![[Data protection regulations and international data flows: Implications for trade and development (April 2016)]](/public/ssi/pubs/pub_6.png)
Services
- Summary
- Cloud Computing Strategy and Advice
- CyberSecurity Research and Advice
- International and Cross-Border Research
- Specialised Legal and Regulatory Consulting
- Strategic Privacy Consulting
- Privacy Management Lifecycle: Our Privacy Products and Services
- Self-regulation and Codes of Conduct
- Issues Management: Public and Stakeholder Consultations
- ICT Advisory Services
- Identity Management and Authentication - Strategic Consulting
- Identity Management and Authentication - Technical Consulting
- Identity Management and Authentication - Cloud and Software-as-a-Service (SaaS)
![[ Galexia Dots ]](/images/hr.gif)
Galexia delivers specialist research and advisory services. Galexia has expert consultants in cloud computing, cybersecurity, identity, digital economy, privacy, authentication, electronic commerce and new technology. We leverage our legal, business and technical knowledge to deliver successful business strategies to a diverse range of clients.
Galexia works closely with clients to identify and resolve legal, technical and strategic issues in projects that raise privacy, security, identification or authentication issues. We help a diverse range of international, business and government clients to understand their legal, regulatory and best practice requirements, and to develop compliance tools, manage stakeholder consultation and architect solutions.
Galexia has an up to date understanding of cloud computing, cybersecurity, privacy, identity, digital economy, identification and authentication technology and strategies. Our team has expertise in law, policy, technology and public relations. We have a wealth of experience in conducting and participating in industry and consumer consultations, and in delivering briefings at CEO, Board and Ministerial levels.
| |||||||||
Our focus is on research, advice, strategies and solutions involving cloud computing, e-commerce, identification, identity management, authentication, security and privacy in Australia, Asia-Pacific, Europe and globally. Read more »
We have deep involvement and experience in a number of sectors, including government, banking & finance, consumer rights, data brokers & infomediaries, education, eHealth, ICT, legal, telecommunication. Read more »
Summary
Galexia works closely with clients to identify and resolve legal, technical and strategic issues in projects that raise privacy, security, identification or authentication issues. We help a diverse range of international, business and government clients to understand their legal, regulatory and best practice requirements, and to develop compliance tools and manage stakeholder consultation.
Galexia has an up to date understanding of cloud computing, cybersecurity, digital economy, identification and authentication technology and strategies. Our team has expertise in law, policy, technology and public relations. We have a wealth of experience in conducting and participating in industry and consumer consultations, and in delivering briefings at CEO, Board and Ministerial levels.
Galexia’s team has skills in public relations, clear communication and in dealing with the media as part of the consultation and presentation of project outcomes.
We think strategically and then propose and critically assess solutions, rather than simply inform clients in a legalistic and mechanical way.
Galexia has an excellent track record in working closely with clients to develop appropriate project methodologies and deliver quality project outcomes, based on best practice management systems and high quality infrastructure and support. We take an open, transparent and collaborative approach. We make project materials available via our secure extranet so that clients have the opportunity to collaborate in the project.
Galexia delivers specialist management consulting, research and advisory services to our clients. Our services include:
- Cloud Computing Strategy and Advice
- CyberSecurity Research and Advice
- International and Cross-Border Research
- Specialised Legal and Regulatory Consulting
- Strategic Privacy Consulting
- Privacy Management Lifecycle: Our Privacy Products and Services
- Self-regulation and Codes of Conduct
- Issues Management: Public and Stakeholder Consultations
- ICT Advisory Services
- Identity Management and Authentication - Strategic Consulting
- Identity Management and Authentication - Technical Consulting
- Identity Management and Authentication - Cloud and Software-as-a-Service (SaaS)
Cloud Computing Strategy and Advice
Galexia is at the cutting edge of providing strategic advice and analysis of cloud computing issues to a range of global clients. We have developed unique methodologies for assessing cloud readiness, and we provide advice on legal and regulatory challenges as well as infrastructure issues.
Galexia is experienced in assisting individual organisations to make the transition to cloud computing, while managing their legal and regulatory responsibilities. This has included advice on privacy, security and intellectual property issues as clients utilise cloud services to store and process data or to take advantage of online services.
