Accessing the right security, at the right time, in the right place

è www.steria.com

A Steria capability overview

Accessing the right security, at the right time, in the right place

Steria: RightSecurity: transforming the way you protect your enterprise in a changing security landscape

02 | Accessing the right security, at the right time, in the right place è www.steria.com

Did you know...

Steria has more than 20 years’ experience and more than 300 references as a trusted security partner helping to protect infrastructures applications and data for governments and companies

We have a major European network of more than 650 security experts with the ability to implement complex solutions and operate added-value security services

Our global capacity in IT outsourcing is based on our Advanced Security Operations Centre, combined with the expertise of local teams to meet clients’ specific security expectations

Our mixed delivery model enables our clients to invest in added-value security spending and achieve the right balance between security requirements and costs to improve their security services performance

A flexible industrialised pay-per-use model means that our clients are only charged for the security services they use, ensuring better cost control

Our security teams are accredited to the best security certifications on the market: Lead Auditor 27001, Risk Manager 27005, CISSP, CEH (Certified Ethical Hacker)

Our strong R&D policy is developed by our best security experts and ensures we are at the leading edge of developing highly technical and innovative solutions

We were the first provider to launch end-to-end security services in an outsourced and output-based business model

Did you know… Steria’s 24/7/365 Cyber Security Centre has two ‘war rooms’ that can call on more than 100 experts to be operational in fewer than four hours. It offers advanced forensic capabilities for a high level of responsiveness and effective crisis management.

Accessing the right security, at the right time, in the right place | 03è www.steria.com

The security landscape is changing fast. It is no longer enough to rely on your technology solution alone to protect your enterprise: today’s heightened cyber security landscape demands that your people, processes and technology all focus on identifying and reducing risk.

Increasingly complex cyber-attacks are growing in volume as a result of the development of cyber espionage, cybercrime and nation states using these attacks for strategic purposes. According to a 2013 report from the Center for Strategic and International Studies, the estimated annual global cost of malicious cyber activity is between $300 billion and $1 trillion and costs between 0.4% and 1.4% of GDP.

The challenge for many organisations, however, is that although information security is increasingly important, budgets have remained relatively flat. Security managers have to balance the restrictions on their budgets with mitigating the security threat as cyber espionage and crime continue to evolve. There is also a shortage of skilled people able to counter cyber-attacks in both the private and public sector.

Businesses and governments cannot afford the economic and financial consequences of failing to respond to this constantly changing security landscape. Instead, they must adapt and allow controls to be automated

and monitored on a continuous basis. They must stay proactive and use advanced security capabilities, such as risk analysis, to raise their security level and protect the information throughout its lifecycle across the enterprise, while benefiting from the breadth of highly connected information systems.

They also demand 24/7 capabilities allowing them to anticipate, assess, reduce and act to reduce breach exposure times in the event of major breaches and to be able to respond more efficiently to attacks.

It’s not easy. This is especially so because the cyber criminals work around the clock and today’s enterprise security must do the same. Do you have the time and resources to rise to this challenge?

Transform your operational risk

Steria can help. We bring you end-to-end capabilities, from strategy design to daily security operations. Our sustainable and achievable security model gives you the confidence to transform your operational risk management ecosystem. But we don’t do this alone. We take a co-transformation approach to providing you with the right security, at the right place, with the right balance between security requirements and costs.

We are also trusted to help our clients transform and operate their IT infrastructures

and applications portfolios and we support them with business consulting, process optimisation and enterprise security architecture. We have a proven reputation for delivery excellence. Isn’t it time you took a closer look at Steria?

Safeguarding your enterprise with access to the best security capabilities How do you protect your enterprise against the growing volume of increasingly complex and more targeted cyber attacks?

Did you know… Steria is protecting private personal data for health agencies across Europe, such as in France and in Region Midtjylland in Denmark as they transform their health systems.

