Author Archives: Sydney Pujadas

Just a year ago, the U.S. Security and Exchange Commission (SEC) adopted rules requiring registrants to provide annual enhanced and standardized disclosures regarding “cybersecurity risk management, strategy, governance, and incidents.” This ruling aims to bring greater transparency and accountability to how public companies handle cybersecurity threats, which have become increasingly sophisticated and prevalent. The consistency and transparency dictated by this ruling benefit investors, the company itself, and the greater market connecting them.

As we are coming up on the ruling’s first anniversary, it’s important to reflect on its impact throughout cybersecurity and governance.

The Impact of the SEC Cybersecurity Disclosure Rules

The SEC’s transparency ruling, effective July 26, 2023, marked a significant shift in the regulatory landscape for public companies. The rules mandate that registrants must have a comprehensive understanding of their position within the threat landscape. Specifically, companies are required to manage their cybersecurity risk through well-defined policies and procedures that identify and address cybersecurity threats. They must also develop and implement a cybersecurity strategy that integrates cybersecurity considerations into their overall business strategy, financial planning, and capital allocation.

Governance is a top priority under this ruling, as companies must disclose information about their board’s oversight of cybersecurity risk, including the expertise of their board members and their roles in managing these risks. Finally, companies are required to provide a timely and accurate disclosure of any cybersecurity incidents, detailing their impact on the company’s operations and financial performance.

Over the past year, these requirements have prompted companies to re-evaluate and enhance their cybersecurity frameworks, ensuring that they are robust, effective, compliant, and transparent to stakeholders.

The Challenges of the Ruling

While the SEC’s ruling is a significant step forward in protecting investors and the broader market from cyber risks, compliance and continuous transparency can be challenging due to the many moving parts involved. Registrants must maintain ongoing vigilance, continuously monitoring and updating their cybersecurity practices to stay ahead of evolving threats.

How Thrive Helps Businesses Stay Compliant Under SEC Demands

At Thrive, we understand the intricacies of regulatory compliance under the demands of the SEC. Our mission is to empower businesses to excel in these conditions. With Thrive by your side, you will have 24x7x365 access to:

• Managed Cybersecurity Solutions: Our comprehensive cybersecurity suite is an all-encompassing set of solutions designed to help businesses identify vulnerabilities and swiftly implement effective risk management strategies.
• Incident Response and Reporting: In the event of a cybersecurity incident, Thrive provides Incident Response and Remediation Services to mitigate damage and support recovery in the face of unexpected disasters, enabling you to promptly disclose the incident and ensure that you meet regulatory requirements while maintaining stakeholder trust.
• Consulting Services: It’s important to have the team and expertise in place to stay in line with extensive regulations. Thrive addresses any gaps that may exist in your organization by providing a variety of expert professional and consultative services. Long story short, Thrive has your back.
• Compliance Regulation: Our goal is to help you meet the stringent requirements set forth by the SEC while ensuring that your risk management framework is both comprehensive and compliant.

Looking Ahead

As we look back on the first year of the SEC’s cybersecurity disclosure rules, it’s clear that public companies are now made more accountable for their cybersecurity practices and are required to be transparent about their efforts to protect themselves and their stakeholders.

At Thrive, we are committed to helping businesses navigate this new chapter of cybersecurity regulations. Our comprehensive suite of managed services ensure that your organization will comply with the SEC’s requirements while also building a resilient and secure foundation for the future.

Let Thrive be your partner in cybersecurity excellence. Contact us today to learn more about how we can help your business succeed in the face of the SEC’s evolving regulations.

As you may remember from our first blog post on strengthening financial IT resilience, the Digital Operational Resilience Act (DORA) was enacted on January 16, 2023, and will be enforced soon, with supervision starting January 17, 2025.

“That’s a big step towards ensuring that there is resilience in the system. It’s not about crimes, it’s about resilience,”said José Manuel Campa, Chairperson of the European Banking Authority, one of three EU institutions behind DORA. The regulation aims to ensure the IT resilience and security of any financial entity (FE) in Europe and their ICT providers, including banks, crypto, insurance, and investment firms, even during severe operational impacts like denial of service (DDoS) cyber-attacks and ransomware.

Today, a big challenge for the European Supervisory Authorities (ESAs) in the EU is to put together their own team for overseeing DORA.

On April 10, 2024, the ESAs launched their first recruitments to set up a DORA joint oversight team. This announcement came as part of the establishment of a fully integrated team within the 3 ESAs to carry out the oversight of critical third-party providers (CTPPs) required by DORA.
The joint oversight team includes a Director, Legal Experts and ICT Risk Experts.
The EU has set up numerous consultations with FEs in Europe and conducted dry runs with a list of financial markets participants, such as very well-known banks in each EU member state and outside entities that do business in the EU. Much like GDPR’s scope, DORA is not limited to those based in the EU but applies to any companies working with EU FEs.

