Our Blog

14

Sep

Creating your security roadmap

Securing your organisation’s data and workloads depends on having a clear, comprehensive view of your current security posture as well as any gaps that need to be filled – your roadmap.

Putting security at the heart of your business strategy can help you win and maintain the trust of your customers, partners, regulators, and other stakeholders.

Putting security at the heart of your business strategy can help you win and maintain the trust of your customers, partners, regulators, and other stakeholders. It’s therefore important to have an integrated cybersecurity vision that brings together the various functions and dependencies within the organisation and with external key stakeholders and third-party suppliers.

It’s not just about security tools

Having the right technology in place is crucial and fundamental to any security approach. However, many technology vendors overlook to strategic importance of creating a culture of security.

Too often, human error is responsible for costly cyberattacks. In fact, research suggests that human error is the number one cause of breaches and is responsible for up to 90 per cent of breaches.

Often, people within an organisation are aware of cyber risks but either don’t know what to do about it or aren’t empowered to act. This challenge can be overcome with a consistent, comprehensive approach to staff education whereby all staff members are made aware of the risks and their role in keeping the organisation protected. This education is just as important for C-level executives as it is for admin staff, so everyone in the business should be included.

Immediate next steps

Once you’ve completed a security assessment, Empired can help you develop a roadmap that takes you from where you are today to a more secure organisation.

The roadmap that Empired develops with you will start with your recommended immediate next steps. These are the things you should implement in your business straight away to plug the gaps that pose the highest risk to your business.

This can include deploying Microsoft Azure Advanced Threat Protection (ATP) to domain controllers and Windows desktops, laptops, and servers, as well as deploying Microsoft Cloud Apps Security to track and monitor shadow IT usage.

Furthermore, keeping apps and devices updated and patched is one of the simplest and easiest ways to protect against threats but many organisations neglect this area. Therefore, determining the current patching level and remediating it as quickly as possible is likely to be a key step for most organisations.

There will likely be other areas that organisations should focus on to improve security; these will be unique to your business and its current posture.

Prioritising your investment

The key is to identify which areas need attention and investment, and to create a pathway to achieving these goals. Businesses should view security as a staircase that they can climb, step by step, to reduce their risk profile.

The starting point for organisations with a high-risk profile is the basic security and compliance controls that sit within Microsoft 365. This includes Windows Defender antivirus, malware and spyware detection and removal, data encryption and multifactor authentication. Enabling, deploying, and updating these features is crucial and doesn’t have to require a financial investment.

From there, organisations can move to advanced threat protection (APT) along with identity, information, and device protection functionality available in EMS E3 and Office 365 E3. The next step is proactive attack prevention through Microsoft 365 Enterprise E3, with add-on tools including Windows Defender (WD)-ATP, advanced compliance, threat intelligence, and more.

The final step, and the gold standard in advanced compliance and proactive attack prevention and detection, is Microsoft 365 Enterprise E5 with Azure Trust Centre, Microsoft Dynamics 365, OMS, SQL-E, and Windows Server-E.

Empired works closely with our clients to determine which security level and combination of tools is right for them, based on their risk profile, their budget, and their existing investment in security tools. In many cases, organisations can achieve a significant uptick in their security capabilities just by leveraging existing investments.

We can help you address problems that include:

  • security
  • identity
  • phishing
  • shadow IT
  • reporting
  • advanced threat protection
  • threat intelligence.

Need help? Talk to us 

This is part of the Security Readiness series, discussing how cloud computing is transforming the way that organisations deliver business solutions to their workforce. To find out more, talk to us.

Posted by: Jaen Snyman, National Business Manager Cloud Design and Integration | 14 September 2018

Tags: Security, Security Readiness, Threat landscape


Top Rated Posts

Blog archive

Stay up to date with all insights from the Empired blog