home  about us  services  security  products  training  contact us 
     
 

For a long time security has been seen as a necessary evil in delivering Information Technology solutions. Now company Boards and CEO's are starting to realise the essential nature of security within the services offered by IT departments.

Japara works with companies to develop security solutions that assess and manage risk in complex enterprise environments. Our approach addresses the enterprise security lifecycle from strategy development to incident readiness, with a continuous focus on mitigating risks and maximizing business performance.

Japara consultants combine technical expertise with a business focus to create comprehensive security solutions for industry-leading companies. Our methodology emphasizes knowledge transfer to your team, ensuring every aspect of a project's findings can be successfully implemented and managed.

Japara services cover key aspects of security, including applications, critical infrastructure, wireless and wired networks, storage systems, operating systems, and education.

Our services include:

  • Application and Transaction security
  • Identity Management
  • Wireless Security
  • Analysis and Development of Security Policies
  • Vulnerability analysis
  • Large Scale Project Management

In addition, Japara is frequently engaged by clients to help manage external vendors and internal IT projects as we have demonstrated skills in the areas of project management, project costing, vendor and contract management.

Application and Transaction Security
Japara has a wealth of experience and expertise in the design, architecture, construction, delivery and commissioning of secure applications.  Our specialist areas of knowledge include:
  • Messaging Security and S/MIME
  • EDI and EDIFACT security
  • PKI
  • Encryption, and
  • Privacy solutions.

Japara’s core skills are in the development of the architecture and the design and delivery of security solutions.  We recognise that successful security must be an integral part of any system and cannot be “bolted on” later.   In order for security to be adequately addressed in the development of systems, there must be a strong understanding of the business information and processes that are being protected, the appropriate level of protection for those assets and the need for risk management and mitigation strategies.

Our experience is that security mechanisms and technologies that are addressed as an integral part of the design rather than as an adjunct to it, result in a solution that has the appropriate level of security, is less vulnerable to subversion, is simpler to use and therefore less expensive to support.

Identity Management
With the growth of e-business, organisations are wrestling with the challenge of managing secure access to information and applications scattered across a wide range of internal and external computing systems. Furthermore, they have to provide access to a growing number of users, both inside and outside the corporation, without diminishing security or exposing sensitive information. The management of multiple versions of user identities across multiple current and legacy applications makes the task even more daunting.  An identity management system seeks to provide the following general features:
  • Centralised management of identity and credential information possibly in disparate data stores across the organisation);
  • Assignment of individuals to Groups and Roles;
  • Enforcing Role Based Access Control policies;
  • Managing features such as Password resets and Single Sign-On.

A successful rollout of an identity management system will be scalable to accommodate new resources and new systems but will also remain backwards-compatible with the organisation’s systems and practices.

Japara consultants follow a methodology developed from our experience in the end-to-end deployment of several identity management systems.  They also bring expertise in technical areas such as LDAP, XML, SAML and XACML.

Drawing upon experience with rolling out Baltimore Technologies’ authentication and authorisation product Select Access, our staff have the depth and breadth of consulting as well as technical knowledge required to successfully manage an identity management project.   We have experience working with the following clients:

  • St George Bank
  • ASB bank (Auckland, New Zealand)
  • Capital and Coast District Health Board (Wellington, New Zealand)

Wireless Security
Organisations have reacted to the threats associated with the use of Wireless Security in a number or ways.  Some have ignoring the risks - risking compromise of their data and LAN.  Others have attempted to ban the use of wireless networking completely.   However, with more and more laptops sold with wireless technology in-built, these bans are hard to justify and all but impossible to enforce.

Japara consultants can help in a number of ways including:

  • performing a review of your network topology and offering recommendations on how best to integrate wireless networking within your LAN to reduce exposure
  • advising on how best to configure the standard wireless networking security features
  • recommending ways in which other  technologies can be added to wireless networking to boost the security of your network
  • helping implement notebook security features that will minimise the risk of your mobile workforce exposing corporate data at Internet 'hotspots' or in becoming infected by viruses from other user's machines, and
  • assisting your organisation develop a pragmatic policy regarding use of wireless networks - one that recognises the benefits while minimising the risks.

Security Policy
Security Policies are frequently documents written from a template - and with very little thought given to the practicalities of implementation.   Obtaining real value from documenting Policy requires careful analysis.  It requires time invested in understanding your business drivers and objectives.  It requires careful consideration of what needs to be protected - and from whom.  It requires understanding of external factors such as the legislative framework governing a clients operations.  Most importantly, it requires a pragmatic and flexible approach: providing useful, readable and workable guidelines to those developing solutions.

As our clients will testify, this is exactly the service we provide. 

Vulnerability Analysis
Traditional approaches to Vulnerability Analysis tend to focus heavily on scrutiny of the infrastructure, paying limited attention to:
  • organisational and business objectives
  • where the system sits in the organisation
  • the processes that the infrastructure is there to facilitate
  • the environment in which the system operates,  and
  • human factors such as the risk of “insider” and “social engineering” attacks. 

These approaches can lead to an overinvestment in IT technology at the expense of other areas such as process design, and operator training.  Yet statistics show that the greatest risk to organisations’ IT systems and data come from staff within the organisation.

Japara’s approach combines a number of techniques to overcome these concerns.  Our approach is based on the National Institute of Standards and Technology’s (NIST’s) Risk Management Guide for Information Technology Systems, supplemented in areas by techniques such as an applied use of the Clarke Wilson Integrity Model to assess human factors such as the risk of insider attacks.

Whether it's with your existing systems and technology, or using the latest J2EE servers and Web Services technology, we can help you.

Talk to us today about using our products, or how we can package a solution to your business problems.

We understand business; we understand how technologies make them work.

Let us help you.