Thales Service Definition for PSN Secure Gateway Service for Cloud Services

Transcription

1 Thales Definition for PSN Secure Gateway Thales Definition for PSN Secure Gateway for Cloud s April 2014 Page 1 of 12

2 Thales Definition for PSN Secure Gateway CONTENT Page No. Introduction... 3 Overview of... 3 Key Features... 4 The Thales SaaS Cloud Model... 4 Protective Monitoring... 5 Information Assurance (IA)... 5 Statements of accreditation:... 5 Baseline / Bundled Gateway s... 6 Unbundled Gateway s... 6 Capabilities and Technical Performance Specification... 7 Levels... 8 Recompense model for not meeting service levels... 8 Training... 8 Ordering... 9 On boarding and Off Boarding... 9 On Boarding:... 9 Off Boarding:... 9 Customer Responsibilities Thales Commitment to Open Standards Thales support for UK Government Information Principles Principle 2 - Information is Managed Principle 5 - Information is Re-used Government ICT Strategy and Greening ICT Strategies Contact Page 2 of 12

3 Thales Definition for PSN Secure Gateway Introduction Overview of As the efficient exchange of data and information between Government departments is enabled through initiatives such as G-Cloud and PSN, with applications increasingly becoming available to support joined up government, the demand for boundary protection and Secure Gateways has mushroomed. Unlike the previous GSI model, PSN and G-Cloud services are based upon a network of networks approach. This multi vendor approach drives the need to manage and control the information flows across the security domain boundaries through the use of Secure Gateways technology. Thales Secure Gateway s are a suite of fully managed services that deliver; Web Gateway, Gateway and a range of File Transfer and other Inter domain Gateway capabilities. This Description relates to the Thales Secure Gateway. The Thales Secure Gateway securely manages the boundary between the Customer s own security domain(s) and other external networks or security domains. These domains may be at different security or Impact Levels, or may be just a separate domain at the same security level, for which the customer needs to exercise control over the flow of information and access. In all cases the Gateway will be configured and managed to execute the Customer s own security policies. The policies will define the type of s, the content rules, source and destination address restrictions and attachment rules. The Gateway will then manage information attempting to transit the boundary checking for prohibited words, URLs, protocols, or any malware including cyber attacks and applications embedded within files, attachments and text. Thales Gateway s provide many of the necessary security risk mitigations that contribute to lowering the SIRO s security risk profile mitigating risks identified in the Customer s RMADS. The enables a safe, controlled and secure access to external s, helping to facilitate joined up government, whilst protecting the Customer s secure information held at IL2, IL3, Official and Official Sensitive level. The service is delivered as SaaS running on VM Ware platforms that can be scaled by our operation centre staff in Doncaster, the application software will run on virtual servers that can be created on any compatible Infrastructure platform. The on-line customer portal making available usage data, incident status and security reports whilst allowing the customer to report incidents and raise service requests and IMAC s. Protective Monitoring services provided by the Thales CSOC (Cyber Security Operations Centre) and the ITIL service provided by the NOC (Network Operations Centre) deliver the 24 hour, 365 day per year assurance that the service is operational and secure. Thales has registered its Gateway s solution with the Public s Network Authority under the registration number SRV This service is being progressed with the Pan Government Accreditor (PGA). Page 3 of 12