5


Transforming the way your security is delivered

You may know ‘what’ to protect but ‘how’ you protect it in today’s complex security landscape has become an increasingly onerous challenge. Enterprise IT is more and more complex with cloud computing, mobility and social media extending information security boundaries and exposing organisations to increasing vulnerabilities. And the running cost of delivering security across the enterprise is placing huge pressure on investment capabilities.

It is no wonder that the way security leaders tackle this challenge is changing. At Steria we’ve moved things on too with Security Consulting services that take our clients on the journey from simply what to protect to how they protect it. This is our answer to the huge change in risk ecosystems. It ensures your security strategy is ambitious, timely and, critically, effective.

Our Security Consulting services draw on extensive experience in multi-year framework agreements and a presence on strategic and large contracts across Europe. We combine our global strength with a European network of 650 experts offering multiple skills to help you confidently transform your business with effective information security protection.

Using our Security Consulting expertise you can shape the following elements of your transformation strategy:

• Compliance and risk management: embracing the whole value chain from information security management systems (ISMS) to benchmarking and measuring the effect of risk-controls;

• Business continuity: setting out how to prevent, detect and react to incidents and enable a rapid return to business-as-usual (including vulnerability monitoring, collection and analysis of information, incident investigation, and defining capacity requirements to react to incidents, etc);

• Audit and testing: examining the management controls within your IT infrastructure; and recommending an optimised and proven methodology for a global testing process (tests according to business environments; external and internal).

These Security Consulting services will enable you to formulate a strategy for bridging the gap between business needs and IT security.

You will have all the information needed to demonstrate your security performance to your

stakeholders and align your security measures with regulatory compliance. And crucially in a tough economic climate, you will have a proven approach for optimising the security running costs of your business, freeing up funds to invest in new possibilities.

Increasing cyber security threats and the need to comply with regulatory change demand new thinking and new approaches to how you deliver your security.

Did you know… Steria implemented an information security management system (ISMS) for the leading transport and logistics company Deutsche Bahn, enabling effective governance, management and control of information security with key performance indicators.

The security landscape is incredibly diverse. It ranges from government agencies needing to safeguard communities and borders, to demands for improved identification and authorisation across both private and public sectors. All organisations must find ways to securely manage the data explosion and control access to information, despite the emergence of different channels and cloud-related technologies. These include mobility, smartphones and the extended enterprise created by remote working.

This diversity demands a project-based approach to security to ensure each aspect is met with the appropriate solution. Steria: RightSecurity takes this approach. Our RightSecurity solutions build on extensive experience in development and system integration, as well as on strong partnerships with innovative solutions providers.

Our clients rely on our end-to-end identity and access management (IAM) and data protection services, from consulting to operations. And they are reassured by more than 20 years’ experience in biometric solutions across Europe and beyond.

We combine this expertise to engineer complex projects wholly aligned with our clients’ business need:

• Electronic identity (e-ID) security: we have developed a range of solutions enabling the use of eID cards in various environments. These feature physical identification, data capture, authentication and authorisation solutions and electronic signature tools;

• IAM: organisations are struggling to successfully implement IAM solutions due to the complex nature of their

information environments. We unravel that complexity by offering quick and efficient solution deployment with manageable steps and an effective implementation toolkit;

• Public Key Infrastructures (PKI) and Single Sign On (SSO) solutions: we have extensive experience of using biometrics and PKIs to strengthen our IAM and SSO approaches in an end-to-end manner;

• Biometrics: the usability of our proprietary products sets them apart from many others. These include SteriaAFIS (our back-end solution for the storage and biometric matching of fingerprints in large databases), as well as SteriaFITPlus, SteriaFITMobile and our Biometric Data Capture System;

How do you ensure that the security solutions you implement are built on a thorough understanding of business processes and need?

Aligning enterprise security with your business objectives

è www.steria.com06 | Accessing the right security, at the right time, in the right place

Did you know… Steria secured UK Ministry of Defence facilities with its Biometrics Data Capture System for site security and access control using fingerprint and iris recognition.


