security compliance

20
Customer Programme Security & Compliance Audit Ajay Kumar Uppal Provider Technical Design Authority November ‘2012

Upload: ajay-kumar-uppal

Post on 08-Jan-2017

22 views

Category:

Technology


0 download

TRANSCRIPT

Customer Programme Security & Compliance Audit

Ajay Kumar Uppal – Provider Technical Design Authority

November ‘2012

High security location.

Footprint 12,000 m2

approx. 6,000 m2 usable for IT.

Two buildings.

Different high security cells.

Allach Euro Industrie Park

Separate connections 13 km

and 27 km / DWDM.

EIP-ALL distance about 10 km.

Certifications: ISO27001 & ISAE3402.

Protected area.

Footprint 13,000 m2

approx. 9,600 usable for IT.

Green-IT Datacenter2020

Application services dedicated for BP

Database services dedicated for BP

Internal Resource Directory dedicated for BP

Dedicated storage Dedicated storage SAN

Private Cloud - Twin Core Datacentres Inbuilt HA – DR based on 2 x 100% Active-Active DCs

DSC Architecture Type DSC is a multi-instance (single tenant) Architecture and and NOT a multi-tenant Architecture

Dedicated software (App) instances set up for different customer organizations.

Customerhas dedicated components namely Active Directory,

Servers, NW and Storage Hardware – SHARED (via virtualization and other means). Provider calls this as “Hardware Level Multitenancy” (*1)

Operational Zone hosting the management services for systems management, deployment services, monitoring, backup and provisioning is SHARED across various customers.

Operational Zone is managed exclusive by Provider. No customer has access to this zone.

(*1) Provider DSC Architecture – based on not sharing Server HW cross security zones

3

Data Privacy – Customer NextGen Messaging

Service Offering - High Level Service Description Availability

Email • High availability email service , providing end users & applications

with ability to send & receive (up to 25mb) mail and store mail within

mailbox (default 2Gb with uplift options in 5Gb increments up to

25Gb (unlimited)

• Makes use of all features and functionality available within the latest

version of Exchange.

• Supports SMIME encryption.

Service: 99.99%

Email delivery: 95% within 60

seconds

External Mail Access

Service

• Single external gateway, enabling End Users to access mail services

from any device, at any time, from anywhere - using

smartphones(active sync), Outlook Web Access (OWA) and Outlook

Anywhere (RPC over HTTP).

Service: 99.99%

BlackBerry • Offers secure access and use of email service and calendaring using

Corporate provisioned Blackberry devices

• Supports SMIME email encryption.

Service: 99.9%

Journal service • Available to Customer’s Legal & Compliance Business Units, where

mailboxes/Users placed on Legal Hold /MRL will be enabled on the

Service – assuring all emails sent and received to/from the mailbox

are copied in transit and stored within legal compliant Storage with

requested Data Retention Policies applied.

• Fulfilment of e-discovery requests, and provision of Discovery Tools

are incorporated into the Service Offering.

Service: 99.99%

E-Discovery tools: 99.9%

E-Discovery requests: identify

data within 24 hours, deliver data

within 3 days.

Support Service Levels are aligned to the Integrated Service Desk (ISD) contracted SLAs, and in most cases offer enhanced

response and provisioning times. Request Fulfilment SLAs are aligned to Service Objective of ‘quick provisioning’ – in most

cases Standard Requests will be subject to automated provisioning via MyIT self-service portal with integration into ITIM and

Provider’ provisioning systems.

Recovery

- RPO 0h

- RTO 4h

Mailboxes

Availability and Performance

Service Availability 99.99%

Message delivery 95% in 1 min,

5% in 2 min

Achieved by active / active

configuration- across 2

datacentres

Service Offering End-to-End SLA Summary

P1: 95% in 2h, 5% in 4h

P2: 95% in 4h, 5% in 8h

P3/P4 Premium: 95% in 1`.5 days, 5% in 3 days

P3/P4 Standard: 95% in 3 days, 5% in 6 days

Incident Resolution & Other

Customer’s Service Level Categories

Service Categories

Critical Service Levels

14

Key Measurements

25

Performance Indicators

4

Pro

mote

/Dem

ote

BP Internet Area (DMZ) – Prod LandscapeMS TMG Servers MS TMG Servers

BP Services Area – Prod Landscape

Edge Transport Server

Firewall

Multi-Role Server(EdgeSync Service is located on the

Hub Transport Server)

