Thus, our consulting and design offerings cater to the specific needs of each customer based on their business critical parameters, and this is brought about by the in-depth analysis done by us to relate your requirements to security functionality and hence the best-fit solution.

Global Risk Management Solutions:
Information risk assessment services (IRAS)
Information risk assessment forms the foundation for identifying security needs for any organization and implementing a comprehensive security solution.

Convola provides following services to organizations under its IRAS offerings:
Risk Assessment services - This considers the Threats, Vulnerabilities and Impacts as well as the controls environment by considering the preventive, detective and corrective/compensatory controls. This focuses on the various processes and assets within the organizations.

Risk assessment could include the following:

• Vulnerability scanning and assessment
• External and internal penetration testing
• Business applications security review
• IT process assessment
• Code review
• Risks emanating from non compliance with regulatory requirements for (SOX, HIPAA, GLBA, California Privacy Act, European Data Privacy Act etc).

Information security policy management solutions:
Information security policy management solutions aim at assisting organizations in establishing world class IT Governance framework.
Convola provides following services to organizations under its BCP/ DRP solutions offerings:

• Development/ Review of policies and procedures
• Information security training and awareness

Convola leverages on standards and frameworks like BS7799/ ISO17799, BS15000, ITIL, CobiT and COSO to assess the as-is status of various IS management practices and internal control environment, identify key concern areas and provide practical recommendations. The same is done with a view to assist clients in achieving world class IS management practices and control environment.

Business Continuity Planning (BCP)/ Disaster Recovery Planning (DRP) solutions
BCP/DRP solutions focus on providing organizational capability to build resilience in business processes and IT infrastructure.
BCP can be defined as the process of developing advance arrangements and procedures within an organization for the purpose of responding to a disaster or significant business interruption so that critical business processes resume within acceptable time limits as specified by senior functional managers.

Business Continuity initiatives focus on ensuring “survivability” of the organization and it considers all the requirements of the business processes for downsized operations.
DRP is a subset of BCP and it focuses on developing advance arrangements and procedures pertaining to the IT infrastructure that support identified critical business processes that are covered as per the BCP document.
Convola provides following services to organizations under its BCP/ DRP solutions offerings:

• Business impact analysis
• Recovery options analysis and recovery strategy formulation
• BCP/ DRP document development
• BCP/ DRP training
• Assistance in BCP/ DRP testing

Governance and Compliance Readiness Solutions:

IT Governance:
IT Governance is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.
Convola IT Governance and Management Consultancy leverages on frameworks like COBIT and ITIL to assess the as-is status of the various IS Management practices in clients, identify the focus areas for strengthening the management practices and assist clients in evolving the required processes to meet the business objectives.

Compliance Readiness:
Compliance with regulations has become a paramount corporate issue, as it directly bears upon the right of an enterprise to continue operations.
Convola compliance services are aimed at enabling organization to achieve compliance with various laws and regulations as relevant to their business domain. We also help integrate these initiatives into the business practice, so that compliance becomes a sustainable element of enterprise operations.
Convola compliance readiness service offerings include Sarbanes Oxley Act (SOX) Compliance, HIPAA Compliance, Global Trust and Privacy compliance (e.g. CA Privacy/ GLBA / US Safe Harbor / EU / NPA), SAS 70, BS 7799/ ISO 17799, COPA, BASEL II and Homeland Security.

IT Security Strategy and Architecture:
Information security strategy
Information security strategy planning assists organizations in arriving at a strategy document which relates to the organizational vision/ mission and Business strategies. Information Security strategies are significantly influenced by the Business strategies of an organization and may undergo changes as and when Business strategies/ vision/ mission of the organization undergo change(s)

Convola assists its clients in developing a comprehensive information security strategy addressing the key security components that pertain to ‘people’, ‘process’ and ‘technology’ with a view to build proactive and integrated framework for managing security risks.