• Infoleaks Protection: we ensure that the sensitive data stored on endpoint devices are not compromised or lost when handling, managing or using it;

• Cloud security: our Cloud Security Passport includes security due diligence, testing, risk assessment and a bridge between your legacy and cloud information security solutions. We support the development of cloud security policies and provide compliance assessments and implementation of cloud security solutions.

Steria: RightSecurity solutions ensure you have complete control of your information confidentiality inside and outside your organisation.

Detecting and preventing security attacks with the right level of serviceWith a new generation of cyber security attacks and lack of skilled resource to combat them, finding the right partner to help you safeguard your enterprise is essential.

Increasing security infrastructure and product complexity, compliance constraints and a new breadth of threat, make improving security and maintaining the costs of security operations difficult to undertake on your own. Unsurprisingly, increasing numbers of organisations are outsourcing their security operations to experienced information security providers, such as Steria.

Steria: RightSecurity Services are designed to detect and prevent security threats and match the security needs (and risks) of your business processes, information and even key people. It is based on our proven IPPCoR methodology of: risk Identification; prevention planning; protection deployment; control and management; and reporting and communication. Our on-demand based, Security-as-a-Service model ensures you only pay for the security you use.

The central components of our RightSecurity Services are:

• Advanced Security Operations Centre (SOC): we go beyond the basics to provide optimisation of incident management, Advanced Persistent Threat (APT) mitigation and zero-day attack detection;

• Compliance: we use our own innovative Business Intelligence Online Analytical Processing (BI OLAP) Cube to assess in real-time and on a continuous basis the compliance of important aspects of your security, including people behaviours, smart devices and personal computers;

• VIP protection: we set up customised end-to-end capabilities to give your VIPs assurance that their technology devices and communications are secure;

• Crisis management: we stay on top of any critical event challenging your most sensitive business assets (data, business process, people);

• Forensics: we investigate and understand the causes and origins of any major incident (whether internal or external).

With access to our high level of security skills and cutting-edge technologies, you’ll have improved visibility and control over your security performance with the ability to detect, manage and prevent threats.


Did you know… Steria is providing a leading aircraft manufacturer with end-to-end, output-based security services at worldwide level, including a dedicated SOC and compliance management, delivered mainly from our Advanced Security Operations Centre in France. Our partnership has entirely transformed the manufacturer’s security strategy, operations and employee security awareness, as well as its ability to clearly articulate the tangible value achieved from ongoing investment in RightSecurity Services.


Advanced Security Operations Centre

Our global cyber security capabilities combine the advanced technical expertise of our intrusion testing teams with added-value services based on the best technologies of our leading Advanced Security Operations Centre (SOC) located in France.

We aim to keep our clients one step ahead of the hackers. We achieve this with a comprehensive security research and development (R&D) programme and the development of IT security competencies, which involves our engagement at the earliest stages of relevant education programmes to ensure a sustainable supply of security skills.

The Advanced SOC is deployable 24/7. It strengthens defences, fixes network intrusions and optimises incident management following the most sophisticated attacks. It features two ‘war rooms’, with processes in place for mobilising more than 100 experts within four hours across the Steria Group.

It offers advanced forensic capabilities for a high level of responsiveness and effective crisis management.

We have extensive experience of the various profiles and roles required to handle a crisis with high levels of responsiveness. This allows us to support you with relevant technical expertise and experience both of how to control external and internal communication and of the appropriate remedial changes required to your security strategy, operations and processes that will help mitigate against similar incidents in future.


Steria RightSecurity rests on four key security pillars: Security Consulting focused on governance and risk management; Security Solutions such as IAM and data loss prevention (DLP), Security Services improving visibility and control; and our Advanced Security Operations Centre (SOC).

This focused RightSecurity portfolio leverages Steria’s experience in IT consulting services and technology solutions. These give you the agility you need to make change happen as quickly as possible:

• Transformation services: supporting the ongoing transformation of business processes, applications and IT infrastructure

• Consulting: making the most of our sector expertise to successfully implement strategic and organisational change

• Application development and system integration: from solution definition, design and development, to deployment and ultimate benefits realisation

• Testing and quality assurance: bridging the gap between application development and systems rollout

• Application management: agile, focused IT services based on guaranteed outputs and outcomes designed to optimise and maintain solutions

• Infrastructure management: meeting the drive for cost reduction, flexibility, performance improvement and growth

• Business Process Outsourcing: delivering a step change in business efficiency, agility and performance in functions such as HR and Finance & Accounting.

