Business Challenge Business needs confidential communications with partners and customers. Email inherently is open and insecure Up to 70% of Internet email may create an operational risk. Internal email threats may create legal liabilities and threaten market reputation. Both result in daily losses of productivity Your business depends upon email to communicate cost-effectively with employees, business partners and customers

Internal Email Threats Inappropriate or offensive email content Unauthorised personal use of email Leaks of sensitive or confidential information Reputation risk

Regulatory Compliance Drives business to reduce operational risks associated with email Basle II accord - Bank capital adequacy determined by risk Sarbanes-Oxley - Internal accounting controls law ISO27001 - Information security standard London Stock Exchange Combined Code - Best practice corporate governance

Technical Challenge Email encryption - diverse partners use different encryption systems. Need interoperability Smaller business partners and customers often do not use email encryption as they lack good IT support or training. A (zero install) secure email solution is needed that has no requirement for technical support or training Email threats are increasingly sophisticated and need up-to-date counter-measures

Kerna Solutions

Development of the appropriate network security and firewall solution for a client requires a wide range of different skills and knowledge of different products. Security solutions are not commodity items sold on price and service but rather require an in-depth understanding of the issues and the ability to assist clients achieve the correct balance between the different factors such as cost, performance, availability and risk.

It is important to understand that once network connectivity is put in place a risk is created and the implementation of firewall devices seeks to minimise those risks. Kerna has been developing security solutions for its clients for over fourteen years using a diverse range of products. These solutions have used leading edge product such as Checkpoint, Sun, Juniper, TIS, Network Associates and CISCO across sectors such as Banking, Government, Insurance and Health.

Typically a security project consists of three major phases:

• Policy development, the site security policy must be developed so that the security requirements can be derived. It is strongly recommended that a formal security policy document be produced but at a minimum a written specification should be produced.
• Security implementation, firstly site resources must be protected through a resilient set of firewalling measures. However, this implementation process may also include user management and application specific measures such as virus scanning, content striping and audit trails.
• Audit, any large scale security implementation will generally also include an audit phase which often is undertaken as an independent exercise by a different implementor from the main security project. Such audits are an important part of maintaining ongoing security and typically might take place every six months.

Through our consultancy and implementation groups we can satisfy all aspects of a security project.

More recently companies have struggled to maintain an effective set of controls as the dynamic nature both of their business and the technologies underlying that business stretch the capabilities of traditional static firewall solutions. Increasing compliance and internal service level agreements cannot be met by existing security architectures and investment. Kerna can assist companies introduce new concepts to the security team to address these issues through dynamic tools for data and systems managment and security.

Informed action

To reduce the operational risks and costs of email threats call or email Kerna to arrange a confidential security assessment.