TELEGROUP PROFILE
Diana Gligorijević, direktor marketinga INFOTECH 2012
TELEGROUP OVERVIEW
1992 Telegroup LTD, UK
1996 TeleGroup Banja Luka
2001 TeleGroup Beograd
2007 TeleGroup Sofia
One of the leading Solution Providers in the ICT &
Energy areas in Western Balkan territories;
Consulting
Designing of telecommunication, IT & energy networks and systems
Creation & implementation of ICT Solutions
Sales of ICT equipment (active & passive)
Engineering of telecommunication, IT & energy
infrastructure
Cloud Services
Software engineering
End – users System Management Project Management
Technical Support 24x7
Trainings
ICT PORTFOLIO
UNIFIED COMMUNICATIONS
IP PBX, Contact Centers, Unified Messaging, Presence
Voice and Video conferencing systems
Critical Communications
Recording solutions
Total expense management
VoIP gateways and controllers
Video surveillance, Access Control, Fire protection and Intrusion prevention
Wireless broadband access network systems
Radio - relay and Functional systems
Enterprise Mobility Solutions
IT SOLUTIONS
Network equipment and Server systems
Network and Data Protection
Data storage, preserving and archiving solutions
Software solutions
mPayment, mHealth, mTicketing
PASSIVE EQUIPMENT
Heat shrink & cold shrink joints and pipes
Splitters, modules, surge arrestors for modules, holders & connectors
Cable locators
Self supported cable and other telecommunication accessories
Racks, patch panels, patch cords, adapters, modules, sockets ...
TECHNICAL SUPPORT SERVICES
Laboratory testing
Testing and analysis of work of existing installed systems
Installation of equipment and commissioning
Diagnostics of irregularities in the working of the equipment Repair of devices
Maintenance during warranty and post-warranty period Trainings for all systems included in TeleGroup business
portfolio
End users are provided with training for system use and maintenance
Partners are provided with training for system installation and maintenance
INT
E
R
VE
NT
ION
PROCE
DU
R
E
3 WAYS TO CONTACT TECHNICAL SUPPORT SERVICE
Call Center +381 11 3081999 e-mail: helpdesk@telegroup-ltd.com http://helpdesk.telegroup-ltd.com R e sp o n se t im e R ec o very t im e Head engineer Intervention report & technical level of
a fault Starting Intervention report Service Center On – site consulting and/or Remote support On – site intervention team Recovery work in progress
System recovery Completing Intervention report Technical Support Service center Mutual work Contact with responsible engineer
WHAT IS CLOUD?
Today everybody talks about Cloud, but the fact is that everyone uses different
although similar definition depending on their positions.
One of the definitions….„Cloud is computing area in which highly scalable IT capacities are provided to the external users as a service delivered over appropriate network infrastrucure!“
ACTUAL TRENDS
Global statistics is that almost 40% IT services users have
WHAT LED TO CLOUD EXPANSION?
In introducing new IT solutions, most of the time we
spent on defining the infrastructure (hardware and
software)
Cloud services increases productivity and enables easy
upgrade
Efficient delivery of IT Solutions
Accelerations of all inovations in this area
All solutions based on Cloud are much cheaper and
more efficient
All this facts led to the SOA (Service Oriented
Architecture) where Cloud computing separates
IT TRENDS AND SECURITY
Megatrends in IT:
mobility
new mobile platforms
cloud computing
Megatrends impacting security
highly sophisticated threats
growing use of mobile devices
new IT delivery models (SaaS)
Rapid growth in security investment and important
changes in the Security Solution Market
Worldwide security spending will reach $63 billion in 2012
CLIENT INQUIRIES IN CLOUD SECURITY
Clients are still looking for
basic guidance for the
security issues of enterprise
use of cloud services. This
client inquiry data can be
used to align security
professionals' priorities
with those of their peers
who are also evaluating
cloud security measures
CLIENT INQUIRIES IN CLOUD SECURITY
Clients’ strong interest in this area of security. This reflects
the still-evolving state of both cloud computing and cloud
security
Clients are currently more concerned about identifying
and assessing cloud security risks than about evaluating
specific cloud security solutions
The industry segments most concerned with cloud
security are those that handle sensitive data and those
that are subject to rigorous regulatory requirements.
Client inquiries suggest a disproportionate interest in
cloud security in Europe and among small-and-midsize
enterprises.
CLIENT INQUIRIES IN CLOUD SECURITY
CLIENT INQUIRIES IN CLOUD SECURITY
CLIENT INQUIRIES IN CLOUD SECURITY
CLIENT INQUIRIES IN CLOUD SECURITY
CRITICAL SECURITY QUESTIONS TO ASK A CLOUD
SERVICE PROVIDER
Issues
Cloud security standards will not mature before
2H12
Many cloud service providers do not provide
transparency into their security practices
The global nature of cloud service providers
complicates their compliance with local or national security regulations and requirements.
What to do?
