G-Cloud IV Services Service Definition Accenture Cloud Security Services

Similar documents
G-Cloud III Services Service Definition Accenture Cloud Security Services

G-Cloud IV Services Service Definition Accenture Force.com Cloud Services

G-Cloud IV Framework Service Definition Accenture Web Application Security Scanning as a Service

G-Cloud II Services Service Definition Accenture Cloud PaaS Implementation Services AWS Beanstalk

G-Cloud II Services Service Definition Accenture Cloud SaaS Implementation Services Google Apps

G-Cloud IV Services Service Definition Accenture Netsuite Cloud Services

G-Cloud III Services Service Definition Accenture Cloud Integration Services

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services

G-Cloud II Services Service Definition Accenture Cloud Infrastructure Implementation Services

G-Cloud III Framework Service Definition Accenture Azure Cloud Services

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

G-Cloud IV Framework Service Definition Accenture Medical Imaging Managed Service (AMIMS)

Embrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: Fax:

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

Accenture and Salesforce.com. Delivering enterprise cloud solutions that help accelerate business value and enable high performance

Enterprise Data Management for SAP. Gaining competitive advantage with holistic enterprise data management across the data lifecycle

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Preemptive security solutions for healthcare

Retail store systems for high performance

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Safeguarding the cloud with IBM Dynamic Cloud Security

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Growth Through Excellence

Accenture Life Sciences Cloud for Commercial Services

G-Cloud IV Services Service Definition Accenture Managed Services for SaaS

SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT

Specialist Cloud Services. Acumin Cloud Security Resourcing

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

IoT & SCADA Cyber Security Services

Accenture cloud application migration services

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

The Accenture Foundation Platform for Oracle. Enter

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

CFIR - Finance IT 2015 Cyber security September 2015

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Enterprise Security Architecture

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IBM Security Privileged Identity Manager helps prevent insider threats

STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE

Driving an Upswing in a Downturn at PolyOne. High Performance through Business Transformation

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

How successful is your campaign and promotion management? Towards best-practice campaign management strategies

Accelerating High Performance with Accenture Application Services for Java

G-Cloud IV Services Service Definition Accenture Mobility Services

Accenture Human Capital Management Solutions. Transforming people and process to achieve high performance

Accenture and Software as a Service: Moving to the Cloud to Accelerate Business Value for High Performance

Accenture Foundation Platform for Oracle

IT Heath Check Scoping guidance ALPHA DRAFT

DEVOPS: INNOVATIVE ENGINEERING PRACTICES FOR CONTINUOUS SOFTWARE DELIVERY

CA Technologies Healthcare security solutions:

locuz.com Professional Services Security Audit Services

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

The Cadence Partnership Service Definition

Committees Date: Subject: Public Report of: For Information Summary

How To Buy Nitro Security

NEC Managed Security Services

GRC Stack Research Sponsorship

Service Definition Document

OPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE

The power of collaboration: Accenture capabilities + Dell solutions

HP Security Framework. Jakub Andrle

ESKISP Manage security testing

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

A HELPING HAND TO PROTECT YOUR REPUTATION

BUILD YOUR CYBERSECURITY SKILLS WITH NRB

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV

INFORMATION PROTECTED

Developing an IT agenda to position the business for the future

Accenture Human Capital Services for SuccessFactors

Playing to Win. Accenture and Salesforce.com Optimize Customer Experiences with Service Cloud Solutions

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

A new era for the Life Sciences industry

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Cloud Computing in the Victorian Public Sector

Cloud Computing - Benefits and Barriers for Retail Adoption

MANAGE THIRD PARTY RISKS

The Supply Chain Academy

Data Management Emerging Trends. Sourabh Mukherjee Data Management Practice Head, India Accenture

GPG13 Protective Monitoring. Service Definition

PCI DSS READINESS AND RESPONSE

Reputation. Further excellence. business continuity. risk management. Data security

Overview. Service Description: BCP & DR Strategy (L6)

ISO Information Security Management Services (Lot 4)

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

Accenture Customer Engagement. A Comprehensive Digital Marketing Managed Service Built on Adobe Marketing Cloud

Publication 805-A Revision: Certification and Accreditation

ESKISP Conduct security testing, under supervision

Addressing Cloud Computing Security Considerations

IT Security. Securing Your Business Investments

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Microsoft Dynamics CRM as a. Service. G-Cloud Pricing. Service - Pricing. Commercial in Confidence

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CloudCheck Compliance Certification Program

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview

Transcription:

G-Cloud IV Services Service Definition Accenture Cloud Security Services 1

Table of contents 1. Scope of our services... 3 2. Approach... 3 3. Assets and tools... 4 4. Capabilities... 5 5. Expected Outcomes... 6 6. Reference... 6 7. Pricing... 7 8. Contacts... 7 9. About Accenture... 8 10. Additional Information... 8 2

