Security
 
Contact Us
Please contact sales at:
1 (860) 859-3564 (U.S.)
1 (617) 273-0102
services @ alawy [dot] com

Contact our office serving Egypt and the Middle East at:
services @ alawy [dot] com

Submit an inquiry online

 

Enterprise Security Consulting


Services Overview
Information Center

 
  Identity & Access Management Services :: IT Security, Information Security Consulting Services
 

Identity & Access Management Services

 
Control Access to Your Systems. Manage Access, not Just Identities
The PurposeManage more than identity - control access to your organization's data and other assets. Complement your technology with secure and efficient processes. Achieve compliance with regulatory and industry standards.
Value to YouReduces administrative overhead - and cost. Reduces errors and saves time. Enhances security and control. Reduces potential liability and helps ensure regulatory and industry compliance.
How We WorkUnderstand what you hope to gain. Asses your current state. Define new strategies and plans - or validate those already in place. Rank findings by your goals. Provide cost benefit analyses.
The ResultsAn assessment of your strengths and weaknesses - both technical and organizational. A strategy for improvement. Pertinent facts tailored to the groups affected. Recommendations ranked by impact to your business - standards-based to give you confidence - vendor independent to give you freedom.
Why Alawy Alawy has worked to secure the networks of Fortune 500 companies in the financial, energy, insurance, media and consumer goods sector in the United States. Read about Our Approach - the foundation for all our work.
Next StepsTo talk with us about security and your business, call (860) 859-3564 (U.S.) or visit the Middle East. You can also submit your inquiry online.
Or, see the Security Consulting Services Overview.

 

Alawy helps companies control access to organizational assets with better access management and unified identity across the whole organization and between business partners.

The Purpose

Manage Access, not Just Identities 

Control access to your organization’s data and other assets. Complement your technology with secure and efficient processes. Achieve compliance with regulatory and industry standards.


Identity management gives you an easy and efficient way to create and manage user IDs and user accounts. But identity management itself is limited. It focuses only on the user. We promote the notion of access management—tying together users, information, and physical facilities to make sure that only authorized users have access to your organizational assets.


Complement Your Technology with Secure and Efficient Processes
We make sure your process—not just your technology—are as secure as possible. Say a manager hires a new employee and erroneously requests access to the HR systems. We’ll make sure procedures are in place to keep the error from taking effect.


At the same time, we’ll keep the processes efficient. We can set up secure self-service processes that allow users to update their own personal information and reset their passwords.


Achieve Compliance
If you’re subject to U.S., international or industry regulations, well help you make sure your identity and access controls meet the applicable standards.

Back to top

Value to You

Reduces Cost 

We can provide you with a Single Sign-On Solution to help improve user productivity and reduce administrative overhead. We also focus on improving and streamlining your processes to help reduce cost.


Reduces Errors, Saves Time
Once we’ve polished the processes you follow, we tune the tools you use so that they enforce your policies. Reducing errors in provisioning also reduces the time your staff spends on managing user IDs and accounts—and reduces costs further.


Increases Security and Control
A hostile former employee who’s just been fired can wreak havoc. Many companies that suffer catastrophic security breakdowns never recover. Inadequate policies and practices and untrained staff are a serious security gap. It’s sometimes difficult to tell exactly what level of access an identity has. We can coordinate a solution that gives you that information in a single place.


Reduces Liability, Ensures Compliance
Every year you probably face an auditor looking for evidence that you have a good identity management solution. We can determine the strengths and weaknesses of your tracing, monitoring, and auditing capabilities to help ensure that your’e armed with the information auditors seek.

Alawy's Enterprise Compliance Assessment identifies compliance gaps within the regulations governing your industry. For a comprehensive list of regulations governing industry, learn about Compliance & Your Business.

Back to top

How We Work

  1. We Define the Scope of the Project. We simply identify your pain points to understand what you hope to gain.
  2. We Assess your Current State. We evaluate your current business environment to identify potential weaknesses and risks. We then examine the following as needed:
    • The inter-dependencies and impediments in your organization
    • User Management structures within your organization
    • The regulatory requirements you face
    • Your existing strategies
    • Your current processes

    We also Evaluate your Current Technical Architecture:
    • Directory and database services that hold user data
    • Applications and associated interfaces that manage user IDs & access
    • Operating systems and network architecture that users access
    • Processes to add, modify and remove users from your environment
  3. We Define an Identity and Access Management Strategy. We draft a roadmap to help guide your current and future identity and access management activities. We make sure that the roadmap provides the detail you need to implement it.
  4. We Develop an Integration Strategy and Plan. We identify the solutions that will help to address the problems that we’ve discovered.
    5. Solutions Include:
    • Strong Credentialing. We work with you to develop the form of strong credentialing that’s right for you. The solution might include digital certificates, smart cards / Secure IDs, one-time password tokens, or simply user names and passwords. We also develop the policies, processes, and procedures that are appropriate to the solution.
    • Biometrics. We can use a variety biometric technologies such as: retina scans, finger or palm print access to confirm identity and allow access to sensitive areas of your enterprise. Often, biometrics are used in conjunction with other technologies.
    • Single Sign-On (SSO) Technology. SSO technology flows out of strong authentication. Once the user’s identity has been proven, a highly secure sign-on allows access to a group of protected resources. Our solution can be implemented using proprietary SSO solutions provided by vendors such as IBM, CA (Computer Associates) - Netegrity, and RSA.

