• No results found

Why do we outsource IT infrastructure services

N/A
N/A
Info
Nedlasting
Protected

Academic year: 2022

Share "Why do we outsource IT infrastructure services"

Copied!
7
0
0

Laster.... (Se fulltekst nå)

Last ned nå ( 7 sider )

Fulltekst

(1)

OUTSOURCING - FOR INCREASED

SECURITY

Øystein Hop

Statkraft Energi AS NVE 2018-05-24

(2)

Outline

Why?

Key factors for the process

How outsourcing can improve control of operation

Where exactly do we expect to find the security improvements?

(3)

Why do we outsource IT infrastructure services

IT focus to deliver more business value guiding in digitalization initiatives

- IT i nfrastruc ture are “bread and butter” s ervi c es mature to outs ource

Faster deliveries of new technologies supporting business requirements

- Cloud services, security needs, new platforms

Challenging to deliver high quality services in an international company High HW investments upcoming due to lifecycle management

3

IT infrastructure needs to be an enabler for digital business opportunities

(4)

Key factors during the process

Process initiated by IT, not by corporate management Clear goals and scope defined for the sourcing initiative

Reissued the RFP when we were not satisfied with the first response Clear requirements set to vendors in the redefined RFP

High focus on information and IT security through the process Still high competence internally to control and verify

- We are still responsible for IT infrastructure deliveries!

4

(5)

Improved control of our operation

• Tools and processes for strict control of user access and privileges

• Monitoring of unwanted or abnormal behavior

• Clear on-boarding process with background check of all resources working on our systems

Access

• Dedicated delivery team with knowledge of our business

• Operation from ISO certified data- and delivery centers

• Centralized and automated configuration management Operate

• Audit trails to control deliveries and enhance operational processes

• Clear governance model and responsibility matrix

• Operational processes designed together with sourcing partner Control

(6)

Processes and controls for information security

• Employee Background Check

• On-/ Off- boarding

• NDAs, AUP

• Info Sec. Trainings

• Statkraft training

1 2 3 4

5

Pe rso nn el an dP hy sic al

Co ntro ls Ac ce ss Co ntr ols Lo gg ing

&

M on ito rin g

9 7

Security Operation Center 24x7

8 Security and

Event Logging

Session Logging

In scope Out of scope

Admin systems Process Control

• ISO certified locations

• Network separation Encrypted

lines 6 10

(7)

www.statkraft.com

THANK YOU

7

Referanser

Last ned nå ( PDF - 7 sider - 2.48 MB )

RELATERTE DOKUMENTER

Compression Stockings: Are we doing it right?

Furthermore, the results of this review concluded that in order to succeed in venous leg ulcer treatment and compression stocking therapy in primary health care, health

"""'"'It It" It"""""" ti"""" li""" '"""'" ""

Under fiske med snurrevad, trål eller annen not som slepes gjennom sjøen i Skagerrak innenfor 3 mil av kystlinjen er det fra I.juli til IS.september forbudt å

07-00344

However, a shift in research and policy focus on the European Arctic from state security to human and regional security, as well as an increased attention towards non-military

04-02106

In a review of US military organizations at war, Roman (1997) found such organizational practices to be obstructing the sharing of information, as well as being an obstacle

The year 2000 issue and information infrastructure security

This paper explores which measures used to deal with the Year 2000 (Y2K) problem are also applicable to the future security of information networks in critical

It it

To pinpoint the complications that arise in connection with variable orbital bases it is instructive to compare the coordinate and orbital representations of the

it it it

If the step-length is smaller than the trust radius and the Hessian has the correct struc- ture (desired number of negative eigenvalues) the Newton-Raphson step

View of Are we right to blame it all on colonialism?

All textbooks (both old and new) carried stories within these realms, with the exception of some parts within the (new) social and environmental sciences books, which is