Protecting your systems and data is no longer optional
The threats are real & present. They are in the news every day. Cyber criminals, hacktivists, nation-state sponsored theft of Intellectual property, intrusive tracking and data collection by many governments, theft and misuse by employees and contractors, not to mention good old fashioned accidental data loss. With recent changes to Government legislation driving mandatory disclosure of breaches and heavy fines for individuals or companies. Can you afford to keep sensitive customer data unprotected?
We have a range of solutions and services that can help you to increase the security of your data, meet compliance requirements should you need to, and also solve some specific challenges with some very sophisticated integrated and custom solutions. Our job is to help you select and implement in the right solutions to fit your needs.
The threats are real & present. They are in the news every day. Cyber criminals, hacktivists, nation-state sponsored theft of Intellectual property, intrusive tracking and data collection by many governments, theft and misuse by employees and contractors, not to mention good old fashioned accidental data loss. With recent changes to Government legislation driving mandatory disclosure of breaches and heavy fines for individuals or companies. Can you afford to keep sensitive customer data unprotected?
We have a range of solutions and services that can help you to increase the security of your data, meet compliance requirements should you need to, and also solve some specific challenges with some very sophisticated integrated and custom solutions. Our job is to help you select and implement in the right solutions to fit your needs.
Leverage the Cloud without losing control of your data
The cloud is a natural evolution in the use of Information technology services. In a very short period we have seen IT systems move from discrete standalone systems, to network connected to the Internet, collaboration and now with Cloud leveraging centrally published services. Cloud is here to stay, it provides organisations with a range of new innovative cost effective options to leverage IT services in a more flexible and commoditized manner.
As always there is often caveats in any solution and one major risk with the cloud is around the safety and security of your data. You hand your data to a cloud service provider, sometimes across a secure link, others just across the Internet. You are often bound by one sided legal "click thru" end user terms that provide you little or no protection but do protect the cloud provider. You also have little or no knowledge of the geographical location your data is stored in and no control over their administration staff who touches your data.
Nuvola Group can provide either turnkey or customized solutions that allow you to use Cloud services (SaaS applications) with strong security and peace of mind by selectively protecting certain types of data.
We have a range of flexible options that can provide transparent data protection in any direction that your data flows (inbound or outbound). We can protect data staff send to online services (e.g. CRM, Accounting) or data from your customers (e.g. online survey tools). So your data is encrypted as it leaves your organisation and is stored in the cloud and decrypted as it returns to remove any impact to your systems and users. It is seamless and transparent.
The cloud is a natural evolution in the use of Information technology services. In a very short period we have seen IT systems move from discrete standalone systems, to network connected to the Internet, collaboration and now with Cloud leveraging centrally published services. Cloud is here to stay, it provides organisations with a range of new innovative cost effective options to leverage IT services in a more flexible and commoditized manner.
As always there is often caveats in any solution and one major risk with the cloud is around the safety and security of your data. You hand your data to a cloud service provider, sometimes across a secure link, others just across the Internet. You are often bound by one sided legal "click thru" end user terms that provide you little or no protection but do protect the cloud provider. You also have little or no knowledge of the geographical location your data is stored in and no control over their administration staff who touches your data.
Nuvola Group can provide either turnkey or customized solutions that allow you to use Cloud services (SaaS applications) with strong security and peace of mind by selectively protecting certain types of data.
We have a range of flexible options that can provide transparent data protection in any direction that your data flows (inbound or outbound). We can protect data staff send to online services (e.g. CRM, Accounting) or data from your customers (e.g. online survey tools). So your data is encrypted as it leaves your organisation and is stored in the cloud and decrypted as it returns to remove any impact to your systems and users. It is seamless and transparent.
Keys and Certificates
Keys and certificates have become critical parts of an enterprise infrastructure and a primary means used by organizations, applications and vendors when establishing trust. , be it an SSL connection to a website, between applications or for administrative purposes. Most organisations are aware of a fraction of the keys and certificates in use with these exponentially increasing over time with the proliferation of self-signed certificates. It is the establishment of this trust that poses the largest risk to organisations.
Several critical events can occur without appropriate visibility and management of these assets:
Nuvola has capabilities to manage the following critical security components:
With these comprehensive capabilities Nuvola is able to assist companies to regain control and ensure that the trust is maintained and only used appropriately.
Keys and certificates have become critical parts of an enterprise infrastructure and a primary means used by organizations, applications and vendors when establishing trust. , be it an SSL connection to a website, between applications or for administrative purposes. Most organisations are aware of a fraction of the keys and certificates in use with these exponentially increasing over time with the proliferation of self-signed certificates. It is the establishment of this trust that poses the largest risk to organisations.
Several critical events can occur without appropriate visibility and management of these assets:
- If certificates expire applications stop working, often necessitating lengthy outages and complex remediation and distribution of new certificates
- Once a hacker is able to obtain a certificate and enter your organisation under the guise of a trusted source they bypass all of your expensive and extensive security controls exposing you to not only risk but lack of visibility which allows for a sustained attack with little chance of detection
Nuvola has capabilities to manage the following critical security components:
- Certificate Lifecycle Management - including the ability to discover what certificates are in use within an organisation
- Key Management (SSH, RSA, Symetric) - including the provisioning of new certificates against internal and external CA's and regular rotation of SSH Keys
- HSM Management and dashboards
With these comprehensive capabilities Nuvola is able to assist companies to regain control and ensure that the trust is maintained and only used appropriately.