4 IL3 Network IL Firewalls (HA Pair ) Server Firewalls (HA Pair ) File Repository Switches (HA Pair ) IL3 IL4 Switches (HA Pair ) Firewalls and IDS/IPS (HA Pair ) IL4Network IL File Repository Server Thales Definition for PSN Secure Gateway Key Features The Thales SaaS Cloud Model Figure 1 shows the model that has been developed by Thales which shows all the key attributes of the Secure Gateway. The Gateway policy, element management, control and filtering applications are accessible by the Thales Operations Centre largely through web browsers that enable re-configuration and management of the various Gateway elements. The web based customer portal provides a channel for customer IMAC service requests and for on-line access to incident and reporting information. Level Agreement Accreditation (Official, Official Sensitive, Secret) Protective Monitoring Operational Security Boundary ITIL s Sub CA Baseline s: Design Integration Transition Optional s Consulting Change Application software Functional Specification Functional Specification Functional Matrix Specification Matrix Matrix Figure 1 Thales Secure Gateway Model. The service is delivered on a virtualised infrastructure based on VMWare and has been developed to be operational from Thales Data Centres, Customer Data Centres or from third party IaaS Cloud providers such as Skyscape. The architecture priced provides for a 99.9% availabilty but for High Availability applications additional load balanced and active passive architectures are available. The SOC and NOC functions already have DR capability based on the Thales Doncaster and Basingstoke sites connected by a high capacity PSN Network triangulated through Bristol. The application software and architecture graphic shown at the centre of Figure 1 represents just one of a wide range of Gateway variants that provide the Information Assurance and Protection necessary to mitigate the customer s security risk profile. The pricing offered in this G-Cloud entry Gateway configuration, a typical basic but effective service that includes; Gateway policy enforcement, firewalling, virus checking, intrusion detection and protection capability. More complex, standard arrangements will add load balancing for scalability, authentication capability, more complex packet inspection techniques and further resilience options to protect the customer s secure networks and information. The Capabilities and Technical Performance section describes the configuration of the Gateway and the level of control, filtering and inspection to be performed. Page 4 of 12

5 Thales Definition for PSN Secure Gateway Protective Monitoring The Customer s RMADS (Risk Management and Accreditation Document Set) as approved by the accreditor will include the risk mitigations that must be carried out to achieve accreditation. The accreditation and evaluation status of the Secure Gateway s is likely to form part of the possible mitigation of risks. Protective Monitoring of the Secure Gateway aligns to CESG Good Practice Guide 13 (GPG13), following best practice and policies set out in HMG Risk Management standard, IA Standard No. 1 and 2 (IS1 & 2). The Protective Monitoring provided by the Thales SOC demonstrates the necessary operational independence from the Network Operations Centre. The SOC provides risk mitigation through Accounting, Audit, Monitoring and Management Reporting. Information Assurance (IA) The protective monitoring provided by the Thales CSOC, the ITIL framework implemented by the NOC (Network Operations Centre) and the necessary PKI services provided by the PSN Sub Certificate Authority are shown at Figure 1 within the black border that indicates the operational service boundary. These are all key components of the service that provides the necessary Information Assurance. Statements of accreditation: The security components that comprise the Gateway software suite are considered by Thales as best in class and include both Cisco Iron Port and Deep Secure Gateway software which supports the need for a single vendor independent compliant solution. Thales can provide confirmation, through the appropriate channels regarding the security evaluations undertaken as part of the process for the accreditation of services at BIL 33x and above. Many of the service components are already in use on Customer networks and on the Thales Restricted networks that have achieved accreditation by the Public Network Authority (PSNA) and Ministry of Defence (accredited by DSAS MoD). The Pan Government Accreditor (PGA) has accredited both the Thales PSN IL3 connectivity and PKI services; these services are registered as PSNSP 002 and SRV0111. Thales has registered its Gateway s solution with the Public s Network Authority under the registration number SRV This service is being progressed with the Pan Government Accreditor (PGA). The protective monitoring and ITIL service management for both the accredited PSN Connectivity s and the PSN Secure Gateway s are hosted within our Tier 3 (TIA) List X Certified Doncaster Data Centre operation. In addition to the physical protection of the service, Thales, as a Certified CESG Assurance (Telecommunications) CAS(T) and ISO 27001:2005 supplier, has a mature and regularly maintained ISO ISMS. All of the documentation required is in accordance with, and compliant against HM Government IS No 1&2 and PSNA documentation sets. Page 5 of 12