As DORA nears its enforcement date, the focus has been on the third-party risk management process and expectations. The feedback is contained in very detailed spreadsheet entries:

• Responses to public consultations on DORA.xlsx
• Responses to public consultations on DORA 1st batch.xlsx 
• ESAs published second batch of policy products under DORA | European Banking Authority

It is worth noting that the FCA (Financial Conduct Authority) in the UK also has operational resilience regulations coming into force in March 2025, and NIS2 requirements come into effect for all businesses in October 2024. In the US, the SEC is also mandating rules that focus on technology management and compliance expectations, especially around incident management and the definitions of severity, response and more. DORA also focuses on these points – for example, DORA introduces consistent requirements for FEs on management, classification, and reporting of ICT-related incidents.

DORA also details primary and secondary criteria for these incidents, and when they should be considered major incidents, with suitable thresholds. These include the percentage of FE clients impacted and the associated financial value of the impact. If they cannot be easily determined, estimates based on available data are acceptable.

Duration of the event (longer than 24 hours) and ICT service downtime (more than 2 hours) is another factor in classifying an incident as a major event.

One of the more challenging requirements, is that DORA states that all FEs are required to maintain and update a Register of Information (ROI) in relation to all contractual arrangements on the use of ICT services provided by ICT Third-Party Service Providers (ICT TPPs).

This is a complex document as shown from EU documentation below. Not least because most contracts may need to be re-written to accommodate DORA requirements, not least numbering each service for identification purposes, and highlight any critical service therein.

In May 2024, the EU organised a voluntary exercise for the collection of the registers of information (see above) of contractual arrangements on the use of ICT third-party service providers by the financial entities. Under DORA and starting from 2025, financial entities will have to maintain registers of information regarding their use of ICT third-party providers. In this dry run exercise, this information was collected from financial entities through their competent authorities, as preparation for the implementation and reporting of registers of information under DORA.

DORA Title II provides further harmonisation of ICT risk management tools, methods, processes and policies, as shown below. This categorization and harmonisation is aligned with ISO 27001 as we shall examine in part 3, when we look at various ways to achieve DORA compliance.

DORA Title II: Further harmonisation of ICT risk management tools, methods, processes and policies (Article 15)

The most recent big date in the DORA calendar was July 17, 2024. It is when the EU released its latest analysis of expectations and obligations for DORA, in terms of the EU systemic cyber incident coordination framework (EU-SCICF), kickstarting the process of how cyber incidents should be mitigated, with relevant DORA requirements met and reasonably achieved.

The EU’s ESAs have also recently been processing the most recent public consultation, with a view to determining further Regulatory Technical Standards (RTS), not all of which are information technology related, but technical in a business sense. Many are extensions of existing regulatory technical details, and as such, have built on lessons learned from earlier legislation.

Looking to the Future

The guidelines have already been adopted by the Boards of Supervisors of the three ESAs. The final draft technical standards have been submitted to the European Commission, which will now start working on their review with the objective to adopt these policy products in the coming months.
Many lessons have been learnt and challenges raised, where the EU believes that requirements are reasonable, but the industry may have other views, based on the cost of doing business to meet such requirements, and other considerations. It is not inconceivable that some FEs or ICT third parties will look to reduce or cease business in the EU, if the DORA requirements are overly onerous, as happened for previous regulatory legislation, for example, following the 2008 banking crisis.

In simpler terms, DORA ensures that financial institutions and technology partners are well-prepared to effectively handle disruptions and cyber risks.

It’s all about making sure our FEs stay strong and resilient!

Thrive has a crucial role in bolstering our client’s operational resilience through our own operationally resilient platform and business, reducing dependency on single systems, teams, or procedures, and enhancing risk management in the financial sector in alignment with DORA’s objectives. Contact Thrive today to learn more about how we can further support your organisation’s DORA compliance requirements.

As businesses grow and technology continues to make advancements, managing your IT stack can become convoluted and lead to overlap or blind spots. Maximizing the efficiency of your cybersecurity tools may require you to reevaluate the software solutions you have, prioritize those with the most impact on your security posture, and consolidate your systems where it makes sense. Simplifying your IT stack can be a helpful strategy for increasing business agility and reducing unnecessary costs. A streamlined cybersecurity system minimizes redundancy, reducing the likelihood of errors while also making it easier to implement across your organization.

“The average organization works with 10 to 15 security vendors and 60 to 70 security tools”

Know Your Security Goals

The first step in consolidating your IT stack is understanding what your security goals are as an organization. Determining which aspects of your cybersecurity posture need to be prioritized and which may be redundant or outdated can help your organization formulate a game plan for consolidation.

