GRT Successes

Get Adobe Flash player

 

"GRT’s methodologies for accomplishing the project goals were reflected in the way their people performed on the project, and they always produced the highest quality results"  more»

 

Follow Us

        

Seaport-E Award

Prime Contract Holder

Contract: N00178-15-D-8229

 


data security, regulatory and privacy management

Compliance, Security, Data Masking, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT provides expert IT Risk Management, Data Security, Data Privacy, Data Masking and Regulatory Compliance consulting services to companies in the United States and arround the world.

data security, regulatory and privacy management

business intelligence, operational, analytic and business reporting

Business Intelligence, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT assists you in development, design and implementation of a data warehouse and business intelligence strategy that ensures common framework across the enterprise.

business intelligence, operational, analytic and business reporting

Information strategy, gap analysis, tactics, design and implementation

Data Warehouse and Business Intelligence Staffing Solutions, New York, Connecticut, New Jersey,  Massachusetts, Rhode Island

GRT is a leader among expert staffing solutions in IT functions associated with Data Security, Business Intelligences and Data Warehouse. We help you meet your information management consulting and staffing needs.

Information strategy, gap analysis, tactics, design and implementation

Cloud Security in the Gulf

Increasingly, the Middle East is adopting cloud computing and this is creating new challenges in security. Security needs are being handled with new and innovative risk management protocols. In the aviation industry in particular, there has been a key challenge in securing passenger information through mobility while still maintaining all-important compliance with the required regional and industry regulations.

In an interview with Bank Info Security, Dr. Jassim Haji – director of IT and Security at early cloud-adopters Gulf Air – speaks about defense mechanisms in protecting data, best data practices for security and governance controls, and bridging the cloud security skills gap in the region.

With aviation being quite a unique area in its tight security requirements, choosing and perfecting the right solutions is key. “Every security control impacts operations and sales, the core business in this industry.” As such, tasks can include securing traffic between aircraft and on-ground infrastructure, securing passenger data in transit and in storage, and compliance with regional and airline-specific regulations.

Addressing these challenges required a multi-faceted strategy with steps including:

  • implementation of a mobile device management strategy
  • implementation of the right security tunnel between the aircraft and the data center
  • Implementation based on PCI DSS compliance

    With only a recent cloud deployment, a unique strategy was required to deal with the aviation industry's challenges. Due to legacy applications – common in the aviation industry but not necessarily compatible with cloud technology – Gulf Air adopted a hybrid cloud and created a split between critical applications stored on the private cloud but connected to the public cloud through advanced security and connectivity.

    One defense mechanism was moving from a network-centric approach to a more data-specific approach. “Controls are [now] implemented … like controls on a Word file, ensuring the file can only be read and not forwarded or printed.” This also meant that a move from the traditional 'perimeter defense' strategies to protecting 'in-transit' data has been required due to the remote access requirements of cloud computing.

    Dr. Haji also covers best practice in the industry, suggesting “A phased approach to … best practices.” A first step towards this would be to make a checklist:

    Know your critical and sensitive data

    • Classify data and services to be moved to the cloud
    • Perform risk management on moving the data and services to the cloud
    • Identify the regional and industry compliance regulations
    • Involve top management in the decision to move to the cloud

    This should be followed by selecting the right cloud service provider – a service provider that can meet your stringent requirements. And then finally to have your security teams put through third-party audits and qualify for security certification like ISO 27001-2013. Once this has been achieved it is important that periodic monitoring of the security of the services provided is carried out to ensure continued compliance.