Ensure that regulatory, corporate, industry or other
applicable security standards apply to all cloud service providers
Use checklist of independent security organizations
as a starting point until cloud security standards mature
Use a third-party vulnerability assessment firm to
validate the responses to this checklist or any other questionnaire approach
CRITICAL SECURITY QUESTIONS TO ASK A CLOUD
SERVICE PROVIDER
Security must be a key criterion in any
decision to use external cloud service providers when critical customer and
business information is involved. A simple checklist is no substitute for a full
standards-based security assessment, but will often be the only choice at this early stage of cloud service maturity.
CRITICAL SECURITY QUESTIONS TO ASK A CLOUD
SERVICE PROVIDER
Network
Does the cloud service provider require the use of two-factor authentication for the administrative control of servers, routers, switches and firewalls?
Does it support IPsec or Secure Sockets Layer with Extended Validation certificates and two-factor authentication for connecting to the service? Does it provide redundancy and load balancing for firewalls, intrusion
prevention, and other critical security elements?
Does it perform external penetration tests at least quarterly, and internal network security audits at least annually?
Can it show documented requirements (and audit procedures) for network security
Does it contract for, or provide protection against, denial-of-service attacks against its Internet presence?
CRITICAL SECURITY QUESTIONS TO ASK A
CLOUD SERVICE PROVIDER
Platform
Can the cloud service provider present a documented policy
for "hardening" the underlying virtualized infrastructure that its services run on?
Can it provide validated procedures for configuration
management, patch installation and malware prevention for all servers and PCs involved in cloud service delivery?
Does it have a documented set of controls that it uses to
ensure the separation of data and security information among customer applications?
CRITICAL SECURITY QUESTIONS TO ASK A
CLOUD SERVICE PROVIDER
Applications and Data
How does the cloud service provider
review the security of applications and any supporting code that it develops and uses?
Does it use content monitoring and
filtering, or data loss prevention inappropriate for data flows?
Does it have documented procedures
for configuration management,
including the installation of security patches, for all applications?
If the cloud service involves data that is covered by regulatory or other
compliance requirements then does the provider meet the applicable requirements for data protection?
CRITICAL SECURITY QUESTIONS TO ASK A
CLOUD SERVICE PROVIDER
Operations
Does the cloud service provider perform background checks on personnel with administrative or other privileged access to servers, applications or customer data?
Does the provider have super user privilege management and database activity monitoring controls or the equivalent to detect inappropriate behavior by
provider employees with administrative access?
Can it show a documented process for evaluating security alerts from OS and application vendors, shielding systems from attack until patched, and installing security patches and service packs?
Does it employ security monitoring and log management functions, and use write-once technology or other secure approaches for storing audit trails and security logs?
Can it demonstrate established procedures for vulnerability management, intrusion prevention, incident response, and incident escalation and
CRITICAL SECURITY QUESTIONS TO ASK A
CLOUD SERVICE PROVIDER
End Services
Does the cloud service provider's security staff average more
than four years' experience in information and network security?
Does more than 75% of its security staff have security industry
certification. The cloud provider also should have vendor
certification for the specific firewall equipment it will manage.
Can it show documented identity management and help desk
procedures for authenticating callers and resetting access controls, as well as for establishing and deleting accounts
CRITICAL SECURITY QUESTIONS TO ASK A
CLOUD SERVICE PROVIDER
Recommendations
Enterprises' security organizations must be involved in the evaluation of prospective cloud service providers.
Security organizations should have an
established set of security requirements or
standards that can be used as evaluation criteria for cloud service security providers.
If a cloud service provider is already being used without enterprise security involvement, request visibility into any security audits that the
THE GROWING ADOPTION OF CLOUD-BASED
SECURITY SERVICES
Cloud-based security services
offer the promise of easy
deployment and lower cost of
ownership, but buyers must
choose appropriate controls and
weigh potential benefits against
operational requirements.
THE GROWING ADOPTION OF CLOUD-BASED
SECURITY SERVICES
The suitability of various security controls for cloud-based
delivery controls differs across controls based on the
characteristics of those controls, including ability to customize and sensitivity to network latency and capacity
The successful adoption of cloud-based security depends on
the suitability of controls to that style of delivery, but also on the ability to integrate with premises-based controls
Cloud-based security controls will play an increasingly
THE GROWING ADOPTION OF CLOUD-BASED
SECURITY SERVICES
Benefits and Customer expectations:
Efficiency Effectiveness Flexibility Availability Scalability Customization Integration Location Visibility Control Expertise
THE GROWING ADOPTION OF CLOUD-BASED
SECURITY SERVICES
List of Security Controls
Secure Email Gateway
Secure Web Gateway (SWG)
Remote Vulnerability Assessment (VA)
Security Information and Event Management (SIEM)
Distributed Denial of Service (DDoS)
Identity as a Service
Application Security Testing
Website Protection
Cloud-Based Encryption Services
ENTERPRISES MUST BALANCE OPPORTUNITY
AND RISK IN CLOUD AND MOBILE SECURITY
Cloud computing and mobile devices hold the potential to
make enterprises more agile, more efficient and more
competitive. They also introduce new security risks that must be addressed immediately!