There are several factors you need to consider when determining your security program goals. Organizations need to consider their business risks and compliance requirements to select must-have security controls. However, these controls need to be implemented with the lowest total cost of ownership by weighing different metrics, such as cost of tools used, time dedicated towards maintenance, and your team’s ability to keep up with critical IT functions like identifying and managing data breaches. Another way you can determine what aspects of your IT stack you should prioritize is by conducting a cybersecurity risk assessment, which will give you a better understanding of your IT vulnerabilities and potential gaps in your security controls.

Mindful Security Consolidation

Consolidating your organization’s IT stack may seem contradictory to the growing corporate budgets towards cybersecurity. In fact, “CIOs expect [cybersecurity budgets] to grow: 80% of respondents to the 2024 Gartner CIO and Technology Executive Survey said their funding for cybersecurity will increase in 2024 compared to 2023”. A larger budget doesn’t mean that your IT stack should necessarily grow to use more and more tools. Having a meaningful consolidation plan will help better streamline your business processes while achieving your security goals.

“Consolidation projects should aim to improve risk posture for the organization, by simplifying it”

Taking a look at what vendors and tools your organization currently uses and deciding which vendors are the best for your security strategy and if there are any products they offer that address your security needs that you can consolidate from other less strategic vendors can help streamline your business processes. Additionally, identifying your organization’s “must-have” products can help you determine which platforms you should be allocating your cybersecurity budget towards.

Evaluate and Plan

Evaluating your IT stack, consolidating components, and planning ahead are critical steps for maintaining a competitive edge. By assessing your current IT infrastructure, you can identify inefficiencies and areas for improvement. Consolidating tools and platforms not only streamlines operations but also enhances security and can reduce costs. Planning ahead can ensure that your cybersecurity program remains agile and capable of adapting to future advancements, positioning your organization to leverage new technologies and innovations effectively. Working with a managed service provider, like Thrive can help you evaluate and consolidate your infrastructure, while still achieving your business goals.

To learn more about a framework for cybersecurity consolidation, read the Gartner report, Simplify Cybersecurity With a Platform Consolidation Framework.

Contact Thrive today to learn more about how you can streamline your security plan and stay ahead.

For those of us with enough gray hair to remember back that far, it is reasonable to compare the explosive growth of Web1.0 and the proliferation of the Internet in the 1990s, to that witnessed presently in cybersecurity. In both eras, stressed-out, harried leaders and their teams were asked to perform miracle after miracle, to learn and deliver at unprecedented, unsustainable rates, and to always do so without error and all too often without a clear vision or plan. Sadly, we failed to learn from that past and now seem condemned to repeat it, this time in the context of information security.

Things are vastly more complicated today. Thanks to speed-of-light news cycles carrying a daily deluge of ransomware horrors and stories about massive information security breaches, we have a convergence of justified concern and irrational hype. The result is a contagion that infects boardrooms and C-suites, and ultimately trickles down to already overworked and understaffed information security or technology organizations who are directed to defend against the raging, malevolent cybercriminal hoards at the gates. That unfortunately has become business as usual in many organizations.

Information security leadership’s caffeine and adrenaline-addled responses often lack adequate forethought or planning, all in an attempt to satisfy bosses, customers, and frankly, to just silence the din. In the process, nerves are further frazzled, relationships are tested and when all is said and done, the organization is only marginally more secure than before the bedlam ensued. It is here that the lesson of the “Tortoise and The Hare” can be applied.

Remember Aesop’s fable? The one where the rabbit mocked the turtle for being so slow and challenged him to a footrace. Off the rabbit charged to a quick lead and assured victory, only to pause for a nap while the turtle trundled along slowly and methodically behind him, ultimately passing the napping hare and winning the race. The moral of the story being that the race is not always to the swift. In the context of information security, it is during the most stressful scenarios that an effective leader is the one who wisely “goes slow to go fast.”

This is not an easy skill to develop and often is counter to our instincts to be ultra-responsive to minimize damage, move projects along, and be accommodating to bosses, customers, and stakeholders. That said, the notion that “speed wins” in the realm of cybersecurity, is a false premise. The benefits of an intelligently paced and reasonable approach to information security and incidents are numerous:

• Smarter, better-designed solutions to complex problems
• Reduced costs
• Lower likelihood of mistakes
• Increased team morale and engagement
• More satisfied stakeholders

The information security threats our organizations face are real, as are the losses in revenue and reputation that can accompany them. So, too are the pressures organizations face from stakeholders to respond aggressively, perhaps even hyperactively, to new security technology, projects, or threats that present themselves. Truthfully, there may be situations – likely involving a crisis, where an immediate, gut instinct response may be warranted and the proper course of action, but running an information security program or team effectively in the long term, requires a more sustainable and reasoned approach.

