Openwave has an excellent state-of-the-art Offshore Delivery Center (ODC) at Chennai, India. Some details of the Physical and IT infrastructure are given below :
This is a 10,000 sq.ft facility spanning across 3 floors with around 200 seats for project teams. It also includes conference rooms, meeting rooms, training rooms, dedicated blocks for each technology related projects, etc.,
We maintain our IT infrastructure at high performance levels in terms of Availability and Realiability (99.9% uptime). Some of the features are as follows :
- Minimal hours of downtime
- Web Servers
- Load Balanced
- Private Network
- Managed Firewall
- Window Server 2003/Linux Server
Openwave has standardized extremely reliable components to maximize system- and application-level uptime. With high mean time between failure (MTBF) and internal redundancy, the infrastructure as a whole can sustain multiple losses of components before the application itself is impacted.
Openwave has a well-documented security policy which is formulated as per the ISO / BS7799 best practices. A detailed Security Procedures document describes procedures and activities to be carried out as per this security policy. These policies and procedure documents ensure confidentiality, integrity and availability of information assets.
Openwave Offshore Infrastructure Security consists of the following components:
- Network Security
- Desktop & Server Security
- Physical Security
- Openwave has taken several initiatives to protect its network from internal and external hacking.
- Sonicwall NSA 2400 Firewall has been deployed on all Openwave Internet gateways to control access to the offshore network from Internet
- Separation of Client network by firewall / Creation of air gapped network
- Intrusion Detection Systems can be based on any specific requirement from our clients.
- A regular analysis of firewall and IDS logs is also done to find out any suspicious activities.
- Symantec Firewall at the desktop level
- Symantec Enterprise security manager
- Openwave network can be segregated into Trusted zone , DMZ and distrusted zones
- Intrusion detection systems have been installed at gateways. The logs are continuously monitored to detect and handle unauthorized intrusions
- Changes to configurations and access list on these systems go through a formal change management process eliminating misguided or inadvertent changes. The change management process is in place for all infrastructure related changes – internet downloads, software installations, requirement for additional privileges or admin rights, Network changes, changes to access control lists on routers/ firewalls, domain servers among others.
- All O/S /Firewalls/routers/Web facing servers are hardened prior to use in accordance to a checklist and are tested periodically for compliance to these checklists.
- Appropriate content filtering products have been deployed for the mail and the internet gateway
- Admin rights on desktops/servers and Internet access is strictly controlled and is given after the approval through proper workflow
- Default services which are not required are blocked / disabled wherever not deemed necessary
Desktop & Server Security
- Projects are given their own servers, desktops and access permissions are so defined that nobody external to the project has access
- Software installations are done by the Openwave Infrastructure team. In case the network is air gapped, System Admin personnel will be appointed to install all these soft wares
- All desktops are protected with power on password
- Access to resources are restricted based on combination of user authentication and access lists
- Staffs have only general user level passwords and the Infrastructure team controls the Administration Passwords
- No remote access facility is available to the offshore setup, except to Dot NET team manager
- Unwanted paper based information are disposed off using paper shredders
- Users are made aware of the Clean desk policy of Openwave where users need to keep the paper based information in locked cabinets/ draws when not in use
- Openwave Desktop Security procedures are enforced through a new Windows Domain set-up
- Password policy, user account lockout policy, desktop settings, automatic locking of user desktop after a specific period of inactivity, auditing policy are set through the Windows Domain
- Internet access is only given after proper approval from the Project Managers and Information Security Manager
- System Event Logs for servers are regularly monitored by the System Admin team
The Symantec Antivirus End-Point projection 11.0 software gives the control over scanning operations. The Virus Scan Enterprise software supports both servers, workstations. Auto protection is enabled in all the desktop and servers.
All drives are scanned on a daily basis for both server and desktop. Scanning includes local and network drives, as well as e-mail messages, attachments. Any detected, virus infected files are cleaned / quarantined as per the policy.
Access Control List:
Domain Based Access Control List (ACL) is implemented for the entire folder structure. Based on ACL, users will be having read or modify access.
Service Packs and Hot fixes are the patches from Microsoft for desktop and server. Service packs are used to patch a wide range of vulnerabilities and bugs. Hot fixes are meant to patch a more specific problem.
- Network Attached Storage (NAS) Openwave have an Online Backup with NAS, in case the server or HDD is down (for whatsoever reason), within a couple of hours we will restore the DATA and Server to uptime.
- LTO4 Backup : Openwave has a LTO4 Tape Drive with Cartridges for External Backup. We have daily, weekly & Monthly backups with Incremental, Differential and Full Backup. we maintain backup extend to our remote locations as well.
The following are in place for physical security:
- Physical Security is the first level deterrent in our layered security approach. Our ODC has a dedicated Admin Head to oversee these controls.
- Security starts with assigning ODC a separate work module for its development activities.
- Each center/premise is guarded by 24*7 security guards enrolled from reputed security agencies.
- Background checks are carried out for the security guards
- All associates have a valid photo identity card, which is required to be displayed at all times when the associate is in the premises.
- Access to each business premise/location, especially the critical business information processing facilities is controlled by a physical access control system. Access Logs for critical area are monitored regularly.
- Access to ODC/Projects work module is restricted only to associates of that particular ODC/Projects.
- A well-defined mechanism is in place for granting, reviewing and revoking of access in the ODC / Projects / Premise.
- Sound visitor management policies are in place to control entry into premise. Logs are maintained for visitors
- Visitors are restricted from visiting the work areas
- Media/property movement is restricted, controlled, recorded and analyzed
- Equipment Reuse and Disposal Policy is in Place
- Controls are in place for equipment disposal and reuse to ensure information is not compromised through these means
- Maintenance/repairs by third party is in presence of the asset custodian
- Non Disclosure Agreements have been signed with all our third party vendors
- Openwave follows a ‘Clear Screen and Clear desk Policy’ to reduce risk of unauthorized access, damage to and loss of information both during and outside working hours
- Adequate power backup arrangements are in place for any contingency and unwarranted situation
- Premise and Equipment is suitably protected against environmental hazards
- Openwave has a well developed fire prevention and detection program (fire alarms) and drills are carried out periodically to test the same
- Cameras, Video or other recording equipment are not allowed inside the work premises