This article was orginally published in Security magazine.
Jason Albuquerque is Chief Information Officer (CIO) and Chief Security Officer (CSO) at NWN Carousel, Inc. Headquartered in Exeter, R.I., NWN Carousel is a provider of managed services, including cloud, data center and security, as well as communication and network technologies. A Carousel leader since 2012, Albuquerque is recognized as an information technology, information security and enterprise risk and compliance expert for one of the largest and fastest-growing privately-held IT services firms in the U.S.
As Carousel’s first CSO, Albuquerque architected and implemented the company’s first Enterprise Information Security and GRC (governance, risk and compliance) program, building a diverse and talented team that now helps support 27 offices, 1,300 employees, and 6,000 global clients.
“Four years ago, our organization needed to reinvent our model for supporting our customers. Many security risks in the traditional MSP support models were identified by myself and my team. This evaluation gave us the opportunity to plan, design and architect a next-generation ‘secure by design’ managed services architecture,” Albuquerque says.
The delivery of Carousel’s Managed Services required the implementation of a Service Delivery Gateway (SDG), which is designed to provide device auto-discovery, monitoring, performance management, secure remote access, device level authentication and tools for improved diagnostic capabilities. The SDG is deployed with a secure abstraction layer between Carousel’s network operation center and the client’s environment ensuring the confidentiality, integrity and availability of the client’s critical data. The National Institute of Standards and Technology (NIST)-based architecture guarantees the highest levels of authentication, access control, auditability, availability and scalability.
The SDG allowed Carousel’s managed services team to obtain alerts, alarms and performance information from the client’s environment. “As anomalous, degraded, and service-affecting conditions occur, Carousel’s service personnel can securely authenticate to the support devices, and investigate, evaluate, diagnose and resolve detected incidents. In addition, our SDG maintains an audit trail of all access and records all session for detailed auditability. This architecture has been vetted and supported by some of our most security conscious and regulated clients, within healthcare, financial, nuclear power organizations and law enforcement for example,” Albuquerque notes.
By undertaking and successfully completing this initiative, Carousel’s skilled security team bridged the gap, Albuquerque says. “This project took us from a traditional security and compliance team, to an elevated posture in the company that has led us to be a strategic, business-aligned, opportunity-enabling security center of excellence for Carousel and our clients to benefit from. By being a business enabler within Carousel, we help introduce security focused innovations, drive revenue, identify new opportunities, design new services and create a security-driven business differentiator for our company.”
Albuquerque believes in both giving back and paying it forward. He is a member of the Rhode Island Joint Cyber Task Force run by the R.I. State Police, a member of Congressman Jim Langevin’s Cybersecurity Advisory Committee, R.I. Tech Collective Board of Directors, Tech Collective Cyber Security Advisory Committee, Board Member of Narragansett Council of the Boy Scouts of America, Co-host of the Business Security Weekly Podcast and InfraGard member.
Read the article in Security magazine.