While firms are keen to thwart cyberattacks with an in-house IT department, the reality is that they have to deal with limitations in know-how and field experience to deal with the onslaughts.
MORE and more companies live in fear over having an exposed flank somewhere in their cyber-systems which could be exploited by a hacker. This is the reality of running an organisation today where interconnected terminals can be infected with just one tiny breach in cybersecurity.
This is precisely what Ingram Micro Security Consulting and Services (IMSCS) can address. With more and more enterprises facing increasingly sophisticated attacks, an added big-ticket item in costs will include hiring IT personnel who can manage these attacks - on a daily basis.
IMSCS has also observed that firms are not just grappling with the increased costs of acquiring such technologies but also facing challenges in training the internal information security team to harness such cutting-edge technologies.
As much as the management of the organisations want the internal staff to pick up the application of these new technologies acquired, the fact is that they have limitations to cope with the different technologies deployed in such a rapid, changing environment, both in terms of resourcing and the respective technology skill set.
To address this, a system integrator or security professional services company needs to ramp up the operational skill, on top of the implementation skill of the different cybersecurity technologies. This will assist enterprises to:
- Have experienced security professionals in these technologies to hand-hold the initial rollout of the technologies deployed through fine-tuning the policies, rules and reporting to cope with the existing and newly discovered threat;
- Optimise the usage of existing cybersecurity technologies rather than buying into new technology that will take time to be implemented and operationalised;
- Lower the Total-Cost-of-Ownership (TCO) through quicker access to expertise with other different organisations;
- Have access to a "Knowledge-Gateway" that gives them a perspective of how other organisations are applying technologies as well as the lessons learnt.
Ingram Micro Security Consulting and Services was created to provide these highly specialised services to identify, protect and safeguard the cybersecurity of firms through a spectrum of services.
IMSCS provides consulting, implementation, operations as well as risk assessment services. IMSCS works closely with its customers offering security expertise and tailored services helping customers increase their efficiency, accelerate growth and manage risks better in today's high-risk cyber environment.
IMSCS applies its deep industry knowledge, technical excellence and delivery expertise to help customers attain their IT security objectives. Since its inception in 2008, IMSCS has delivered turnkey projects/services for more than 50 customers across the region.
It recently acquired local cybersecurity firm CNAV last year after two years of negotiations to boost its expertise and on-site attention to threats for companies in Singapore and the region.
CNAV, which had a turnover of about S$2 million year-on-year solely on providing high-tech services, was a good fit for Ingram Micro to grow its cybersecurity services arm. Said Charlie Chye, director of Ingram Micro Security Consulting and Services: "Now, IMSCS is poised to access a wider network of value partners with a more comprehensive regional services capability."
CNAV has an excellent track record in South-east Asia as a leading cyber-security technical consultant, certified to support solutions for industry leaders, including Symantec, RSA and IBM Security, just to name a few.
"With this acquisition, we gain a team of highly skilled and certified IT service professionals, capable of addressing solution gaps and customer requirements through customisation, scripting and enhancement services," Mr Chye said.
Francis Choo, vice-president and chief country executive, Asean and HK, at Ingram Micro, pointed out: "This acquisition brings about strong delivery capability in financial services industry and government; also serves multiple other verticals such as healthcare, marine, logistics, telco, manufacturing and SMB."
What is the priority of IMSCS with this new acquisition? Said Mr Chye: "Our immediate plan is to offer regional services capabilities to IMSCS's key vendors and customers who have been asking for such capabilities for several years."
IMSCS is currently working on projects in Malaysia, Hong Kong and Thailand but also keeping in their sights other emerging economies such as Indonesia, Vietnam and Myanmar where a few vendors have been asking for the same services.
IMSCS, being a purely professional services arm, is always on the cutting edge when it comes to protecting the systems of its customers. "We are constantly working on packaging innovative services to address the challenges our customers are facing in the cybersecurity threat landscape," said Mr Chye.
