10. Security Management Services Service definition 24x7 system and service administration, business as usual monitoring, reporting, analyses and alerting documentation and procedures Equipment, facilities and license owned by Customer Equipment, facilities and licensing provided by S&T Firewalls Intrusion Prevention (Detection) systems Email security Web security with application control
31. Security Management Services Description of the Customer “ The Mercator Group is one of the largest and most successful commercial chains in South-eastern Europe; it is the leading commercial chain in Slovenia and is now operating in seven markets of the region: Serbia, Croatia, Bosnia and Herzegovina, Monte Negro, Bulgaria and Albania. These are all swiftly growing markets, and with shopping malls in capitals and regional centers Mercator strives to become the first or second largest fast-moving consumer goods retailer in each market. Mercator is also an important retailer in the region in specialized technical program, clothing and sportswear. ”
32. Security Management Services Customer Testimonial “ » In Mercator we rely on experts from S&T Slovenia for the administration and supervision of Firewall and networking equipment on the network perimeter in the six countries within which our company operates. S&T takes care of business as usual tasks such as management and changes to configurations as well as actively monitoring the complete operation of the system ensuring minimal downtime and the quickest possible return to operation in case of unexpected incidents causing downtime. We are very satisfied to have found in S&T Slovenia a reliable and skilled IT partner, able to provide deep technical knowledge and a complete service package « ”
With increasingly sophisticated security threats coming from all directions, it is important to keep pace with technological advances to counter and stay ahead of malicious influences intent on disrupting your services and business. The challenge for any IT manager is to achieve and maintain effective levels of information security, within budget, utilizing the most current industry available capabilities. Enterprise security continues to grow in complexity so often new technologies (or solutions) need to be added, which means that staff skills must be continuously updated and which can lead to higher costs.
Here we emphasize the fact that IT staff have better things to do than support a wide range of security solutions. It’s best to leave such tasks to experts who will perform the task better, more efficiently and (when supported by a larger organization such as S&T) will be available around the clock, as needed.It makes little sense for any (except the largest) companies to have an electrician on the payroll 24/7, similarly it makes little sense to have a security expert on the payroll (and a routing expert, and a SAN expert, and a storage …)Companies usually require at least 10x5x2 “changes and removes” process and 24x7 availability. To provide this they must have at least 2 educated persons for security solutions. Staff skills need to be continuously updated which could lead to high education cost.
Detailed explanation:Regular system administration (backups, upgrades, updates, maintenance)Regular service administration (Adds, changes and removes, business as usual)Preparation and maintaining of documentation (settings, instructions, procedures ...).
Depends on existing customer environment, subscriptions, and equipment
How security fits into the IT pictureDesignand/or transition and analysis services during the move to outsourcing (covering customized selection of IT components and services – indicated by arrow)Support services + monitoring + required admin services + managedinfrastructureservices(again covering a customized selection of IT components and services – indicated by arrow)
An example of infrastructure monitoring and interaction between S&T and the customer.On the customer side the specifics of interaction depend on the customer Helpdesk infrastructure, level of outsourcing and the customer’s requirements. The customer may require interaction with the S&T helpdesk by it’s own helpdesk, by IT staff or by end-users.Notes on this diagram:The central component is the S&T Monitoring, Alerting and Reporting standard outsourcing component (monitors). Using this component S&T transforms reactive support services into proactive infrastructure availability services.Critical and failure alerting is usually via SMS to the Helpdesk and/or on-call outsourcing engineer. This results in callout and escalation to Level 2 product specialists as required.The interface with other customer business partners is not shown on this diagram but is also an important part of the SLA definition. For example in certain cases it may be necessary for a customer business partner to call out S&T (or S&T needs to call out a customer business partner to be able to fulfill its SLA obligations)
We don’t really emphasize cost savings here. Unless we perform a lot of additional services the cost savings may not be significant. However the customer is offloading a risk and getting service level guarantees, something that they probably don’t have from internal IT.It a tried and true formula – specialization (or use of a specialized provider in this case) reduces costs and increases performance. It does not make economic sense for IT departments to have a complete complement of specialized staff as staff and training costs would be too high.There is also an element of risk management. One method of reducing risk is to transfer the risk and responsibility to a 3rd party. S&T.Staffing flexibility. We don’t emphasize staff cuts here, we talk about staff not having to be on-call, work out of hours, inflexibility with holidays etc.
As a system integrator we can offer at least 2 different solutions for each service. The best solution on the marketplace is always an option with S&T – this is not the case with vendor pushed solutions.