Security by design

Security “By Design”: Security Planning for Transformative Applications

Security Design principles

  • null
    A cloud platform which is security certified
  • null
    A set of application development and operational standards (CMMI)
  • null
    Compliance as appropriate with relevant country specific law – example GDPR
  • null
    Architecture Designed that puts security as a “steelthread”

Our Core Services

null

Database

  • Deploy strong database security
  • Data integrity, Confidentiality, Encryption
  • Data governance and ownership
null

Networks

  • IPSec Tunnel between data source and integration platform in cloud
  • SSL/TLS encryption for web and mobile application
null

Application

  • Application certification as per GDPR regulations
  • Compliance
  • Application development and operational standards(ISO 2007, BCS)
null

Cloud & Firewalls

  • Certified cloud
  • Isolation between ISCP and citizen portal
  • Full 360 degree attack simulation “Think Evil”
null

Access Control

  • Two-factor authentication provisioning
  • Data segmentation
  • IAM service implementation
  • Devices can be geo-confined
null

Monitoring

  • 24x7x365 Monitoring firewall, servers can be extended for SIEM
  • Behaviour analytics leveraging advanced IAM

Securing Data Integrity

  • null
    Encryption (in transit and at rest)
  • null
    Data segmentation- transfer the minimum needed
  • null
    Security Architecture, not relying on third party “bolt-ons”
  • null
    Data Governance and ownership

Data Management & Governance Strategy

Security by design

Securing System against Cyberattack

  • null
    Two factor authentication access control or equivalent

  • null
    User access management/separation and audit controls
  • null
    Compartmentalization of application components (microservices) and external interfaces
  • null
    Cloud platform level
  • null
    Tightened release management
  • null
    Inbuilt audit reporting, downtime planning
  • null
    Comprehensive 360 degree attack simulation “Think Evil” - VAPT