Galexia’s team has also completed some of the world’s largest comparative analysis of whether countries are ready for cloud computing, including the analysis of laws, regulation, policy and infrastructure in 14 Asia Pacific countries in 2011 and 24 global countries in 2012, 2013 and 2015.
CyberSecurity Research and Advice
Galexia has expertise in cybersecurity advice and conducts large-scale, global comparative research on cybersecurity strategies and infrastructure.
Galexia is at the forefront of international research and advice on the policy issues that arise for countries addressing cybersecurity issues. This includes advice on national cybersecurity strategies, critical infrastructure protection and the establishment of cybersecurity management and alert systems. Key elements include:
- Cybersecurity risk assessments
- CERTs
- Public Private Partnerships (PPPs) and industry collaboration
- National and multinational cybersecurity exercises
- Cybersecurity standards and audit requirements
- Sector specific cybersecurity plans
- Cybersecurity education and awareness strategies and campaigns
National Incident Management Structure (NIMS)We have expertise in the policy complexities that arise for countries addressing cybersecurity issues. We provide advice on national cybersecurity strategies, critical infrastructure protection and the establishment of cybersecurity management and alert systems.
Galexia is currently engaged in a large-scale international benchmarking exercise of cybersecurity strategies and infrastructure. Galexia’s research on cybersecurity includes a detailed country-by-country analysis of legislation, regulations, government policy, standards and infrastructure related to Cybersecurity in 38 countries, including 10 Asia-Pacific countries and the 28 EU member countries. This analysis also identifies the key entities operating in each jurisdiction.
Galexia can assist clients assess geo-political risks, infrastructure, cybersecurity readiness and other benchmarks in addressing cybersecurity issues across multiple jurisdictions.
International and Cross-Border Research
Galexia has expertise in international research and analysis, and conducts large-scale comparative research for our clients. We utilise an extensive network of global partners and associates to deliver up to date analysis on technical, legal and policy developments in both developed and developing countries.
Galexia has extensive experience in delivering customised international research to our business and government clients. We have developed unique methodologies for analysing, rating and measuring progress in individual countries against key criteria. We utilise collaborative cloud based reporting tools to provide real time access to our research and analysis.
Galexia has completed international research in a wide variety of fields, including Cybersecurity education, electronic health records, cloud computing readiness, privacy laws and enforcement, interactive gambling regulation and electronic contracting.
Galexia’s work in this area has included:
- Cybersecurity standards and requirements in international banking and prudential regulations
- Detailed analysis of Free Trade Agreements and other bi-lateral agreements;
- Detailed analysis of global and regional treaties and agreements;
- Comparative analysis of national laws;
- Multi-country advice on cross border data transfers, IT outsourcing, data retention, etc;
- Advice to government agencies and departments on cloud computing initiatives;
- Publication of large scale legal information resources;
- Development and conduct of multi-country surveys; and
- Development and publication of regional and country implementation guides for digital economy regulation and infrastructure;
Specialised Legal and Regulatory Consulting
Galexia delivers detailed legal and regulatory analysis with a strategic perspective.
Our extensive legal background and our understanding of the impact of new technology on business processes allow us to deliver detailed and up to date legal and regulatory analysis. The task of interpreting legislation and regulations which have an impact on new technology products and services is one of Galexia’s core areas of expertise.
Galexia is particularly adept at performing this task in situations where more than one law or standard applies. We are able to develop compliance cross reference tables matching key administrative tasks and processes against all compliance requirements. We also possess the expertise to use these tables in developing plain language, well structured policy, process and guideline documentation.
Galexia has provided advice in every Australian jurisdiction, the EU, Hong Kong, Japan, Korea, New Zealand, Taiwan, the United States and all Member Countries of ASEAN (Brunei Darussalam, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam).
Galexia staff and associates continue to publish up-to-date articles on all aspects of electronic commerce law, and we provide online teaching materials for Cyberspace Law and Electronic Commerce Law courses at the University of NSW.
Strategic Privacy Consulting
Galexia has expertise and experience in privacy compliance and privacy management.
We integrate our privacy products and services with business process, software development and technology implementation project lifecycles. Our projects have involved large-scale and technically complex applications. Typically in these projects, getting the privacy right is a core business requirement.