Our best-in-class consulting, solutions and implementation expertise is complemented by tailored security solutions designed to ensure our clients manage their information security for success.

We have supported the development of an information security policy for a national agency responsible for secure identity documents and worked with Deutsche Telekom AG on the concept and introduction of a single sign on (SSO) process for 100,000 users and 100 applications. And we’ve helped one of Europe’s national health agencies modernise its e-health information systems with risk analysis and a reshaped security framework.

As a trusted transformation partner, Steria can help you benefit from all the opportunities of the digital era securely and efficiently.

Rising to the 21st century security challenge of digital trust Steria: RightSecurity is an effective response to innovative and intelligent cyber security attacks that provides you with concrete business benefits and return on investment.

Did you know… The Steria Hacking Challenge was launched in France in March 2013 as a unique competition in which the most talented IT security students from leading security education institutions compete to solve 25 cyber security challenges. The competition is designed to help offset the gap between companies’ cyber challenges and the lack of leading edge competencies in the security market.


Steria: RightSecurity solutions

We deliver specific RightSecurity services, solutions and innovations, including:

Find out more

Find out more about our extensive range of Steria: RightSecurity services and solutions as well as our diverse portfolio of IT-enabled business services by visiting www.steria.com/our-solutions/security/rightsecurity-services/ or email [email protected]

Services:

• Audit

• AdvancedSecurityOperationsCentre(SOC)

• BusinessContinuity

• BusinessProcessRiskConsulting

• Compliance

• CrisisManagement

• Dynamic&CodeSecurityTesting

• Forensics&Vulnerability

• SecurityIncidentManagement

• SecurityProcessManagement

Solutions:

• Advancedpaymentsforsecuretransactions

• BiometricsandeID

• ComplianceandRiskManagement

• CustomerCentricManagementfor 360º data protection

• DataLossPrevention

• EnterpriseContentManagementforsecuredematerialisation and data protection

• IdentityandAccessManagement(IAM)and Authentication

• InfoleaksProtection

• SecurityfortheCloud

• WorkplaceOnCommand

Innovation:

• AdvancedPersistentThreat(APT)and Zero-day Attacks Mitigation and Analysis

• BIOLAPfordynamiccomplianceanalysisand customised report production

• CrisisManagement

• DigitalSafe

• LabR&DUnit

• SecurityforVIPs,DataProtection

• SecurityWatchforvulnerabilityintelligence

• SecureMessaging&Payment

• SteriaHackingChallenge

Groupe Steria SCA 43 - 45 Quai du Président Roosevelt F-92130 Issy-les-Moulineaux CEDEX France © Steria_BCS002

For further information about our services visit www.steria.com

About Steria: www.steria.com

Steria delivers IT enabled business services and is the Trusted Transformation Partner for private and public sector organisations across the globe. By combining in depth understanding of our clients’ businesses with expertise in IT and business process outsourcing, we take on our clients’ challenges and develop innovative solutions to address them efficiently and profitably. Through our highly collaborative consulting style, we work with our clients to transform their business, enabling them to focus on what they do best. Our 20,000 people, working across 16 countries, support the systems, services and processes that make today’s world turn, touching the lives of millions around the globe each day. Founded in 1969, Steria has offices in Europe, India, North Africa and SE Asia and a 2012 revenue of €1.83 billion. Over 20%* of Steria’s capital is owned by its employees. Headquartered in Paris, Steria is listed on the Euronext Paris market.

*including “SET Trust” and “XEBT Trust” (4.15% of capital)

Accessing the right security, at the right time, in the right place

Technology

Transcript of Accessing the right security, at the right time, in the right place