Active Directory Domain Controller

Active Directory Domain Controller

Firewall

Edge Transport Server

Firewall

Multi-Role Server(EdgeSync Service is located on the

Hub Transport Server)

Firewall

Inbound SMTP (25)

Outbound SMTP (25)

Symantec.cloud(MessageLabs)

Outbound SMTP (25)

Inbound SMTP (25)

Outbound SMTP (25)

Inbound SMTP (25)

Outbound SMTP (25)

Inbound SMTP (25)

Content Scanning MessageLabs, MS TMG, Edge, TrendMicro,

Firewalls

Major Information Security components

for CustomerGES Programme are

•Physical Security

• Provider Twin-Core DCs in

Munich

•Disaster Recovery

•-met by running 2 x 100%

• Active – Active Twin Core DCs.

•Intrusion Protection

•Symantec’s MessageLabs solution –

being provisioned / subscribed by BP

•Microsoft Threat Management

Gateway

•Firewalls

•Edge Servers

•TrendMicro A/V and A/S

•2- Factor OWA Authentication

•Encryption

•S/MIME

All external SMTP traffic will go

through Symantec Message Labs.

Threat Management & Operational Security

20110816_NEVIS_on-boarding Pack_V0 1_MH.pptx

A.V.E.R.T (Antivirus Emergency Response Team)

Viruses, worms and Trojans

ensure continuous updating of measures and software shields.

provides comprehensive and effective protective services for IT

infrastructure such as gateway systems, mail or server systems and workstations.

CERT (Computer Emergency Response Team)

Incident Response,

Vulnerability Management,

Neighbourhood Watch,

Forensic Analyses etc.

SIEM (Security Information & Event Management)

planning, provision and operation of solutions

for recording and correlation of security-relevant information

their rule-based evaluation and alarming

Intrusion Protection

Network Intrusion Prevention Systems (NIPS)” which is positioned at the edge of

the internet area (“DMZ”) in the network

proactive - better than standard IDS

enhanced security features and higher level of automation compared to normal IDS solution.

a real-time monitoring and identification of suspicious network activities and

analyses the entire internet traffic (decrypted traffic).

integrated & configured easily in physical and logical connections based on VLANs (IEEE 802.1q).

optimum protection with default policies and provides simple and transparent reports.

automatically created event-logs giving an overview of all monitored activities.

Additionally to these logs Customer can at all times compile a report about all network activities

Key functionality:

•Signature and anomaly detection safeguards against known, zero-day and DoS attacks.

•Monitoring and aversion of attacks on applications, including Web applications.

•Firewall (TCP/IP package filter).

•Protection from buffer overflows (as these are weaknesses that can be exploited).

•Analysis of encrypted data traffic (SSL) with separate Hardware.

•Monitoring 200 + network protocols and file formats (deep packet inspection in OSI layers 2-7).

•Seamless, automated intrusion protection for maximum security.

•Central service management frees up your administrators.

•Compliance with PCI DSS, SOX and ISO 27001.

•Around-the-clock services, including active monitoring plus incident, problem, change, and

release management.

Authentication - Active Directory Design Two way Trust

Map of Provider ICT Security Standards

Risk Management Conventional versus cloud – ISMS 27001

Internet

DSC.bp.com DSC DNS Client

Resolver

DSC.BP.com

AD.bp.com

Member Server

DSC.BP.com

BP1.AD.bp.com

Domain Controller

Forwarder

Resolver

AD.BP.com

BP1.AD.BP.com

AD.bp.com

Domain Controller

ForwarderAD.BP.com

Seco

nd

ary

Internet

Facing DNS

Forwarder

Forwarder

AD Integration DNS zone Secondary DNS zone

Secondary

Only secondary to EMDC 1 & 2

Servers. The rest of AD top level

DNS will be secondary from there

AD.bp.com

Domain Controller

BP1.AD.bp.com

Domain Controller

AD.BP.com

BP1.AD.BP.com

Conditional

Forward

TSI

Datacenter

BP

Datacenter

Colo

Area

BP / T-Systems DNS Architecture for GES

(Version 3)

Conditional

Forward

Forwarder

Forwarder

CustomerGlobal Email Service

- DNS

Access Management - End to End Topology

Access Management 2-Factor OWA Authentication

In DSC (FMO) the TMG server is

customized to validate certificate of

users.