Our privacy consulting focus is on compliance advice and compliance strategies for organisations in a range of jurisdictions. We have direct experience of privacy compliance issues in Australia, the EU, Hong Kong, Japan, Korea, New Zealand, Taiwan and the United States.
Privacy Management Lifecycle: Our Privacy Products and Services
The management of privacy issues is a recognised (and maturing) compliance task. Galexia has developed a range of tools to assist in privacy management.
Clients may wish us to be involved in a single aspect of privacy management, ask us to be involved in the privacy management of a whole project, or seek our advice on a regular basis.
Our services and tools include:
Design
Privacy Impact Assessment (PIA)
This assessment identifies privacy issues in specific sectors or applications. A PIA process is particularly useful in implementations of new technology or new processes. By using the PIA tool at the design stage of an implementation organisations can avoid privacy errors and the costs of rectification at later stages.
Privacy Management Strategy (PMS)
This tool is used to develop and implement a risk management strategy and practical action plan. Each privacy issue is allocated a response and action is delegated to individuals or organisations. The PMS includes a compliance timetable.
Privacy Risk Management
Public and stakeholder consultations on the chosen strategy are often as important as ensuring technical compliance. Effective consultation can help identify and manage key privacy risks.
Solution Implementation
Privacy Oversight Committee
This tool is used to develop a governance structure to oversee privacy issues arising throughout the life of the implementation. Some privacy issues may not be ascertained at the design stage so reviews and audits under the direction of an oversight committee are often necessary.
Documentation
We assist clients to develop documentation which addresses identified privacy concerns, including privacy manuals, web site privacy policies, integration with existing policy and procedure documents, and customer consent forms.
Training and education
We develop content for and present educational materials and training workshops for staff and key service providers to ensure that the client’s entire business is privacy aware.
Ongoing
Outsourced Chief Privacy Officer (CPO)
The Chief Privacy Officer is responsible for managing privacy compliance within an organisation over time as processes and regulations change. This responsibility may fall within an existing role, or may give rise to a new role. We can advise the client in relation to the structuring of that role in-house and provide assistance to that role, or it may prove more cost effective to outsource that role to us.
Assist in-house Chief Privacy Officer (CPO)
We can provide advice and assistance to an in-house CPO on a retainer or ad-hoc basis. Assistance can include handling complaints and inquiries, providing updates on legal and regulatory developments, and helping meet reporting requirements.
Monitoring - Privacy audit
Reviewing the effective adoption and use of complying processes and documentation on a regular basis (including by independent audit) is a useful tool in identifying and managing privacy risks. It also raises public confidence in the management of privacy, particularly in new technology projects. This process is targeted at identifying and dealing with problems before complaints or claims are received.
Self-regulation and Codes of Conduct
Galexia delivers strategic advice on industry self-regulation and codes of conduct.
Galexia provides advice on a range of best practice regulation, including industry self-regulation, co-regulation, and codes of conduct. We understand that different regulatory models suit different applications, and advise on the most appropriate model for a given context.
Our legal and technological expertise spans electronic commerce, privacy, identity, authentication, and consumer protection, across a range of industries. We are in a unique position to balance regulatory and best practice requirements with business needs and stakeholder or consumer concerns.
Galexia’s approach and methodology for the development of Codes of Conduct encapsulates best practice approaches to self-regulation and fosters industry consensus and ownership.
Galexia can provide detailed best-practice advice on all of the following:
- Code membership requirements
- Conduct and obligations
- Complaints and Enforcement
- Code governance and review
- Identification of Implementation Steps and Transition Issues
- Code Registration and/or Authorisation
|
||
|
|
Related projects Case studies and research
Recent news and updates
|
|
|
|
||
Issues Management: Public and Stakeholder Consultations
Our team has a wealth of experience in conducting and participating in industry and consumer consultations and workshops, and in delivering briefings at CEO, Board and Ministerial levels.
While we have our own extensive network of contacts we also work closely with clients to assist in the consultation process. We are experienced in managing stakeholder liaison and providing stakeholder services such as conducting workshops, stakeholder correspondence, media analysis and advice on the media response.
Galexia’s team also have experience in public relations, clear communication and in developing documentation such as media kits, Frequently Asked Questions, fact sheets, discussion papers and workshop information packs.
