Security Consulting

IT security consulting is a focus area in IT consulting to provide companies with the best possible support in protecting themselves against attacks in cyberspace. This requires expert knowledge about the current threat situation, attack vectors, the approach of cybercriminals, security requirements and possible solutions. Functioning IT forms the basis for almost all business models today. However, the number, frequency and complexity of cyber attacks are increasing. According to the BSI

1. there were 117 million new malware programs in 2020, an average of 322,000 per day.
2. 20,000 bots infect IT systems in Germany every day.

These figures show that IT security is becoming a top priority to maintain business continuity and enable innovation. Only by making their systems and processes secure from the ground up can companies evolve and grow without taking risks.

Roughly speaking, IT security consulting is divided into two areas: (a) architecture and (b) technology. Consulting comprises the pillars of architecture and solution design consulting. It also offers implementation consulting. It usually starts with a detailed analysis of the current state. Essential topics include network security, endpoint security, application security, cloud security, e-mail security, authentication, vulnerability management, and detection & response.

As a result of a consultation, companies receive recommendations that they can implement independently - or with the support of  IT security consultants. If desired, the IT security consultants can train internal employees to use the new solutions.

In many cases, it is advisable to use managed security services and outsource the operation of security tools to an MSSP with experienced IT security consultants to relieve employees and increase cyber security. Companies can then transfer security tasks in whole or part to external specialists and do not have to deal with the technical details themselves.

Numbers often say more than thousands of words. This is why we provide 4 statistics on the relevance of IT security:

1. 117 million new malware programs in 2020 (source: BSI)
2. 77% of security experts assume a growing threat situation (source: Eco)
3. 47% of companies with 100 to 1,000 employees were affected by a ransomware incident in 2020 (source: Sophos)
4. 20,000 bots infect IT systems in Germany every day

Ultimately, there are two challenges:

1. As digitization continues (networking, IoT, cloud computing, mobile workplace concepts), the IT infrastructure and ultimately the attack surface becomes more confusing and complex.
2. At the same time, the number of legal and regulatory requirements is increasing. 

IT Security Consulting can help to solve challenges A. and B.

SRC consultants have many years of experience and thus have the necessary know-how about current threats, relevant attack scenarios and state-of-the-art security technologies. Furthermore, SRC consultants are familiar with the implementation of standards and regulations (GDPR, PCI DSS, etc.) with the help of security best practices.

IT security means more than just using sophisticated technology tools. For comprehensive protection, companies must also take processes, organization, interfaces and people into account in their security framework. An IT security concept covers all these areas. In addition to the technical set-up, this includes the definition of roles and responsibilities as well as the documentation of security processes. Another critical aspect of creating user awareness is training in particular. Observations from the past have shown that with simple training, users would not have fallen for phishing emails. IT security consultants help companies to develop a comprehensive security concept that is tailored to their business model.

We at SRC Consulting are convinced to support you in the following three key points in the best possible way:

1. Close weaknesses in technology and organization with the help of SRC.

We systematically examine the IT infrastructure and work processes in your company for vulnerabilities. Our consulting services show you how to improve your network structures and the configuration of all components. You will also receive recommendations for action regarding your organizational vulnerabilities - from rights assignment, password policy, and backup processes to remote access. 

2. Reduce attack surfaces with the help of SRC.

Servers and endpoints should be configured in a way that makes it as difficult as possible for attackers before protective mechanisms such as endpoint security take effect. As part of our security consulting, you will learn how to effectively harden your systems. Together, we develop a plan for the IT security measures you can take to protect your system in the long term.

3. At SRC, we proactively prepare you for emergencies. 

With the right preparation, you can ensure that downtime is significantly reduced in the event of an IT security incident and that your company is quickly up and running again. We work with you to create customized emergency plans and emergency manuals to lay the foundation for your incident readiness. To do this, we determine your maximum tolerable downtime and define reporting chains, decision-makers, replacement processes and recovery plans.

There are three main developments to mention here:

1. Home Office Security / Distributed Workforce

2. Cloudification / Cloud Migration

3. Increasing connectivity through IoT

Home Office Security / Distributed Workforce:

At the latest with the COVID-19 pandemic, there was a rapid increase in the number of employees working from home. Many companies have had good experiences with that and want to establish more flexible working models with corresponding home office options. This requires a corresponding IT concept in which secure remote access can be established and scaled according to the number of employees and the necessary authorizations. 

Cloudification / Cloud Migration:

The use of cloud services is becoming increasingly popular. However, the lack of security functions such as virus protection, access controls or backup mechanisms in the cloud poses a risk. Cloud providers are often only responsible for securing the cloud infrastructure. Tasks such as the protection of applications and data operated via the cloud are the responsibility of the cloud user. Security aspects of cloud migration are also a development that IT security consultants must keep an eye on. Security concepts must therefore be developed in such a way that security concerns are taken into account during cloud migration or adoption without thwarting the essential benefits of a cloud solution.

Increasing connectivity through IoT:

IoT devices allow new business models/business areas to be developed/aquired. However, the rapidly increasing (exponential) number of corresponding devices and connections also harbours information security risks. Concepts for protecting network security and secure access controls must therefore be developed.