Complementing the broad spectrum of e-security solution requirements, there is a similar broad range of security services developed to address the customers' various stages of support requirements. These include services for analysing security requirements & risks and the development of security policies, designing the security infrastructure, implementing it, managing and maintaining its operations, auditing it and training. These services ensure that the network is secure without compromise.

There are broadly five services that can be implemented:

Analysis Services

These services are focused on two parameters—Risk Assessment and Policy Development.

Risk assessment: It should provide a comprehensive review of a company's overall network design and security policies to determine any vulnerability that may cause exposure to security risks. The service also identifies the areas where improvements should be made to enhance the security policies on an ongoing basis.

Policy Development: It should help customers define and customise security policies and procedures based on their current business processes and security concerns. They include comprehensive documents, which define the security policies and framework for protecting the company's resources and assets on an ongoing basis, whilst adhering to the identified business objectives.

Secure Design Services

Targeting both the macro and micro levels, this service should involve a high level of interaction with the vendor, and should effectively translate business requirements into functional specifications that can be used to design the desired security infrastructure.

Secure Implementation Services

It has a wide array of services catering to different levels of the security system.

Perimeter Hardening: This process removes vulnerabilities from the customer's IT environment that may be exploited by hackers for unauthorised access. To ensure that customers' servers and workstations have been sufficiently hardened and unauthorised access is denied, the perimeter hardening service will review existing security configurations to determine the level of security required and then develops the appropriate configurations on an ongoing basis. Follow-up verification and system integrity checks further ensure that no unauthorised configuration changes can be made.

Virtual Private Network (VPN) Implementation: Whilst VPNs offer attractive cost savings, an organisation would have to deal with the increased exposure to security threats and network performance issues, as well as the support requirement, to maintain the operations of the VPN across multiple locations.

Firewall Implementation: The security specialists interpret and integrate the design of the firewall into the IT environment, in accordance with the organisation's security policy. Operating procedures should be developed, and a firewall implementation report should also be generated to ensure that the firewall is managed securely.

Intrusion Detection System Implementation: An Intrusion Detection System (IDS) provides appropriate surveillance in recording and escalating unusual network access requests. The solution should provide the necessary level of surveillance against popular attack patterns prevalent in the hacker community

Authentication System Implementation: Authentication is a vital requirement in security for authorising access to information for users. Integrating and enabling the appropriate authentication services for the security infrastructure often pose challenges for technology integrators without expert knowledge of the network.

Project Management: With the growing complexity of Internet-working and plethora of diverse systems, today's network managers are plagued with issues with far more serious business implications than ever before. All the more reason why security aspects should be treated seriously as an ongoing and monitored project.

Operation & Management Services

A good security system needs to be operational all the time and easily manageable.

Secure Management Services: As with a person's health, the well being of an organisation's security infrastructure needs regular and continual maintenance. When viewed against the backdrop of increasing hacker attacks and security breaches world-wide, this requirement of guarding against new and increased security threats, internally and externally, calls for a team of qualified professionals.

Round the Clock Secure Maintenance: These services ensure a more productive, efficient and secure network, with increased availability and better investment returns. A sophisticated Secure Management (SM) System and accurate diagnosis should help the customer avoid disastrous network downtime and security breaches, potentially saving thousands of dollars.

Audit Services

The service should provide a high-level security assessment of the vulnerabilities and risks that may exist within an organisation's IT resources. Using proven security assessment tools and utilities, a comprehensive scanning service will search the customers' public servers and network devices for vulnerabilities. It should deliver comprehensive reports ranging from executive-level trend analysis to step-by-step instructions on ways to minimise security risk.  

As more and more people, customers, vendors & competitors are embracing the web, businesses are being pro-actively driven to this medium. Once this embrace begins, it is only a catch-up game on defining, installing, maintaining, auditing, and managing security that is really important.

To recall a statement read somewhere "The security people guarding the VIP have to be alert at all moments to prevent an assassination. One moment of slack is enough for a good assassin to accomplish his task. In the security business, 99.99% effective is just not enough"

Anil Kumar PV
Head of Marketing
Datacraft India Ltd – Mumbai