      Sometimes a client needs a full-featured solution, but doesn't want the cost overhead associated with Proprietary Tools. As implementers of Secure Solutions, we encourage the development and implementation of OpenSource technology, such as OpenSSO (SUN's open implementation) and Java Open Single Sign-On.
    • Secure Electronic Transactions Over the Internet. We deploy solutions that secure electronic transactions over the Internet using transaction management solutions that use strong authentication. You transact business with employees, partners, and customers once you’ve provided them with digital credentials. Transactions include secure e-mail, secure Web application access, electronic data interchange (EDI), and secure remote access.

      Transactions across the Internet enable your organization to participate in the world of federated identities in which trust is extended between individuals in the organization’s various locales.
    • Electronic Signatures. An electronic signature makes it possible to verify who actually sent a digital document.
    • Role or Rule-Based Access Control. Assigning users privileges and permissions individually is costly and error-prone. It’s much easier and more cost-effective to first define roles—and then assign users with privileges and permissions based on the roles. We can analyze your organization and then define the framework that works the best for you.
  5. We rank our recommendations by effectiveness and cost. We rank our recommendations by how effectively they improve your processes and advance your business goals. We also rate each recommendation by its cost-effectiveness and by how easy it is to implement. We provide vendor-neutral solutions that can help you decide on best practices and market share.

    Back to top

The Results

An Assessment Report
We provide you with a thorough assessment of your ID and access management current state. We focus not only on technical issues, but organizational ones. We help you to identify and get the necessary buy-in from stakeholders throughout your company—management, your IT team and executives. We provide you with business cases and ways of clearly articulating the benefits of an identity and access management solution.


A Strategy
We structure a strategy for improvement. We identify what you need to do immediately and map out a plan for the future. We also help you track changes in your plan and assess its long-term effectiveness. The strategy focuses on the things that you can implement quickly, and that won’t be too cumbersome for your organization.


Tailored Communications
We tailor our recommendations to speak clearly and effectively to the people they affect. We provide executive summaries for decision makers—and the specialized details that give your technical staff the information they need to fix the problems we uncover.


Tailored Recommendations Ranked by Cost and Effort
We rank our recommendations. We know everyone has a limited security budget. We search for improvements that are suited to achieving the business and security objectives you identify—and rank our recommendations accordingly. We help you prioritize your spending: we do a cost-benefit analysis of each recommendation and identify which are easiest and least expensive—and will also produce the most effective results.


Industry-Standard, Vendor-Independent Recommendations
Our recommendations are standards-based to give you the confidence that you’re benefiting from the most up-to-date thinking in the industry. Our recommendations are also vendor independent to give you the freedom to implement the solution that suits you best. Alawy offers authentication services, but we look on our own services as just one of your options. What’s important is that you use the service you choose to its best effect. See "Information Security Software, Solutions, Tools" for more information about the range of technologies we work with.


We Can Work with a Solution Provider to Implement a Solution that is Suitable for You
We take our recommendations a step further, implementing them, and leaving your organization with a secure and optimal ID and access management solution. Our rates for implementing such solutions are usually more competitive than what the system vendor would offer.

Back to top

 

Why Alawy

Alawy has worked to secure the networks of Fortune 500 companies in the financial, energy, insurance, media and consumer goods sector in the United States. A significant amount of this experience has been within the financial services and banking sectors—assessing infrastructure security and architecting and deploying secure solutions. We participate in the FBI's InfraGard as advisers in threat and security matters.

 

Our Security Consultants are Software Engineers trained in Information Security. They understand systems architecture. They see the whole picture. We’re not a software company limited to our own line of products. We provide our clients with the solution that best fits their business and budget needs. We do not cater to a "one size fits all" approach. Our focus is on protecting the sensitive information you are trusted to safeguard -- information belonging to your business and your clients -- from malicious theft or careless mishandling.

 

Our clients in the Middle East and North Africa benefit from the services and products offered by our Cairo, Egypt office.
From Cairo, we serve the particular IT Security needs of corporations and institutions in the Arabian Gulf, North Africa and the Levant.

Read about our IT Security Consulting services for the Middle East.

Security isn't just about security; it's about your business. We focus on providing solutions tailored to your corporate goals and the real threats you face. Read about Our Approach - the foundation for all our work.

Focus on your business:

  • We help you stay competitive. We use our knowledge and experience to benchmark your risk against your industry.
  • We value actions by their consequences. Our focus is consequences, not just risk.
  • We focus on our relationship with our customers. Our goal is to be your trusted security advisor.
  • We provide recommendations that are vendor independent to give you the freedom to implement the solution that suits you best.
  • We help you stay competitive. Our business is security, not just consulting.
Focus on our experience:
  • We have a wide variety of clients in a broad range of industries. That exposes us to the need for many different architectures, designs, and solutions.
  • Our consultants are IT security professionals who’v/clients/index.jsp with Fortune 500 companies or in the financial, energy, insurance, media and consumer goods industries.
  • Our team of consultants is made up of Certified Information System Security Professionals (CISSPs).

 

Back to top
Home