Gartner analysts covering security, cloud computing and mobile
devices have collaborated to develop a set of key predictions for 2012 and beyond. Chief information security officers (CISOs) and other enterprise decision makers should consider these
forward-looking Strategic Planning Assumptions when allocating resources and selecting products and services!
CLOUD SECURITY AND RISK STANDARDS
The current lack of agreement on cloud risk
standards ensures that cloud provider risk evaluation will remain an inexact and
inconvenient process for the next several years.
It is easier to evaluate operational processes
than technology quality, but both are equally relevant to cloud risk assessment.
The use of questionnaires continues to grow in significance as a mechanism for evaluating service provider risk, with most buyers
CLOUD SECURITY AND RISK STANDARDS
Several standards for cloud practices have been published and
can legitimately be considered as constituting today's understanding of "best practice.„
Four current initiatives show potential for meeting the needs for a cloud security standard. All are adapting and
supplementing existing standards, such as ISO/IEC 27001/27002 and BS 25999, to create a written framework of control
standards directly applicable to cloud service providers:
Cloud Security Alliance
The Shared Assessments Program
Common Assurance Maturity Model (CAMM) FedRAMP
CLOUD SECURITY AND RISK STANDARDS
Certification Programs:
ISO/IEC 27001 certification
American Institute of Certified Public Accountants (AICPA)
In critical situations, providers must be required to
document not just whether they meet the standard, but
how they meet it. They must also allow annual audits for
neutral verification. Vendors that refuse transparency
should be avoided for mission-critical, corporate
SECURITY TESTING OF CLOUD SERVICES
PROVIDERS IS A MUST
All kinds of cloud services (application, data,
infrastructure, security) should be tested for the security
of the Web interfaces and systems they use to provide
services. Such testing, often performed by application
security providers, will be critical for the security of cloud
services.
Security testing helps enterprises ensure that the cloud
services providers they entrust with their assets and
processes are secure and compliant with established
policies.
Security Testing of Cloud Services
Enterprises moving business-critical information and processes into the cloud must ensure that their cloud providers meet
enterprises' security policies. This will be a somewhat painful issue for many enterprises, because business benefits (for
example, lower cost and faster delivery) will often favor cloud solutions, while security concerns will stand as obstacles
against achieving those benefits. However, enterprises should consider cloud business benefits and security risks, and make security an explicit clause in contractual agreements with cloud providers.
SECURITY TESTING OF CLOUD SERVICES
PROVIDERS IS A MUST
The following models of cloud security testing could be used:
The prospective enterprise client, the cloud provider and the third-party security testing provider negotiate a trilateral agreement. The cloud provider agrees to the third-party security testing provider's inspection, which results in a report being sent to the prospective enterprise client. Based on the report, the enterprise decides
whether the cloud provider's security measures meet its requirements.
The cloud provider uses independent security testing and provides proof of such testing to its cloud services prospects and clients.
The cloud provider adopts application security testing technologies, grows its own skills and expertise, and conducts its own security testing.
SECURITY TESTING OF CLOUD SERVICES
PROVIDERS IS A MUST
The Benefits of Independent Testing of Cloud Services
Providers:
Vendor independence
Vendor expertise
Cost savings
Security Testing Certification
Certification must meet enterprise or industry security
standards. Certification should include a clause assuring that the cloud provider has been continually retested.
SECURITY TESTING OF CLOUD SERVICES
PROVIDERS IS A MUST
VENDORS IN SECURITY
SERVICES AND CLOUD SECURITY
Security as a Service product vendors
McAfee Symantec Trend Micro Zscaler Panda Software Websense HP Barracuda
COOL VENDORS IN SECURITY
SERVICES AND CLOUD SECURITY
Enterprises and technology providers are increasingly looking to service- and cloud-based models to deliver more effective, more cost-efficient security practices. Chief information
security officers (CISOs) and other security professionals should familiarize themselves with Gartner's 2012 Cool Vendors in
service and cloud security, as well as the potential business benefits they offer.
Services and Cloud Security Vendors:
Certes Networks FireHost OpenDNS Zettaset Dasient WhiteHat Security
CONCLUSION
Cloud computing is an efficient, scalable
and effective way of delivering IT
services today, but as an open system is
subject to numerous of security
problems
However, if you use a centralized
identity, access policy and appropriate
standards that can dramatically increase
the level of security
CONCLUSION
Cloud computing is offered as a
service and part of security issues are service provider's responsibility, but a higher level of security commonly
used resources and solutions that are not associated with IT service provider
If you plan to become a Cloud service
user soon, TeleGroup can implement all the Cloud Security control based on recognized IT security framework and industry best practices!!!
www.telegroup-ltd.com
www.telegroup-bg.com www.telegroup.ba
THANK YOU!
Feel free to contact us via: