The Royal Mail has awarded an IT security contract, based on a vulnerability scanning service set up to protect the e-commerce infrastructure that supports Royal Mail UK, Post Office Limited and Parcelforce.
QinetiQ will manage a service which includes QinetiQ’s own Managed Vulnerability Assessment and Alerting Service (MVAAS), Security Health Check and the Qualys vulnerability scanning feed, QualysGuard. Martin Roe, Royal Mail IT security manager, said: "The Royal Mail is moving increasingly to web-based operation and we have to have real-time security. This means an automated solution to counter the automated attacks of hackers. QinetiQ has unique security management experience and, when combined with Qualys’ leading industry technology, this has provided a cost-effective fully automated vulnerability service that will enable the Royal Mail to remain at the cutting edge of vulnerability detection and prevention."
The service will provide the Royal Mail with valuable support for their operations teams by identifying and managing vulnerabilities in the e-commerce infrastructure, thereby reducing the risk of security breaches that may prove costly in reputation, financial and operational terms, the firms say.
What they say
Alan Hood, a Senior Security Specialist in QinetiQ Security Health Check, said: "As a trusted supplier of penetration testing and security consultancy to the Royal Mail for some years, QinetiQ is well placed to understand the demands of their business. We are delighted to have been selected to manage this important piece of work and look forward to supporting the Royal Mail’s vision for a more secure infrastructure and estate. By integrating QualysGuard with QinetiQ’s own MVAAS and Security Health Check we are able to provide our customer with deep visibility and increased understanding of the IT security challenges they face. This is no small feat when you consider the size and complexity of the Royal Mail’s e-commerce infrastructure."
The service will initially focus on external facing elements of the infrastructure where threats from hackers are most severe. Simple status reports can be sent at any time to both security and management teams in Royal Mail, with advice on required remedial action and patch management provided as appropriate.
