT DR policy and strategy in line with industry practice
- Design incident response procedures and organisational models, aligned with corporate crisis management plans and protocols
- Undertake critical systems dependency and single point of failure analysis, enabling ‘what if?’ failure scenarios and end-to-end testing boundaries to be established
- Enhance recovery and resilience solutions and management practices
- Assess and implement more resilient or rapid recovery technologies, such as server virtualisation, de-duplication and storage optimisation
- Enhance the resilience of data and voice networks
- Assess the adequacy of data replication, back up and restoration
- Assess the adequacy of infrastructure architecture and fail-over testing under complete data centre loss scenarios
- Assess data centre resiliency and geographic risk
- Enhance the design, management and reporting of IT DR tests
- Assess a third party solution provider’s IT DR capability.