1. Scope of our services This document describes Accenture s Cloud Security Services, and should be read in conjunction with the associated Government Cloud IV Services documentation. These services include repeatable processes for identifying security requirements, assessing the security posture and authorising the movement of an application to the cloud. These services are based on enterprise architecture principles and standards (including The Open Government Architecture Framework or TOGAF) but have security as their central focus, reusing principles from Sherwood Applied Business Security Architecture (SABSA). Accenture provides the following Cloud Security services: Support in the selection of a Cloud Services model (SaaS, IaaS or PaaS). Support to understand the risk associated with specific Cloud Service Models and to identify potential impacts and mitigations. Support to understand risk acceptance criteria and prioritisation of risks based on business impact. Identification of contributors to risk and the weak links in systems. Identification of areas to strengthen protection and recommendations for improvements. Identification of security controls necessary for an application (for example): o Integration with Security Gateways to encrypt/tokenise sensitive data before going to the Cloud o Identification of roles and associated privileges o Integration with Identity Management System o Integration with Single Sign-On system o Other integration services Assessment of the security posture of Cloud Service Providers. Formal assessment techniques (for example): o Vulnerability scanning o Penetration testing o Architecture review/assessments o Mapping of technical vulnerability against business impacts and business processes Development of approaches for securing data and applications with Cloud Service Providers. Accenture has 20 years of experience in public sector security including work subject to the Security Policy Framework (SPF) and Good Practice Guidelines from CESG (Communications-Electronics Security Group). These experiences, combined with the most recent thinking and policy from G-Cloud and Government Protective Marking Review is considered through the security assessment. The experience and methods will help G-Cloud clients to strike the right balance between the assurance and the security of the organisation s data assets whilst delivering high performing and cost effective operational services. 2. Approach Accenture s approach includes a series of toolkits and templates for all phases of a cloud implementation and has been developed with clients in numerous industries across the world. These assets and this experience will be reused where appropriate for the Authority and for G-Cloud delivering unparalleled value in the cloud marketplace. The following outlines the process for a Cloud Security involvement. Timelines will vary and will depend on the scope of the services as well as the scale and number of the environments in question. 3

Accenture s Cloud Security Processes 3. Assets and tools Our services are supported by a number of assets and tools applicable at all stages of the process. Historically this is an approach favoured by many of our clients. These assets include formal requirements gathering methods, the Cloud Security Assessment Toolkit, Enterprise Risk Toolkit, among others. These include formal methods and tools for assessing security risks, identifying security vulnerabilities and approaches for developing a road map with the G-Cloud customer for improving cloud security or implementing cloud computing. The following diagram shows some of the tools which support our services in the initial assessment phase: Accenture tools supporting the development of a Cloud Security Assessment 4

After the initial assessment and determination of the scope of the Cloud Security assignment, other toolkits can be employed depending on the needs of the G-Cloud customer. Accenture has toolkits and accelerators for Identity and Access Management, Client Data Protection, Infrastructure Security, among others, that can help ensure the Cloud Security assignment and the integration of other applications with the Cloud application are successful. 4. Capabilities Our Information Security Services help organisations to achieve: Increased shareholder value by reducing risk, costs and complexity Elevated brand positioning and credibility through standards compliance and transparent auditability Improved productivity and business growth as a result of the implementation of flexibly secure, integrityassured, extensible services Increased customer trust and loyalty by reliably safeguarding client and customer information and systems against threats and attacks. We offer three main security Capabilities: Accenture s Security Capabilities Security strategy and risk services: We help clients assess their security posture and risk tolerance, determine the appropriate level of security for various operations, and design a comprehensive strategy that supports the business goals. Application and infrastructure security: Our enterprise security solutions leverage complex packaged applications or custom applications. Our infrastructure security solutions start with getting security right in the network and all other elements of the clients infrastructure from the endpoints to the data centre. Identity and access management: We implement processes and tools that centralise and streamline access within the enterprise and by enhancing clients identification and verification management capabilities we help them enable business opportunities. 5