Data, data, data....use it to your advantage
Nuvola has been involved in enterprise architectures and environments for a long time and seen the impact of poor decisions and poor problem/diagnosis in organisations who lack the visibility which correlates to them making inappropriate and misinformed decisions. Nuvola also understands the value of providing detailed information about operational effectiveness in processes, often required by auditors and assessors of compliance.
We have tied together a number of key areas normally available in enterprise environments to provide the visibility both from an audit standpoint but also for operational monitoring leading to better processes. We look to customise our core tools to meet the specific needs of a customer using not only our technical skills but also business expertise to identify and make visible the key drivers and metrics required for business outcomes. The areas we have a core focus on to provide the level of visibility required are:
From these data information feeds we are able to collaborate on the key drivers and metrics that run customer's businesses to build custom dashboards to cover a wide range of business, legislation, compliance and security views of performance, events and ongoing monitoring.
Nuvola has been involved in enterprise architectures and environments for a long time and seen the impact of poor decisions and poor problem/diagnosis in organisations who lack the visibility which correlates to them making inappropriate and misinformed decisions. Nuvola also understands the value of providing detailed information about operational effectiveness in processes, often required by auditors and assessors of compliance.
We have tied together a number of key areas normally available in enterprise environments to provide the visibility both from an audit standpoint but also for operational monitoring leading to better processes. We look to customise our core tools to meet the specific needs of a customer using not only our technical skills but also business expertise to identify and make visible the key drivers and metrics required for business outcomes. The areas we have a core focus on to provide the level of visibility required are:
- Log Management
- Big Data & Dashboards
- SIEM
- Vulnerability assessments
From these data information feeds we are able to collaborate on the key drivers and metrics that run customer's businesses to build custom dashboards to cover a wide range of business, legislation, compliance and security views of performance, events and ongoing monitoring.
Are you addressing customer data Privacy & Disclosure requirements and risks?
It is becoming increasingly important to understand and manage the risk associated with the storage of information about individuals or groups. Privacy related information normally covers areas such as customer records, contracts, partner or payment transaction information. Many companies are starting initiatives to identify what and where information that is subject to privacy considerations exists to ensure they are not caught by these sweeping changes and have the time to prepare now.
Governments around the world are increasingly legislating for tougher requirements, penalties and disclosure provisions for companies and their handling of customer data and Personally Identifiable Information (PII).
Getting this wrong can lead to breaches of law, but also breaches of confidence and trust. Many firms do nothing because they don't know where or how to tackle these issues, and even with the best of intentions get stuck. With the imminent strengthening of privacy legislation and potential mandatory disclosure laws there is no better time to contact Nuvola so that a more thorough investigation and risk profile can be extrapolated. We have practical, cost effective and proven solutions and services to help solve these issues.
What does this mean for Australian companies? The following timeline summary gives a view to strengthened Privacy legislation.
The Privacy Amendment was introduced to Parliament on 23 May 2012 and was passed with amendments on 29 November 2012. It is a part of the privacy law reform process that began in 2006 and it introduces many significant changes to the Privacy Act. While these changes will not start to impact companies until March 2014, Australian Government agencies and businesses should start preparing now.
It is becoming increasingly important to understand and manage the risk associated with the storage of information about individuals or groups. Privacy related information normally covers areas such as customer records, contracts, partner or payment transaction information. Many companies are starting initiatives to identify what and where information that is subject to privacy considerations exists to ensure they are not caught by these sweeping changes and have the time to prepare now.
Governments around the world are increasingly legislating for tougher requirements, penalties and disclosure provisions for companies and their handling of customer data and Personally Identifiable Information (PII).
Getting this wrong can lead to breaches of law, but also breaches of confidence and trust. Many firms do nothing because they don't know where or how to tackle these issues, and even with the best of intentions get stuck. With the imminent strengthening of privacy legislation and potential mandatory disclosure laws there is no better time to contact Nuvola so that a more thorough investigation and risk profile can be extrapolated. We have practical, cost effective and proven solutions and services to help solve these issues.
What does this mean for Australian companies? The following timeline summary gives a view to strengthened Privacy legislation.
The Privacy Amendment was introduced to Parliament on 23 May 2012 and was passed with amendments on 29 November 2012. It is a part of the privacy law reform process that began in 2006 and it introduces many significant changes to the Privacy Act. While these changes will not start to impact companies until March 2014, Australian Government agencies and businesses should start preparing now.
Test Data Protection and Control
Nuvola provides a cost effective, flexible yet powerful data transformation engine providing a range of data protection options for the creation and obfuscation of test, training and customer/partner data. Our physical or virtual appliance provides a simplified method to provide protected data for a variety of use cases and includes the ability to:
Nuvola provides a cost effective, flexible yet powerful data transformation engine providing a range of data protection options for the creation and obfuscation of test, training and customer/partner data. Our physical or virtual appliance provides a simplified method to provide protected data for a variety of use cases and includes the ability to:
- Easily create test data sets with multiple ingestion/export connection methods and input/output formats
- Supports file transfer by FTP, SFTP, SMB/SAMBA
- Configurable scheduling allows for automated file pickup, processing and delivery
- Use format preserving encryption allowing data to be imported directly into systems transparently with highly scalable performance
- Protect individual fields with the same or different keys and users or groups with different views to provide granularity of protection and access
- Remotely managed appliance with a web based interface for creation of file import/export configuration and formats
- Customised to meet customer requirements with optional reporting and operational dashboards (Splunk based)
- OpEx based annual or quarterly subscription model with minimum commitment levels ensures simple usage based adoption
