Development of the appropriate network security and
firewall solution for a client requires a wide range of different skills
and knowledge of different products. Security solutions are not commodity
items sold on price and service but rather require an in-depth understanding
of the issues and the ability to assist clients achieve the correct balance
between the different factors such as cost, performance, availability
It is important to understand that once network connectivity
is put in place a risk is created and the implementation of firewall devices
seeks to minimise those risks. Kerna has been developing security
solutions for its clients for over fourteen years using a diverse range of
products. These solutions have used leading edge product such as Checkpoint,
Sun, Juniper, TIS, Network Associates and CISCO across sectors such as Banking,
Government, Insurance and Health.
Typically a security project consists of three major phases:
- Policy development, the site security policy must be developed so
that the security requirements can be derived. It is strongly recommended
that a formal security policy document be produced but at a minimum
a written specification should be produced.
- Security implementation, firstly site resources must be protected through
a resilient set of firewalling measures. However, this implementation
process may also include user management and application specific measures
such as virus scanning, content striping and audit trails.
- Audit, any large scale security implementation will generally also include
an audit phase which often is undertaken as an independent exercise by
a different implementor from the main security project. Such audits are
an important part of maintaining ongoing security and typically might
take place every six months.
Through our consultancy and implementation groups we can satisfy all aspects
of a security project.
More recently companies have struggled to maintain an effective set of controls as the dynamic nature both of their business and the technologies underlying that business stretch the capabilities of traditional static firewall solutions. Increasing compliance and internal service level agreements cannot be met by existing security architectures and investment. Kerna can assist companies introduce new concepts to the security team to address these issues through
dynamic tools for data and systems managment and security.