Secure Development and Production Infrastructure Consultancy
2T Security provides a vendor-independent service to assist clients in the design and delivery of their infrastructure required to support
networking and infrastructure hardware and services capable of hosting data and services at all levels of security. We can help with selection
and procurement processes, system design and documentation, as well as the relevant procedures for their use. This service helps our clients in
rapidly building a project-specific environment to support development and document hosting; it can also help them to build a strategic environment
that operates at a higher impact level than their existing IT is designed for. This can help support the development of services ready for easy
migration onto IL2 and IL3 G-Clouds. Our philosophy is to provide only the amount of help and support that is required; we are happy to teach our
clients how to build and run the environment to enable in-house management, or we can work autonomously and deliver them an environment that allows
them to focus on their core business functions.
We have experience of requirements specification, design, procurement, build, and run of environments accredited to process assets up to IL6.
In particular, we can help with enabling safe data transfer across Protectively Marked domains, for example, where "isolated" environments are
required, but data such as anti-malware and anti-virus updates are required to be automatically sent to the environment. We have developed "template"
designs that have survived the rigours of CESG review, and are proven in the field.
Rapid design and deployment of new environments — hardware lead-time is measured in weeks rather than months.
We help define environmental strategies to ensure that the environment aligns with the longer term business plans and
technical strategy of our clients.
Modular approach to functionality — we can rapidly deliver a minimal set of requirements for our client's immediate needs,
which can then be augmented in stages to support enhanced requirements.
Template designs that have been reviewed through CESG IA architecture team.
Automation of onerous tasks to enhance security through consistency and timely execution.
Advice and designs to enable data transfer between Protectively Marked domains, either manual or automated depending on the
requirement and business benefit.
The provision of a new environment, especially for higher impact levels, can be a complex and time-consuming task. We can help with many
of the steps needed, including:
Establishing requirements for the environment, including both the business requirement and the IA requirement and constraints.
Tactical and strategic design for the environment.
Procurement of equipment for the environment.
Delivery of the environment.
Initial configuration and installation of the environment.
Development of procedures for administration and use of the system.
Training to enable in-house administration of the environment.
Ad-hoc support for the environment on a call-off basis.
Deployment utilising both virtualisation as a separation mechanism as well as physical segregation, aligned with the threat to the environment.
Design of Security Enforcing Functions to enable and control data flow between Protectively Marked domains, that provide robust security
and are capable of being highly assured for their function.
Design of local environment to enable remote connection to G-Cloud capabilities, to comply with the appropriate Code of Connection.
Our design service can help provide solutions to infrastructure issues, including:
Wide area network and remote site interconnectivity
Local segregation and DMZ designs
Firewalls — virtualized, software and hardware
User directories and central account management
Centralized endpoint management
Data import into high-side environment (manual or automated)
Data export from high-side environment (manual or automated)
Anti-virus and anti-malware services
Centralized patch management
Network port security (only authorized endpoints can connect)