ICT Advisory Services
Galexia is a high-quality provider of ICT strategy, procurement and implementation services.
Galexia has expertise and experience in ICT strategic consulting, solution architecture, software development and systems integration. Galexia was founded in 1999 as an online services provider, building some of the earliest major online portals for large organisations including the Law Society of NSW and the Law Institute of Victoria.
Galexia continues to provide high-quality technical services - from best-of-breed small business ICT/cloud strategy development, procurement and cloud implementation through to enterprise-level online services and support. We can provide:
- advice on technology procurement;
- with implementation of best practices - designing security, backup and systems management processes;
- advice on architecture and management of ICT solutions;
- and project management services;
- on new technologies, including Google Apps and other cloud computing services;
- and support for enterprise Java-based technology;
- 'outsourced CIO' capabilities.
Our ICT services help businesses to leverage the latest technologies - from basic email and document sharing to cloud computing, provisioning processes, simple directory solutions, and backup and disaster recovery solutions.
Galexia’s expertise in business systems, new technologies and policy issues is founded on our strong grounding in the technical design and real-life operation of highly available ICT systems. Galexia has helped various clients with online services and support, including:
- Law Institute of Victoria
- Law Society of New South Wales
- Flat Technologies
- UTS
- NSW RTA
- Lord Howe Island Museum
- Sydney Water
- Priscilla’s Model Management
- Nosecone Australia Pty Ltd
- Foundations (AU) Ltd
- NSW Attorney General
- Box Hill Institute
- Macquarie Bank/Fairfax - Trading Room
- Friends of the Earth (UK)
- Greenpeace (Australia)
- GST Pay
- Lawpoint
- News Interactive
- Grange Securities/Surfboard
Galexia has provided ICT advice to both start-up companies and large multi-national enterprises. Galexia has particular expertise in enterprise-level communication and collaboration tools, and has engineered large-scale email systems. Galexia also takes particular interest in emerging platforms (secure approaches to mobile and cloud computing).
Identity Management and Authentication - Strategic Consulting
Galexia delivers advice on the complex technologies and applications of identity management and authentication.
Galexia has expertise in identity management and delivering electronic authentication advice.
Galexia’s expertise on identity management includes consideration of the policy context as well as technical design issues, legal compliance, political considerations and community attitudes. Our background in law, technology and public relations makes Galexia uniquely suited to delivering strategic advice on identity management.
Our consultations in authentication involve identifying and analysing the current legal and regulatory framework for the use of electronic authentication, with a particular focus on identifying obstacles to progress, and making recommendations for how such obstacles can be overcome.
Our technical background in both these areas gives us a unique understanding of the inner workings of electronic authentication and identity management technologies and ensures that we provide accurate and detailed advice and analysis in both of these areas.
|
|
||
|
|
Related Projects
Case Studies and additional research
Recent news and updates
|
|
|
|
||
Identity Management and Authentication - Technical Consulting
Galexia has expertise in identity management technical architecture and implementation, including strategy, business and technical requirements, architecture and design.
Galexia has Government and private sector clients in Australia, Asia-Pacific, North Asia, Europe and the USA. Galexia Directors and team members have provided consulting services to many of the largest identity, access management and authentication initiatives in Australia.
Identity and Access Management
Galexia is a trusted advisor partner on a number of identity management projects. Galexia provides:
- Stakeholder consultation and business, requirements and risk analysis;
- Technology evaluation to choose relevant products and vendors, based on wide experience;
- Strategy, architecture and design supported by detailed technical knowledge and best practices;
- Planning for deployment;
- Useful, realistic and respected consulting advice;
- Open communication;
- Delivery of professional and high quality outputs and outcomes;
- A depth of technical, business and legal knowledge and experience.
Galexia has specialised in the architecture of distributed identity solutions, including authentication, authorisation, accounting, auditing, single sign-on, federation, provisioning, synchronisation, public key infrastructure and emerging user-centric (Identity 2.0) approaches.
Galexia has provided senior consulting services to large-scale identity management architecture projects for customers including Australian Government Online Service Point (AGOSP) Authentication Team, Vodafone, Telstra, Bigpond, Sensis, Foxtel, the Australian Taxation Office, the Roads and Traffic Authority NSW and Singapore Government.
The combined user population of the identity management systems Galexia has designed is in the tens of millions.
