Security Design principles
Security “By Design”: Security Planning for Transformative Applications
- A cloud platform which is security certified
- A set of application development and operational standards (CMMI)
- Compliance as appropriate with relevant country specific law – example GDPR
- Architecture Designed that puts security as a “steelthread”
Our Core Services
Database
- Deploy strong database security
- Data integrity, Confidentiality, Encryption
- Data governance and ownership
Networks
- IPSec Tunnel between data source and integration platform in cloud
- SSL/TLS encryption for web and mobile application
Application
- Application certification as per GDPR regulations
- Compliance
- Application development and operational standards(ISO 2007, BCS)
Cloud & Firewalls
- Certified cloud
- Isolation between ISCP and citizen portal
- Full 360 degree attack simulation “Think Evil”
Access Control
- Two-factor authentication provisioning
- Data segmentation
- IAM service implementation
- Devices can be geo-confined
Monitoring
- 24x7x365 Monitoring firewall, servers can be extended for SIEM
- Behaviour analytics leveraging advanced IAM
Securing Data Integrity
- Encryption (in transit and at rest)
- Data segmentation- transfer the minimum needed
- Security Architecture, not relying on third party “bolt-ons”
- Data Governance and ownership
Data Management & Governance Strategy
Securing System against Cyberattack
- Two factor authentication access control or equivalent
- User access management/separation and audit controls
- Compartmentalization of application components (microservices) and external interfaces
- Cloud platform level
- Tightened release management
- Inbuilt audit reporting, downtime planning
- Comprehensive 360 degree attack simulation “Think Evil” - VAPT
Comments are closed.