InfoTech builds out solutions portfolio with new security stack

Multi-disciplinary technology company InfoTech has expanded its portfolio with the launch of a new security stack backed by cyber security experts, to offer security testing, audits, recommendations and solutions.

Mauritz du Toit, CEO at InfoTech, says the new service is in line with the company's ongoing 'disruptive expansion' strategy. "The security assessments offer comprehensive penetration, vulnerability and risk testing. Our security team also monitors the dark web to proactively detect threats, and goes so far as to assess gaps in cyber security skills and awareness within the organisation's workforce," he says.

InfoTech's cyber security specialists make recommendations on areas for improvement and can also action these improvements.

"The assessments can be carried out per environment, on an ad hoc basis, with no long contractual commitment," he says. "We have automated much of the audit and pen-testing processes to reduce the costs of audits and make them more accessible to more customers."

Du Toit says the new service has been welcomed in the market, where their customers now prefer to work with a single service provider.

"We see growing demand from public and private enterprises to work with one company providing all their IT services," he says. He notes that the security stack complements InfoTech's infrastructure as a service, backup and disaster recovery solutions and services.

Here's how InfoTech's security assessment complements its other security services:

• *Identifying vulnerabilities and threats:**

A security assessment helps identify potential vulnerabilities and threats within the IT infrastructure, including the systems used for backup, DR and IaaS. By understanding security weaknesses, you can better design and implement protective measures.

• *Data protection and confidentiality:**

Security assessments focus on ensuring the confidentiality, integrity and availability of data. This is crucial for services like backup and IaaS, where sensitive data may be stored or transmitted. It ensures that data is protected both during regular operations and in the event of a disaster.

• *Access controls and identity management:**

Assessments evaluate access controls and identity management systems. For services like IaaS, ensuring that only authorised personnel have access to critical infrastructure is paramount. This also ties into the security of backup and disaster recovery data.

• *Security of communication channels:**

Evaluate the security of communication channels used for data backup and transmission. This is particularly important in the context of DR, where data needs to be replicated and restored securely.

• *Incident response planning:**

Security assessments often include reviewing and enhancing incident response plans. In the case of DR, having a robust incident response plan ensures a swift and effective recovery from any disruptive event.

• *Compliance and regulatory requirements:**

Security assessments help ensure that the IT infrastructure, including backup, DR and IaaS components, complies with relevant industry regulations and standards. This is critical for businesses that need to adhere to specific compliance requirements.

• *Security awareness and training:**

Evaluate the level of security awareness and training within the organisation. Users and IT personnel should be educated on security best practices, especially when dealing with critical services like backup and IaaS.

• *Encryption and data protection measures:**

Assess the use of encryption for data in transit and at rest. This is essential for securing sensitive information stored in backups and on IaaS platforms.

• *Secure configuration of infrastructure:**

Ensure that the configuration of infrastructure components is secure. Misconfigurations can lead to vulnerabilities that could be exploited. This is critical for both IaaS and DR systems.

• *Integration of security controls:**

Integrate security controls seamlessly into the backup, DR and IaaS processes. This includes mechanisms for monitoring, logging and alerting for any security incidents.

• *Third-party and vendor security:**

Assess the security practices of third-party vendors involved in providing backup, DR or IaaS services. This includes evaluating the security measures implemented by cloud service providers for IaaS.

• *Physical security considerations:**

Consider the physical security of data centres and facilities where backup and DR infrastructure is housed. Physical security is a critical aspect of overall data protection.