Galexia’s Identity and Access Management (IdAM) Guiding Principles
Galexia’s methodology includes 6 IdAM best practice principles that should be applied to programs of work, activities and individual projects.
|
IdAM Guiding Principle |
Example application (and this will vary on a case-by-case basis) |
|
|
|
1. Common Governance |
Provide central control while also supporting the flexibility of autonomous execution across various business functions. Align IdAM projects with key initiatives to maximise business impact. |
|
|
2. Invest in Standard Solutions |
Invest in commercially available products when possible and deploy with minimal customisation. Reduce or eliminate the development of in-house solutions/tools which can be costly to maintain and difficult to integrate. |
|
|
3. Reuse, Replicate, Standardise |
Where possible, centralise IdAM process execution, reuse existing technologies, replicate proven processes, standardise technologies and architectural patterns. |
|
|
4. Automate |
Where possible, provide process automation and/or system driven execution. Streamline provisioning processes. Establish workflows and accountability matrices for sustainability. |
|
|
5. Enable |
Enable the business by investing in people, training and communication as an integral component of execution. IdAM processes and solutions are operationalised across the organisation for sustainability. |
|
|
6. Measure |
Measure and monitor the IdAM program at various levels, considering the customer, key performance indicators, key risk indicators, compliance, and adherence to service expectations. |
Galexia’s Identity and Access Management (IdAM) Strategy Process and Product Evaluation Matrix
Phase 1: Engage
In this phase, the client and Galexia agree on the project scope and timetable, establish communication and collaboration mechanisms, and decide on reporting requirements.
Phase 2: Identify
This phase focuses on identifying relevant inputs via stakeholder consultations and collection of other relevant materials.
Phase 3: Analyse
In this phase, Galexia develops analysis and advice in a number of key documents:
- 1: Business Requirements, based on analysis of materials collected in the Discovery phase;
- 2: Technology Evaluation, comparing a number of vendor offerings across metrics relevant to the identified requirements; and
- 3: Identity and Access Management (IAM) Strategy, a technology-neutral document setting out a broad vision, identifying key requirements and goals, and presenting a high-level architecture.
Phase 4: Plan
Based on the recommendations and outcomes of the analysis, Galexia will assist in the planning for implementation, including a:
- Broad, Implementation Roadmap; and
- More specific Implementation Proposal with a design and scope for proceeding with implementation activities.
|
|
||
|
|
Galexia Directors have a long history with Identity and Access Management Strategies and Roadmaps
Related Projects Case Studies and additional research
Recent news and updates
|
|
|
|
||
Identity Management and Authentication - Cloud and Software-as-a-Service (SaaS)
With the accelerating adoption of cloud-based SaaS applications, organisations are increasingly facing new identity and access management (IAM) related challenges, including:
- Proliferation of credentials
- Separate user repositories for each SaaS application
- Control of access entitlements and the identity lifecycle
- IAM interoperability: enterprise, cloud and social media
- Cloud identity authentication and provisioning: standards, proprietary integration and vendor lock-in
- Mobile application authentication and credential management
- Support for multi-factor authentication
- Support for identity attribute aggregation
- Identity gateways, bridges, routers
- Consistent application of security and privacy policy
- Scalability of cloud-based IAM
Galexia can provide an assessment of the impact of these challenges in an organisation, an approach for avoiding common pitfalls, and a roadmap that will turn challenges into opportunities.
Galexia offers a number of Cloud IAM services:
- Policy development
- Strategy development
- Roadmap, options and costs
- Product and vendor evaluation
- GRC and auditing
- Identity lifecycle business process analysis and re-design
- Design principles and best practices
|
|
||
|
|
Case Study: AEMO - Single Sign On (SSO) with Cloud (Software-as-a-Service (SaaS)) Galexia provided AEMO (Australian Energy Market Operator) with options for implementing Single Sign-On (SSO) to external Software-as-a-Service (SaaS) applications. Our consultants performed an analysis of AEMO's authentication requirements, internal and external applications, and existing processes. We used our expert knowledge of cloud-based SSO technology vendors and solutions to select and cost the best approach, based on proven cloud identity design principles and best practices. |
|
|
|
||
print this page
sitemap
rss news feed
manage email subscriptions