CONFIGURATION MANAGEMENT AND ASSURANCE SERVICE
Imagine that you have just completed production deployment of Symantec Security products. Now the real hard work begins in your organisation to ensure that the products can operate smoothly and adapt to changes in business policies and configurations to stay relevant.
Based on repeat requests from IMSCS's existing customers for ongoing production support to handhold their IT team in achieving steady state operation, IMSCS has packaged an innovative service called CMAS (Configuration Management and Assurance Service).
CMAS is an annual support programme to assist IMSCS customers with both product and operational issues providing peace of mind that the products will be successfully adopted in the organisation and deliver the anticipated returns on investment.
KEY BENEFITS OF CMAS
- Lower Total-Cost-of-Ownership (TCO): Instead of hiring skilled resources to handle various different products, this service provides access to a team of resources that are skilled and experienced in the branded products with a price that is less than a full-time professional managing the operations.
While it is always possible to invest in training for organisation resources, it could be expensive in the long-term compared to IMSCS's CMAS service.
- Optimised use of existing product investment: It is hard for a firm to constantly have all features of products utilised to the optimum as business needs are constantly changing.
It is common that an organisation purchases new products only to realise that the old product is capable of meeting the new business needs. CMAS does a yearly update of the organisation's business objective to make sure the product features are utilised to meet the new business requirements if applicable.
- Higher productivity: A typical product vendor provides only telephone or email support to its customers. This creates unnecessary time-lag due to the exchanges of numerous emails or phone calls for the information gathering of the environment and nature of the problem before the start of investigation. CMAS tackles this issue with consultants who are already familiar with the organisational environment and attends onsite if threats require urgent attention.
- Focus on core business: Especially in a highly productive environment where hired resources are fully utilised to run the core business, CMAS provides resources to shield organisations from having to bone up about the product and pay the price of trial-and-error.
IMSCS's service package is the fastest, easiest and most effective way to get started to understand vulnerabilities and proactively address threats. Customers can get started in less than two weeks with veteran consultants certified in CISSP, CISA, OSCP and CREST certifications (specialised cyber-systems qualifications) willing to not just meet expectations but enthral with their methodology and knowledge of the security landscape, having successfully delivered projects in Vulnerability Assessment and Penetration Testing.
VULNERABILITY ASSESSMENT (VA) AND PENETRATION TESTING (PT)
One of the most critical services in IMSCS's repertoire is the Vulnerability Assessment (VA) and Penetration Testing (PT) which is a key focus in cybersecurity for an organisation's IT strategy and audit requirements. IMSCS helps firms achieve a smooth audit process, business agility, enhanced operational efficiency and long-term cost savings.
Penetration testing helps the company shape its information security strategy by identifying vulnerabilities, quantifying their impact and likelihood so they can be managed proactively within allocated budget and corrective measures implemented.
Besides providing VA and PT services as a one-time project, IMSCS can also provide customers with the option of an annual subscription which is a very flexible, scalable package which is also cost-effective.
Compliance Services Use Case
Customer: Financial Institute
The Customer has had the Automated Compliance Tool implemented for a few years. The tool is running healthily and Product Vendor had shown many features available multiple times to the administrator of the Compliance Tool. However, the Customer:
- Can't produce the evidence of full compliance of their asset to auditor
- Doesn't know the designated compliance team progress in achieving full compliance for the whole organisation
- Compliance Review Consultant orchestrates the review process through the established
- Asset-Compliance-Life-Cycle for all assets
- Consultant identifies and documents assets that are not fully compliant and works with Customer's platform administrators to remedy or extract the evidence to justify the non-compliance
- Develop reports to show the number of assets in 100 per cent vs non-100 per cent compliance and shows the number of critical assets in 100 per cent compliance
- Ongoing Operational support services to develop new Compliance Standard for new platform
- Ongoing Operational support services to respond to infrastructure or operational problems
Outcome of the solution by Services Team:
- FSI shows 100 per cent compliance reports for the targeted assets
- Management can retrieve reports that show the number of assets that are in 100 per cent vs non-100 per cent compliant out of total assets in the organisation.