Information security architecture
Information security architecture links various components of the Information technology (IT) infrastructure and provides a conceptual design of the security infrastructure. Information security architecture is developed with specific focus on creating and maintaining a robust and secure computing environment for conduct of business. A robust Information security architecture assists in maintaining confidentiality, integrity and availability of IT assets. Increasingly, it is also becoming a prerequisite for meeting various compliance requirements.

• Assessment of as-is status of the IT infrastructure and identification of key concern areas. Practical recommendations are provided to plug security vulnerabilities by implementing effective controls.
• Design of security architecture and development of relevant policies and procedures (if needed).

Development (Enterprise Security Services)
IT Security – Development and Integration services
Many organizations fail to crystallize their investments and obtain the envisaged return on investment on consulting projects, as they may not able to address the multiple hurdles in the process of implementing the recommendation stemming out of a consulting project. A critical differentiator of Convola is that we work with clients from consulting through the solution enablement phase to help them realize the envisaged benefits. To do this we use our security framework and build a comprehensive solution for your business. The Convola methodology for delivering your information security needs goes much deeper than a mere application of technology. Due to our long list of relationships, we can choose from a diverse set of technologies to architect an appropriate solution for you.

• Global Identity & Access Management Solutions
• Global Data Privacy & Security Solutions
• Enterprise wide encryption solutions
• Web services security
• Secure payment solutions
• Digital rights management

IT Security Management
Our Integrated Security Management Services provide you with a robust framework which makes protecting your businesses, e-commerce infrastructure and computer networks from unauthorized access easy and affordable. Convola believes that a workable security management framework should be built on the issues of visibility, control and knowledge. With our solutions we provide consistent and superior service that allows you to benefit from the expertise of our skilled security specialists, best in class processes, and best of breed tools.

At the core of the service delivery process is the Security Center of Excellence which aids in proactive alerts and advisories, fault management, analytics, and incident handling. Convola can offer a flexible service window from 8*5 to 24*7 and can design an optimal combination of offshore/onsite services to suit the client requirement.
Our service offerings include:

• Security intelligence services
• Security critical component management services
• Security application management services
• Security analytics services

IT Security Management:
Security Intelligence Services:
The need to be proactive with respect to security management cannot be underestimated. A whole lot of activity needs to be done in order to understand new threats and vulnerabilities and how they impact the organization. This will enable the organization to take appropriate counter measures in order to reduce the risk of any breach. Convola offers the following services which help organizations to be a step ahead in protecting themselves.

• Customized advisories on vulnerabilities and fixes
• Vulnerability assessment & penetration testing
• Vulnerability management

Convola uses tools from some of the leading vendors like ISS, Symantec, Nessus etc. apart from internally developed tools and customized scripts.

Security Critical Component Management Services:
While organizations have invested in security tools and technologies like firewalls, Intrusion detection / prevention systems, VPN devices, mail / web filters, authentication systems etc., it takes a great deal of effort, money and time to manage all these on a 24*7 basis. Convola offers services which help organizations manage this effort in a structured and cost effective manner. Our services include

• 24 X 7 device monitoring and responding to alerts
• Change/ configuration management
• Fault/ recovery management
• Release management

Convola uses all the major tools and technologies from leading vendors like Checkpoint, Cisco, ISS, Symantec, Trend Micro, CA, McAfee, Watchguard, Net IQ etc.

Organizations invest in a wide variety of security applications addressing different business needs viz. Single Sign On, Identity and Access Management, Public Key Infrastructure, etc. in order to strengthen their security measures. All these systems require ongoing maintenance, management, and administration. Convola assists organizations manage these systems by offering

• Application management – hardware, OS, application configuration, change management, fault management and patch management
• User help desk services
• Administration / provisioning services
• Analysis and reports

Some of the security applications that Convola manages come from vendors like Integrity, RSA(Clear trust, Secure ID ), Oblix , IBM ( Tivoli Identity Manager) , Entrust (get Access) , Convola Web secure, Sun (Sun One) , CA, Novell , Critical Path, Siemens, Waveset , Blockade , M-Tech, Thor, Open Network, BMC, VASCO , Bionetrix , BAC , Cryptolex , Rainbow (iKey) etc.