5. Expected Outcomes Accenture s Cloud Security Services provide the Authority and G-Cloud customers with formal deliverables which provide an overview of the customer s environments and systems in the cloud and how the cloud impacts the client s: Data Protection needs Risk posture and residual risks Existing accreditation status The documentation also allows the customer to prioritise remediation activities using the Accenture road map while recognising the constraints of the architecture in question. Whilst the focus of an assessment is on confidentiality, integrity and continued availability of the organisation s assets, our approach and methodology also enables the Authority or the G-Cloud customer to use the potential outcomes as part of any existing risk management processes as required by HMG standards and processes. Additionally, Accenture aims to provide the G-Cloud customers the ability to make use of state-of-the-art Cloud Services, with all the associated benefits and, at the same time ensuring that adequate security controls are put in place to protect the customer data. Accenture can achieve this by implementing the adequate security controls around the Cloud Services producing the following outcomes for example: Integration with Cloud Security Gateway: ensures compliance with strict data privacy and data residency requirements using state-of-the-art Cloud Security controls. With this integration G-Cloud customer sensitive data can be stored within the client premises and minimise impact in terms of functionality in the Cloud Services. Integration with Identity and Access Management system: allows more granular control on who can access the Cloud Services and specifically what can be accessed. Tailored to the auditing and management needs of the customer. Integration with Single Sign-On system: provides more control in terms of the access of the system, making use of the existing internal security access controls of the customer. Integration with other customer systems: given our experience in the system integration and security fields, Accenture is able to provide integration between the G-Cloud customer systems with the goal of ensuring compliance with the Authority and the strict G-Cloud customer requirements. 6. Reference In order to illustrate what Accenture is able to deliver, we present one of the solutions we have already deployed successfully to some of our clients. In this example, Accenture engaged with the client company, leading data classification, data privacy and data residency requirement gathering sessions to help the company determine the set of information most vital to their business. With this in mind, we selected and deployed a Security Gateway in every sub-organisation of the company with data privacy and data residency concerns. These gateways ensured sensitive data would be protected before they went to the Cloud Service. Sub-organisations which had strict data residency requirements were able to store their sensitive data within their premises. The Security Gateways mediated all the interactions between users and other systems with the Cloud Service. Each Security Gateway used different protection mechanisms and ensured only selected personnel would be able to get the real data in clear text, when accessing the Cloud Service through it. Users were allowed to access the Cloud Service only after authenticating in the company global Single Sign-On system. This ensured a higher level of security. In order to request access to the system, users could place their requests in the 6

company global Identity and Access Management system where, after approval, the account provisioning processes would be triggered to create the account for the user in the Cloud Service. In order to allow all the data contained in the local applications in the sub-organisations to be ported into the Cloud Service, a specific Extract Transform and Load (ETL) system was developed to analyse all the data, remove duplicates and cleansing the data before it went to the Cloud Service. The inputs to this system were flat files exported by the suborganisations and exported to a secure FTP system where the ETL processes were able to gather them. Accenture was fully engaged with the company privacy manager and legal advisors, the Security and Infrastructure teams, the Business and with the counterparts in the sub-organisations to ensure the whole process was compliant with the requirements necessary to allow the use of the Cloud Service and make use of its benefits. With this project we helped defining the roadmap for Cloud Service adoption on the client. Accenture Cloud Security reference 7. Pricing Please refer to the associated Pricing Document relevant for this Service. 8. Contacts Simon Mitchell (Accenture Health & Public Services Sales Lead) Email: sales.support.uk@accenture.com Telephone: ++44 7702 234537 7

9. About Accenture Accenture is a global management consulting, technology services and outsourcing company, with approximately 269,000 people serving clients in more than 120 countries. Combining unparalleled experience, comprehensive capabilities across all industries and business functions, and extensive research on the world s most successful companies, Accenture collaborates with clients to help them become high-performance businesses and governments. The company generated net revenues of US$27.9 billion for the fiscal year ended Aug. 31, 2012. We have five industry-focused Operating Groups (OGs) including Health & Public Service, Communications Media & Technology, Financial Services, Products and Resources and these are supported by three Growth Platforms: Management Consulting, Technology and Outsourcing. Example: Specifically within the area of cloud security we: Rank as a leader in Forrester Research, Inc. s The Forrester Wave : Information Security and IT Risk Consulting, Q1 2013. Are a Cloud Security Alliance Corporate Member Are standards contributor to the Trusted Cloud Initiative Offer global scope and coverage more than 1,600 security professionals worldwide with 389 Certified Information System Security Professionals (CISSP), 19 Certificate of Cloud Security Knowledge (CCSK) practitioners and 11 Sherwood Applied Business Security Architecture (SABSA) certified architects 10. Additional Information Forrester Research, Inc., Forrester Wave : Information Security and IT Risk Consulting, Q1 2013 Excerpt: Accenture s experience and good value ensure client satisfaction and repeat business. Accenture has excellent technical capabilities and seeks to pragmatically embed security into customers business processes rather than just deliver technology solutions. As an experienced global systems integrator, Accenture demonstrates strong security programme and project management that inspires considerable repeat business. Accenture uses a centre of excellence in India for much of the company s operational client work. Doing this allows Accenture to provide very competitive pricing that customers applauded. Accenture s practice focuses on complex and unusual security transformation projects. 8

Copyright 2013 Accenture All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Copyright 2012 Accenture All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information