6 Thales Definition for PSN Secure Gateway Baseline / Bundled Gateway s The baseline services shown in Figure 1 include Design, Integration and Transition. The final implementation of the service provided by Thales will depend upon customer agreement of the roles and responsibilities for each of the providers, third parties and of the customer themselves. Thales baseline services are designed with the need for this level of flexibility in mind. Simple definitions are shown below; Design; Ensures that the Thales preferred Web Gateway architectures are configured to meet specific customer performance and IA requirements. Integration; Based upon a common understanding of how the services will be integrated into the existing or to be infrastructure and agreed prior to order acceptance. Often delivered as part of a larger WAN or LAN refresh or deployment. Transition; Whilst integration baseline services will facilitate the definition of how the Gateways will fit within the LAN / WAN architecture, as part of this price they are bounded as activities relating directly to the operation of the Thales service transition services may also be provided to help the customer manage the journey from their As Is environment to the final To Be Gateways by definition are located at network and security domain boundaries. Thales will validate the Secure Gateway design against the existing infrastructure and work with the customer and third parties to ensure a smooth integration and transition. Typically this may include the incumbent LAN provider or data centre / hosting provider. A detailed integration and transition plan including identification of roles and responsibilities, the necessary joint assurance planning and cutover procedures, all to be agreed with the customer during the early project planning phase as part of the on boarding process. Thales has extensive experience of systems integration and can operate as the prime contractor or work with the organisation appointed by the customer. The price shown against this Description includes all baseline activities that relate directly to the successful assurance and operational readiness of the Thales service. Thales will be pleased to provide additional services to extend the scope beyond the standard service. Unbundled Gateway s Targeted at those Customers who wish to procure the same functionality as the Fully- Managed Gateway s, Unbundled Gateways s retain elements of the service either in-house or as part of a wider network operational environment. For example, this unbundled approach allows efficiencies to be realised through sharing existing customer NOC and SOC capabilities. This approach may be favoured by Customers who for security reasons are unable to disclose details of their operations or allow third parties to have access to equipment after installation. Page 6 of 12

7 Thales Definition for PSN Secure Gateway It is anticipated that this will also appeal to specialist Vendors, Systems Integrators, Outsourcers and to SMEs who can provide high quality elements of the service but are not able to offer the full set of managed services. Capabilities and Technical Performance Specification TABLE 1 CAPABILITIES AND TECHNICAL PERFORMANCE Gateway Target Security Domains Filtering Capabilities / Functions Actions on Policy Infringement Mail Gateway HIGH MED Standard Filtering/Functional Capabilities: Spam/Phishing E mail Address White list / Black list Word Searching in E mail Word Searching in Attachment File Type Malware Detection Additional/Optional Functional/Filtering Capabilities: Macro Searching Mail Holding / Release (Gateway functionality dependent). Digital Signing; certificates added to e mail traffic to authenticate senders to receivers. Detailed Word Searching; permutations, abbreviations. Security Label Filtering Standard Actions: Block Mail; blocks the e mail traffic and non delivers it. Log Transaction Attempt; logging of transaction attempts and infringements. Logging (SysLOG); provide SysLOG data for SOC. Additional/Optional Actions: Self Release; an option that can be available for customers on request. Hold Mail; holds the e mail traffic for further analysis (configured depending on policy breach). Archive Mail; provides the capability of archiving mail based on policy. Standard Alerts; SOC/NOC Operators; provide SOC and/or NOC operators will visibility of policy infringements (if configured). Additional/Optional Alerts: Sender (Non Deliver); provides the sender with an alert that their e mail has been blocked. Page 7 of 12

8 Thales Definition for PSN Secure Gateway Gateway Target Security Domains Filtering Capabilities / Functions Actions on Policy Infringement Specified E mail Addresses; provides an alert to specified e mail addresses on detection of policy infringement. Mail Digest; provides a digest of e mails that have been blocked and these can then be selected for self release (policy dependent and also requires Self Release option). Levels TABLE 2 SERVICE LEVELS Attribute Hours of operation (Network Operation Centre) Availability Help Desk Request Response IMAC Response 24hrs, 365 days per year Target Level Priced example 99.9% Higher availability based upon selection of resilience options Portal operation 24 x7 for monitoring incidents, reporting incidents and logging IMAC service requests Less than 24 hours Less than 24 hours Recompense model for not meeting service levels 1% reduction in our service price for each month we fail to hit the targets Training This is a fully managed service and requires no customer training for the operational service other than the provision of customer portal user guide and service management information including incident escalation processes, service reporting and contact details. Page 8 of 12

