Our Framework2019-09-25T16:55:32+00:00

Frontier Data Security & Management Framework

Developing a comprehensive information security program can be challenging. There are many elements to consider – corporate policy, data encryption, access privileges, intrusion detection, disaster recovery, to name just a few. Aside from perfecting the information security process, businesses now need to comply with many more regulatory requirements than ever before, such as GDPR, PCI-DSS, HIPAA, ISO 27001, MIFID2 etc.

Contact us today

There are many individual frameworks surrounding IT security, for example cyber security, data protection, ISO; each with their own dedicated model. However, these frameworks only cover these specific niche areas. There is no comprehensive all-encompassing framework, covering every aspect of IT data security and management, until now. Frontier have launched a Framework providing an easy-to-follow methodology, in order to seamlessly implement the required solution.

Built upon our 15-year consulting experience around IT infrastructure and security, we have developed a ten element data security and management framework for organisations to adopt. Based on business requirements and use cases, an organisation can use our framework to define possible solutions, manage risk and reduce vulnerabilities.

1. Partnership

The first element is relatively simple and easily applicable, drawing on techniques of innovation, reputation and communication.

Finding a technology partner and being able to understand your current and future requirements is vital. The right technology partner should understand challenges you are facing, solutions available to you and assets you should be protecting.

Contact us today

2. Infrastructure

Our Framework involves both infrastructure assessment and security assessment.

The availability and security of data can only be guaranteed, when the underlying infrastructure is appropriately provisioned, managed and secured. When infrastructure is in the cloud, you need to consider vendor and technology lock-in and the cost of moving data back in house, or to another provider, if required .

Contact us today

3. Connectivity

Using a reliable and secured network to access your data would, without question, increase data integrity.

Using a secure network to access your data increases its integrity. If your data is stored in the cloud, the provider should logically separate your network from others. It is vital to monitor, predict and detect potential issues, from within the network .

Contact us today

4. Secure Access

Before gaining access to the required data, all users must provide their identity and authenticate to the system. The system must record who has logged in and when, for auditing purposes.

Providing a good, seamless user experience, reduces the risk of users finding un-authorised workarounds. All users must authenticate to the system, before gaining access to data. The system must record logins, for audit and compliance purposes. All connected devices should be scanned and must adhere to corporate security policy .

Contact us today

5. Governance

One should always be aware of the status of their data. Where is it stored and located?

Wherever your data is stored, you must be aware of the location, and be able to classify it, so it can be searched, archived, audited, backed up, deleted, moved etc., in compliance with corporate data governance policy. Ideally, you would avoid vendor lock-in to your data. All Data should be encrypted at rest and during transit .

Contact us today

6. Process

Having processes in place will avoid any uncertainty.

Should a data breach be detected, there should be a documented (or ideally an automated) process, for actions and notifications. This process should also outline remediation steps and define roles and responsibilities of personnel.

Contact us today

7. Data Protection

After users have securely gained access to the system, they must be authorised and authenticated, before accessing any data. Such access must be recorded, for auditing purposes.

Identity is the new security paradigm, this should become the focus of your data security efforts. Users must be authorised before accessing any data and such access must be recorded. Users should only be granted the appropriate level of access, for the work they need to carry out at the time. All critical data should be backed up in multiple locations, with as little differences between them as possible.

Contact us today

8. Audit

Reviewing processes and data goes without saying. We can assist with anything from an audit trail, to analytics, to alerting.

All data access must be recorded for future reference and audit. If abnormal behaviour is detected, it should generate appropriate alerts and instigate action. Compliance officers should be able to query the logs, with minimal effort .

Contact us today

9. Validation

We can collaborate with you on validation of data, using inventory audit, systems gap analysis or infrastructure review, for example.

IT systems and monitoring solutions put in place require regular validation and audit. This ensures effectiveness, accuracy and integrity, as well as compliance with corporate policies and frameworks. Regular risk analysis and system inventory audit, is known to increase the effectiveness of the systems.

Contact us today

10. End Users

The final stage of our Framework involves the end user; training them in the correct processes; perfecting internal communication and secure device management.

All data access requests are generated from an end user device, such devices should be well managed and maintained. It is important to make users aware of the risk of a data breach, processes and technologies in place to address such a breach, how to use the processes and most importantly how to avoid the breach.

Contact us today

Schedule a one-on-one call

Get the answers you need from an available Frontier Technology expert.

Schedule a consultation