Wednesday, September 12, 2018

Ion is building Modern Workplaces 5 of 6

Ion is building Modern Workplaces 5 of 6 Cybersecurity


Introduction

By 2021, worldwide cybercrime damage is expected to reach $6 trillion—double what it cost businesses in 2015. As digital transformation sweeps the globe, the imminent threat of cybercrime grows alongside it. As a result, new techniques in cybersecurity must be developed at a growing rate to keep pace.
Digital-first is the new business frontier, and if we want to keep this landscape a safe space to store and share information, we must be able to quickly identify opportunities to bolster security and adapt to evolving threats. Microsoft’s cloud technology offers organizations the tools to advance security, enhance government compliance, improve security education, and enable industry collaboration to shut down new threats. Microsoft is creating a new path toward digital transformation in a secure space.
In this post we discuss the aspect of a Modern Workplace with regards to Cybersecurity.

Cybersecurity

Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyber-attacks.

In a computing context, security comprises cybersecurity and physical security -- both are used by enterprises to protect against unauthorized access to data centers and other computerized systems. Information security, which is designed to maintain the confidentiality, integrity and availability of data, is a subset of cybersecurity.  



Elements of Cybersecurity

Ensuring Cybersecurity requires the coordination of efforts throughout an information system, which includes:


One of the most problematic elements of cybersecurity is the constantly evolving nature of security risks. The traditional approach has been to focus resources on crucial system components and protect against the biggest known threats, which meant leaving components undefended and not protecting systems against less dangerous risks.

To deal with the current environment, advisory organizations are promoting a more proactive and adaptive approach. The National Institute of Standards and Technology (NIST), for example, recently issued updated guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments.

Cybersecurity in the Cloud

Through cloud technologies, IT professionals now have advanced tools at their fingertips that provide real-time visibility into cybersecurity and the ability to proactively thwart threats before they become an issue. As more organizations move to the cloud, management of security risks can occur in real time. This real-time action on cyber threats helps create cost efficiency, and allows for frequent and seamless updates without reconfiguration, giving IT leaders the upper hand in staying compliant with regulatory guidelines.
With cloud-based technology come real solutions in data loss prevention. IT professionals are using the cloud to secure employee data in new and highly effective ways. Through improved cloud encryption capabilities, organizations can better help protect sensitive information – in motion and at rest. Even if cybercriminals are able to breach your network and bypass the first lines of cyber defense, encryption helps keep organizational data from falling into unauthorized hands. Additionally, advanced measures like multi-factor authentication (MFA) and Single Sign-On (SSO) provide additional layers of security by ensuring only those with the proper credentials are able to gain access to information and company platforms. These solutions and innovations in tech security are just the beginning.

Cybersecurity and Enterprise Architecture

The most important thing to understand about Cybersecurity in your Enterprise Architecture is that it is not a singular element you can buy and install...Here is a perspective on Cybersecurity...
Overlapping elements of Cybersecurity


There is a well regarded TOGAF Integrated model called the Sherwood Applied Business Security Architecture (https://sabsa.org/) That can serve as a model for your own Enterprise.


Considering multiple vectors of Cyber Threats and the associated systems to protect from those threats is the essence of any Enterprise Architecture that addresses Cybersecurity.

Security Strategy SABASA Matrix

If you consider the TOGAF Architecture Development Method, the SABASA Model fits perfectly and helps you set your own Requirements.


Security Services spans all Enterprise Architecture

The Ion-Modernworkplace is designed to fit into your Enterprise Architecture from Preliminary through all phases A-H and Enterprise Requirements, to ensure you have covered all the Cybersecurity bases.


Cybersecurity Compliance

In a world where data breaches are daily occurrences and regulatory requirements for protecting data are increasing, it's essential for organizations to choose a cloud service provider that makes every effort to protect customer data. Microsoft is committed to the highest levels of trust, transparency, standards conformance, and regulatory compliance. Our broad suite of cloud products and services are all built from the ground up to address the most rigorous security and privacy demands of our customers.

To help organizations comply with national, regional, and industry-specific requirements governing the collection and use of individuals’ data, Microsoft provides the most comprehensive set of compliance offerings (including certifications and attestations) of any cloud service provider.
Simplify compliance with the Microsoft Common Controls Hub

Microsoft is a leading supporter of Cybersecurity Compliance

Cybersecurity Governance

An organisation’s board is responsible (and accountable to shareholders, regulators and customers) for the framework of standards, processes and activities that, together, secure the organisation against cyber risk.
We are the leading provider of information, books, products and services that help boards develop, implement and maintain a cyber security governance framework. In many cases, this involves deploying one or more cyber security management system standards.
All boards should be aware of the Cyber Threat Landscape and should understand what Advanced Persistent Threats are.
Cyber Governance Health Check is a good starting point for identifying areas in which the board should act to improve its cyber risk management.
IT Governance is unique. Across all the key segments and domains of cyber security, we can usually offer a solution and approach that suits your own organisational budget and culture: we can provide cyber security consultancy services, we can deliver cyber security training (either through a public training course or on-site to a number of your staff), and we also have a comprehensive range of books and tools that will enable you to look after yourself. Whatever your preference, our unique mix of products and services means that we can serve you precisely.
Azure Cybersecurity Compliance

Comprehensive is the best word to use to describe Cybersecurity Compliance from Microsoft Azure Cloud Services.


Compliance across All Microsoft Product lines

For the complete list of Compliance standards Microsoft adheres to go to https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings


Conclusion

It is safe to say that all vendors of IT services and applications are considering their positions with regard to Cybersecurity, your selection of the vendors of your solutions and the managed services provider(s) as well as Subject Matter Experts on Cybersecurity need to be aware of and compliant with all applicable laws, regulations, implementation guidance both local and International.  Ion-Management is such a vendor and we can help you achieve both a cost effective and compliance Modern Workplace.

References

No comments:

Post a Comment