Security Analytics Services:
No security effort is complete without a process for continuously analyzing and acting upon any kind of anomalies detected. Organizations can significantly reduce their risk by adopting an ongoing monitoring posture which enables them to detect threats / event in real time and to act in quick time. Convola offers a robust security analytics service which helps in this effort.
Our services include:

• Event monitoring and correlation
• Log analysis
• Forensics – incident analysis & investigations
• Reports and statistics

Some of the tools that technoSecure uses are from leading vendors like Net IQ, Net Forensics, Consul, e-Security , Guidance etc.

Product Engineering (Enterprise Security Services)
Market drivers and customer needs are creating the compelling case for all technology products to plan for providing inherent security as part of the product feature set. Hence, enabling access to information securely and cost-effectively over common infrastructure is a critical success factor that product vendors are aiming at.

Through our deep understanding, rich solution deployment experience and close partnerships with leading security product vendors we have distilled valuable knowledge of security needs and gaps in today’s technology products.

Convola has also successfully created and deployed Identity management components at a variety of customer places. These components are the end product of more than 200 person years of effort and provide features and functionality like

• Authentication
• Single sign on
• User self care services
• Role based access control
• User provisioning
• Delegated and distributed user management
• Audit & reporting

This experience has greatly contributed to the development of strong security engineering orientation for the team.
This experience has greatly contributed to the development of strong security engineering orientation for the team. Thus, by combining the deep domain expertise of Convola in both IT security as well as software product engineering, Convola is well placed to offer Secure Product Engineering Solutions (SPES) to software and information technology vendors.
Our aim is to –

• Provide complete product engineering lifecycle services to Security product vendors
• Assist other software product vendors to build and enhance security functionality within their product through

• Testing and analysis of adequacy of existing security controls in products
• Development and augmentation of security functionality

To ultimately enable end-customers to leverage technologies and services without compromising on security

Convola Secure Product Engineering Service offerings span across the end-to-end life cycle of security technology products. We offer a gamut of engineering services across various stages of the product life cycle management spanning from –

• Design & development
• Test & porting
• Support & maintenance

Additionally, we can help technology products vendors to test, evaluate and enhance security controls within their products and applications.

Certain highlights and salient offerings of interest are:

• Security product suite integration:

With its long research, design and development experience in the IdM domain, Convola can help security product and software vendors in their engineering efforts to develop a consolidated security product offering backed up by comprehensive testing and support.

With its long research, design and development experience in the IdM domain, technoSecure can help security product and software vendors in their engineering efforts to develop a consolidated security product offering backed up by comprehensive testing and support.

• Web service enablement

As more and more applications are getting web services enabled to take advantage of more open and inter-operable technologies, security emerges as a key concern area.
Ready with many reusable components and significant R&D effort, SPES can enable organization to build in support for Web services into their applications.

• Vulnerability testing

Applications with secure network and server layer are prone to attacks if they contain inherent vulnerabilities and as discovered in a recent finding by Gartner Group, currently more than 70% of the attacks are targeted towards web and application layer. technoSecure can provide help in securing an application end-to-end through its life cycle with its dedicated team of security architects and ethical hackers.

• Compliance testing

With the increased focus on the Regulatory compliance and legislations such as SOX, HIPAA, GLBA, Federal Information Security Management Act, and UK Data Protection Act 1998, it is very essential for an application to meet these requirements or enable enterprise to move towards the compliance. With our considerable consulting experience and large pool of certified security auditors, SPES can enable an organization to evaluate and understand the degree of compliance built into their applications and can help in identifying the gaps.

Convola set of re-usable Identity management components; cover all the significant aspects of the Identity and access management needs of Enterprises. We can help product vendors gain quick time-to-market through integrating these ready components for:

• Authentication
• Single sign on
• User self care services like self-registration and account management
• Role based access control
• User provisioning for centralized ID management
• Delegated and distributed user management
• Audit and reporting