Security Services & Compliance
The Security Services & Compliance service assesses infrastructure security and safeguards administrations’ IT departments. The ultimate goal of Security Services & Compliance is to support the activities of data transfer to the cloud, which is why the service is divided into two phases: migration and verification.
The migration and verification phases are complementary. Together they permit any application ‘remediation’ to increase the security level of the application pool.
The migration phase
Polo Strategico Nazionale supports the migration of Public Administration workloads and applications with specific designs and security controls. For example:
- It supports the alignment of security and migration strategies;
- It assesses threats and vulnerabilities of the AS-IS;
- It drafts the security control gap analysis document based on target architecture (TO-BE);
- It supports the implementation of controls and policies:
- It supports risk analysis and compliance audits;
- It performs Audit and Pre-Audit activities.
The verification phase
After the migration phase, Polo Strategico Nazionale begins the crucial phase of verifying the migrated workloads.
Assessments include:
- Vulnerability Assessment for detecting infrastructure vulnerabilities in the case of Housing, Hosting and IaaS services;
- Static Application Security Testing for tests on applications’ source code;
- Dynamic Application Security Testing for tests on running applications;
- Application penetration testing;
- Continuous security monitoring.