Our Blog

where we write about the things we love

23

Oct

Navigating the modern cybersecurity landscape

Last week’s Cybersecurity Summit held at Te Papa in Wellington was a stark reminder of the ever-present threats that organisations face in the digital world.

Navigating the modern cybersecurity landscape

From efforts to infiltrate corporate networks to identity theft and innocuous-looking spoof emails designed to elicit information or payments from employees, the threat vectors have become ever more diverse.

But the various security experts who addressed the summit were on the same page on one thing – as software, networks and operating systems become more secure, hackers and e-criminals are increasingly turning to social engineering to achieve their dubious aims.

People have always been the weak link in cybersecurity, but as many of the obvious backdoors and exploits are plugged, exploiting human behaviour is increasingly central to the hacker’s craft.

Good security hygiene is the only answer to that. No matter how much we hear about the threat of phishing attacks, at least some people will still click on links or open attachments they think are legitimate. It is just human nature to choose a password that is easy to remember and therefore, easy to crack.

The zero-trust environment

There was a lot of talk in Wellington last week about the “zero trust” environment. This is an IT security concept increasingly in vogue that assumes that no one is trusted inside or outside of the organisation’s network. Identity verification is required of everyone and access to resources is controlled and regularly reviewed.

That is different to the traditional “castle-and-moat” view of security, which held that everyone on the network was automatically trusted and the focus was on protecting the network perimeter and keeping unauthorised people out. If someone got in, they could run amuck.

The new threat landscape suggests that with more subtle efforts to infiltrate the network by way of the organisation’s own, we need to be more zealous about internal security.

The problem is that this requires a range of policies and technologies to the applied effectively, particularly as data is no longer stored in one place. It may be on the premises and in the cloud and stored on numerous mobile devices.

It became clear in a roundtable discussion at the Cybersecurity Summit that while many IT managers and business leaders are keen to pursue this zero-trust approach to security, many of them are unsure about what they need to go about doing so. How do you implement multi-factor authentication to verify identity and integrate data loss prevention (DLP) software to keep control of sensitive data, tenets of a zero-trust environment? It isn’t always obvious in the context of your existing IT systems.

Licensing is poorly understood

Part of the problem it seems is the complex nature of software licensing. Take Microsoft for example. Many customers are hesitant to invest in E5 licences for Microsoft 365, which brings together Office 365, Windows 10 with enterprise mobility and security capabilities.

That’s because the licences are significantly more expensive than Microsoft’s E3 and F1 Microsoft 365 licences. But what we often see is IT managers opting for a lower tier of Microsoft licence, but continuing to maintain and pay for antivirus, firewall and other security software that is built into the top-level E5 licence.

With an E5 licence, users gain access to identity and access management, threat protection and advanced information protection that isn’t built into the other licences.

There’s lingering confusion about what exactly is included in each Microsoft licence and what it means from a security viewpoint as a company seeks to consolidate its licences and subscriptions and move to more feature-rich Microsoft 365 licences.

Microsoft itself is best placed to close the gap on education when it comes to licensing. But as a Microsoft partner, we too have a role in improving the understanding of Microsoft licensing and the security features, such as Windows Defender, that are available in even entry-level Microsoft products.

Too often we see clients with legacy systems continuing to tick over even as they introduce Microsoft 365 which has all the capability they need when it comes to security.

Good IT security practice

That does nothing for the total cost of ownership (TCO) equation that sits in the IT manager’s spreadsheet. Why pay for duplicated capability when the core system you are running is capable of providing it, allowing you to retire systems and cancel licences?

The key to a more cost-effective way to secure your IT systems is to start the conversation early with a trusted partner. Many organisations are moving to cloud computing systems. The “pre-cloud” discussion in particular needs to canvas existing security requirements and how they will change in the move to the cloud, the technology needed and the licences to get the full functionality required to keep the network and all of its users secure.

At Intergen, we consider this a crucial part of the approach to good IT security practice. The conversation needs to start early, before any digital transformation or even a more routine IT upgrade takes place. What are the implications for security? What are the licensing requirements and what can I switch off as I move to a new platform?

Every day we help clients navigate these issues. Our deep understanding of Microsoft 365 functionality gives us the expertise and capability to help your organisation stay productive and secure.

 

With Microsoft 365, our Modern Workplace offering and the depth of experience Intergen brings to enterprise security, we have you covered. Get in touch to find out how we can help you take a cloud-first approach in a cost-effective way while keeping your data and applications secure.

Posted by: Lisa Haselton, Senior Consultant | 23 October 2019

Tags: Cloud, Cloud Computing, Data, Security


Top Rated Posts

Blog archive

Stay up to date with all insights from the Intergen blog