9 Thales Definition for PSN Secure Gateway Ordering Thales will provide a written: Specification Document Level Agreement Deployment Plan that includes key milestone dates and any customer dependencies (part of the Order Form / Call Off Agreement) Which shall be agreed by the Customer / Thales as part of the Call Off Form / Agreement. On boarding and Off Boarding On Boarding: Coming on to the service will focus upon establishing the Customer Security Policy aspects that will be enforced by the Gateway. Thales IA staff will develop the necessary Gateway configurations and agree their operation and impact upon the users with the Customer representative before any operational handover (Assurance) is completed. The PSN Gateway manages the traffic at the network boundary and therefore will connect to PSN Connectivity, the Customer s local or third party networks, The integration with the WAN and application services will be completed as part of the service integration planning, documented by Thales through the Deployment Plan and associated customer specific configuration documentation. Points of contact are exchanged and the operational Manual reviewed with the customer to ensure Performance Reporting, Incident Management, Change Management and Security procedures are understood. The operation may go live in phases to suite the Customer requirements and to bed down changes to the existing Customer and User processes and procedures. Off Boarding: As part of the Off Boarding process the operational performance reports and incident records may be provided to the Customer on request. Security incident information stored in the SOC may be provided through the appropriate channels to maintain the security integrity and sensitivity of information. The does not archive Customer information or data that transits through the Gateway components. Operational and configuration records will be securely stored and maintained for the appropriate period in accordance with any legal and certification obligations set by the ISO standards, the PGA or the Government Department (Customer) prior to contract. A shut down schedule will be agreed so the service is terminated in orderly way to avoid disruption and facilitate and transition to an alternative provider. Page 9 of 12

10 Thales Definition for PSN Secure Gateway Customer Responsibilities Customers will need to: Provide suitably qualified employees with knowledge of the customer security policies to work with the Thales deployment team, enabling the systems to be correctly configured by Thales. Provide access to buildings if PSN Connectivity is procured from Thales at the same time. Provide contact details for an approved set of IT staff that will have access to the portal and have permissions to raise Incidents. Provide contact details for incident escalation. Ensure the customer network is compliant with relevant PSN Code of Connection requirements where appropriate Provide Security Manager contact details for reporting any notifiable security events Thales Commitment to Open Standards Thales has a commitment to adopting Open Standards during the Development process where standards exist and will continue to promote new standards where they add real customer value such as improved inter operability or lower maintenance and support costs Thales support for UK Government Information Principles Principle 2 - Information is Managed The principle requires that Information Assets are managed and protected in a manner commensurate with their value. The Thales Secure Gateway s are designed to enforce the Customer s own Security Policies to manage and protect information transiting a security boundary. This includes a range of information management best-practices delivered through the Network Operations Centre and the Thales GPG13 based Security Operations Centre- for example to ensure appropriate availability and integrity, to avoid exposure and loss. Principle 5 - Information is Re-used A joined up approach to the sharing of information across the public sector to deliver public services and to meet public task responsibilities is becoming increasingly important and expected. Page 10 of 12

11 Thales Definition for PSN Secure Gateway One of the key aspects of re-use is supported by the use of Secure Gateway s in enforcement of Security Policies that have been devised as a result of careful risk-based judgements with regard to exploiting vs. protecting UK Government information: External re-use sharing information with others across organisational boundaries, whether within the public sector, or more generally with private businesses and citizens Government ICT Strategy and Greening ICT Strategies In support of the Government Greening ICT Strategy the Thales Group has made protecting the environment one of its ethical values. The Group is committed to a proactive environmental protection policy (ISO and compliant with the European Eco- Management and Audit Scheme) and attaches importance to this principle within the framework of its activities. The design of Thales PSN s, their operational support and Data Centre selection supports both the ICT and Greening strategies through: Use of Open Standards and PSN interconnect specification to facilitate the creation of a common ICT infrastructure Developing a range of Securing the Cloud capabilities and gaining accreditation for ICT services that are an enabler for delivering government changes with the lowest IA risk Developing PSNA certified Gateway s to monitoring, managing and reporting on information transiting security boundaries in support of IA governance. In addition Thales implements an extensive quality control and management system, including organisational governance processes to manage and reduce risk, provide continuous process improvement and ensure customer satisfaction. Thales supports key principles of the Government ICT Strategy. Thales will work with UK Government to reduce unnecessary waste, ensure projects meet customer needs, timescales and budgetary constraints whilst delivering a sustainable and common ICT infrastructure. Contact To discuss or speak to Thales about our Gateway cloud services, we would be delighted to hear from you. We can be contacted on: thalesg cloud5@uk.thalesgroup.com Page 11 of 12

12