TMG Filter will verify the following:

•The Certificate presented by the

client/user is valid in terms of

date/expiry??

•The certificate from the specified

CustomerPKI??

•It can have a subject string

•The Certificate is not revoked via an

online responder

After the certificate is validated, TMG

establishes connection to Exchange

which prompts user for logon

credentials.

Customerwill be required to make PKI

Online Responder available via http

(internet).

Data Centre1

EV SRV4

Discovery

Accelerator

SRV2

(cold standby)

SRV1

(cold standby)

SRV6

(cold standby)

NetApp Metro-Cluster

FAS6080FAS6080

2x 4GBpsNAS Filer NAS Filer

Fibre Channel - SAN

Dedicated Customer Network

Data centre 2

Enterprise Vault Architecture

SRV3

(cold standby)

SRV5

(cold standby)

SRV4

(cold standby)

SRV5

CA IST

SRV6

CA GOM

MS SQL DB Mirroring(Log shipping)

Exchange 2010Journaling & Archiving

EV SRV3

Journal Archiving

EX SRV1Journaling Mbx

Journal Archiving

EV SRV1

EV SRV2

Journal Archiving

EX SRV2Journaling Mbx

EX SRV4Journaling Mbx

EX SRV3Journaling Mbx

DAG

DAG

Figure 3

Compliance Enterprise Vault Architecture for Journalling

Provider is provisioning an end-to-end journaling

solution that will help Customerto be compliant with

various international regulations that include the

following:

•Sarbanes-Oxley Act of 2002 (SOX)

•Security Exchange Commission Rule 17a-4 (SEC

Rule 17 A-4)

•National Association of Securities Dealers 3010 &

3110 (NASD 3010 & 3110)

•Gramm-Leach-Bliley Act (Financial Modernization

Act)

•Financial Institution Privacy Protection Act of 2001

•Financial Institution Privacy Protection Act of 2003

•Health Insurance Portability and Accountability Act

of 1996 (HIPAA)

•Uniting and Strengthening America by Providing

Appropriate Tools Required to Intercept and

Obstruct Terrorism Act of 2001 (Patriot Act)

•European Union Data Protection Directive (EUDPD)

•Japan’s Personal Information Protection Act

Mo

bile

Iro

n

Vo

da

fon

e (

MD

M)

BP

Do

ma

in

DS

C D

om

ain

DM

Z

DM

Z

Exchange servers Exchange servers

1a: User registers device

MDM VSP server checks AD for

authentication / routing & routes either to

BP or DSC

1b: Device gets registered

Syncs AD / Attributes

once in 12 hours

2a: User makes a EAS connection

2b: Request

is pass

ed to m

obile iro

n

Https://tbd

http

s

MDM VSP server checks AD for

authentication / routing & routes either to

BP or DSC

TMG Array

MS Exchange MDM (ActiveSync) Interface

18

Backup

Provider – Global Email Service for Customer Confidential

Building Block

approach

Physical Servers- All Windows Server

Virtual Servers- All Hyper-V

Server Operations

Twin-Core

Datacenter

Housing

Network

Datacentre Operations

Microsof t System

Centre Suite

Exchange

Enterprise Vault

Blackberry

Application Operation

Dedicated SAN

High I/O

requirements

Low I/O

requirements

Storage

4 Remote Locations Central Solution

in Twin Core Data centre

Exchange2010

Active Directory

Anti Virus/Spam

Exchange 2010 incl.

Archiving

Public Folders

Active Directory

FirewallOutlook Anywhere

Outlook Web Access

1st Level

2nd/3rd

Level

Internet

Service Desk

BPDatacentres

InterfacingApplications

ActiveDirectory

MailUsers

BPOffice Location

Any Device

Bring your own device

Home / OffPremise User

Symantec JournalingBlackberryBlackberry (Alaska)

Message Labs

Storage - Overview

30/12/2016 19

MESSAGING CORE

Database Availability Groups (DAG) configured in a 2-DAG constellation

Up to 12000 users supported per DAG (this can flex)

CAS configured as an array and is part of each CAS.

Each server in the CAS has an active & passive copy of DB

Mail database is backed up using NetApp Snapshot technology

CustomerGlobal Email Service – AutoDiscovery

Design Two way Trust