Information Security and Risk Management

EnClouDS has a dedicated and mature Enterprise Security & Risk Management (ESRM) practice with strong credentials in Security consulting and implementation services using majority of the industry’s leading products. EnClouDS ESRM practice focuses on all aspects of Information Security & Compliance for enterprises including Architecture, Identity & Access Management, Governance, Risk Compliance (SOX/HIPAA, PCI et al.), and Application & Database security.

EnClouDS GRC solutions will help build an efficient, collaborative enterprise governance, risk and compliance (eGRC) program across IT, operations, legal and finance domains. These solutions enable our clients to manage risks, demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls. GRC solution constitutes of:

  • Policy Management – Manage the lifecycle of corporate policies and their exceptions.
  • Risk Management – Visualize and communicate risk at all levels of your business.
  • Compliance Management – Comply with regulations in the most efficient way possible.
  • Vendor Management – Manage third-party relationships, assess risk and ensure compliance.
  • Threat Management – Monitor threats and prevent attacks before they affect your enterprise.
  • Incident Management – Investigate and resolve cyber and physical incidents.
  • Business Continuity Management – Centralize business continuity and disaster recovery planning.
  • Audit Management – Enable risk-based, business aligned internal audit.
  • Enterprise Management – Put risks, threats, incidents and deficiencies into business context.

EnClouDS approach to identify any vulnerability in the existing client’s security includes the following assessment steps.

  • Identify required tools: Identify the tool from the different industry recognized tools to carry out the vulnerability tests.
  • Scan the critical resources: use the identified tool(s) to scan the critical resources of the client environment from inside the network (vulnerability scan) as well as from outside (Security testing) the network so that all threats that could be existing from outside as well as inside can be assessed.
  • Analyze the scans: Collate and analyze the collected information (pertaining to vulnerabilities, product problems, workarounds, patches and upgrades) for the current Internet security architecture. Previous vulnerability assessment / Security test reports are also analyzed.
  • Identify measures to be taken: The changes required to mitigate the risks due to vulnerabilities in the environment will be identified. This also involves defining measures to be taken to resolve product problems and implement workarounds, patches and upgrades.
  • Generate Gap Analysis Report: EnClouDS will generate a gap analysis report that can be implemented to plug the identified lacunae that has crept into the security architecture over a period of time. This report shall also help in analyzing the trends in the number of vulnerabilities found during the Security tests and thus would help in the performance of the security architecture / security administration.

EnClouDS IP: Trusted Application Development and Maintenance provides an approach and tool kits to integrate security at every stage of the software development lifecycle and create awareness. This helps to ensure that all applications designed, developed and maintained by EnClouDS for its clients or subsidiaries or internal use close their security gaps, protecting the client and EnClouDS brand from potential security exploitation. Trusted ADM has five processes namely Security Requirement Specification, Threat Model, Security Architecture and Design Review, Security Code Review and Security Testing.

EnClouDS has been delivering Identity and Access Management projects by using Accelerated Integration Methodology (AIM) that effectively leverages Global Delivery Model. Our experience in various IAM products, large scale strategy development and implementations projects enables quicker yet controlled rollout & support of IAM services within the enterprise followed by a quality support to the enterprise’ internal and external customers. Apart from this, various solution center tools like integration components, product capability enhancers, implementation accelerators, solution delivery templates etc. lower solution delivery time and associated risks as well as provide a proven & tested IAM system.

EnClouDS has partnered with several Fortune 500 clients to implement IAM Solutions. We have been involved in providing entire gamut of services for IAM implementation including product selection, architecture definition, design and implementation, product upgrade and operational support. EnClouDS have played a key role in many major implementations by providing road map for IAM implementation, taking ownership of project execution, providing expertise in deploying the solution and bridging the gap between people, processes and technology.

EnClouDS has developed many tools, accelerators and knowledge assets that help in reducing the timelines and increasing productivity of Information Security projects. Some of the accelerators include design wireframes, customized extensions & stand-alone components and implementation methodologies:

  • Request Management Services & Integrated User Management
  • Identity & Access Management Services
  • Roles-based Provisioning & Access Control Framework
  • Reporting & Compliance System
  • Integrates with core identity & access management audit trails to provide intuitive reports required for SOX and other regulatory compliance
  • Utilizes existing enterprise reporting tools e.g. Crystal Reports, Actuate, etc.
  • Trust Fabric – A strategy to establish secure trusted computing at an enterprise level. Establish shared and secure authentication / authorization schemes that provide transitive trust between different computing tiers using technologies such as Kerberos, PKI, etc.