Even during a crisis, taking a few moments to gather the facts, bring together the right people, and methodically and unemotionally assess and respond to the situation, is the responsible and smarter course of action.It is at these moments that organizations must push back on those yelling the loudest and resist the urge to respond impulsively. Take that deep breath, filter through the “facts” and invest in at least a modicum of planning before responding to business-as-usual security requests and projects or incidents.

Replace speed-of-light, with speed-of-right.

By responding too quickly, your organization may play right into the hands of cybercriminals who excel at exploiting human nature and security professionals’ innate eagerness to help and artificially elevating the sense of urgency with which organizations feel compelled to respond. In all things information security, it is imperative that we go slow to go fast.

Having a cybersecurity plan in place can help mitigate the panic-fueled impulses your team may get when disaster strikes. Working with a managed services provider, like Thrive, to evaluate your current IT stack and identify potential weak points, can help you bolster your cybersecurity posture. This will help reduce your organization’s downtime and increase its productivity due to mitigated interruptions. Contact Thrive today to learn more about how you can plan ahead and win the race!

Thrive’s Microsoft 365 Learning and Adoption service, can help you optimize your organization’s investment in Microsoft 365. Thrive’s Managed Microsoft 365 Platform Services offers a holistic approach to implementing and adopting Microsoft 365 technologies by combining strategy, development, support, and now, end-user Learning and Adoption services so you can realize the maximum investment in your subscriptions.

Learning and Adoption services include the following:

• Advisory service to assist with developing an adoption plan for your organization
• A Learning Management System (LMS) to serve as the platform to drive adoption in your organization
• Analytics pulled directly from the Microsoft 365 Graph about feature usage and adoption metrics
• Live instructor-led trainings, Q&A sessions, webinars, and recorded short-form content delivered directly to your end-users
• “Right in time” content for when users need help in the moment

Empower Your Microsoft 365 End-Users

Embracing new technology is critical for organizational success. By adopting technology like Microsoft 365, organizations can better streamline their operations, enhance efficiency, and stay competitive in their industry.

But with any user-based solution like Microsoft 365, ensuring successful end-user learning and adoption is crucial for optimizing and driving awareness of critical software features. Accelerating and tracking the adoption of new technologies in your organization will allow for higher productivity and the ability to get new employees started off on the right foot. Having cloud-based learning management in place allows your organization to manage your corporate learning and be able to roll out new technology and monitor its adoption all from one platform.

Learning Management System Highlights

Like with any learning technology, an LMS is only as effective as the content it provides to its end-users and how it’s delivered to them. When implemented properly, there are many benefits to using a modern LMS platform like Thrive’s to create the ideal learning experience:

• Short courses to keep user attention
• Live-moderated webinars
• Automated communications
• Ability to upload and customize content
• LMS application for Microsoft Teams

No matter what industry your organization is in, driving Microsoft 365 adoption through Thrive’s Learning and Adoption service can improve your business’s processes and productivity, and ultimately help achieve your business goals. Utilizing the Thrive’s LMS and Learning and Adoption services allows you to:

• Develop Tailored Content: You can create different skill paths that relate directly to each end-user and the way they work
• Provide Proactive Communication: You can write and schedule automated messages that simplify and scale communications across your organization
• Create Customized Experiences: You have the ability to create different interactive experiences, such as integrated user polls, executive sponsor videos, and more!
• Analyze Graph Data Integration: You can see real-time data reporting on the LMS platform via integration with the Microsoft Graph API
• Content Updates: You can use evergreen content that reflects the latest updates from Microsoft

Contact Thrive today to learn more about how we can provide consulting and best practices around utilizing Learning and Adoption services and improve adoption of Microsoft 365 technology in your organization.

Staying current with the latest technology trends and industry regulations requires your organization to remain flexible and agile to changes. Ensuring that your organization’s cybersecurity is in good standing can help mitigate potential threats and reduce risk while remaining in compliance with regulatory bodies. Being prepared can also help your business stay on top of its goals and allow for better scalability and increased performance. Knowing where there are gaps in your IT stack can also help you make the right decision on partnering with a managed service provider to bolster your security posture.

When determining the current state of your organization’s technology infrastructure and security posture, you’ll want to look at the following cybersecurity metrics and key performance indicators (KPIs):

• How slow is your network? Slow performance can include frequent crashes, unresponsive or lagging software, long loading times, slow data processing, or slow data transferring times. If you’ve flagged any of these as an issue, you’re likely experiencing decreased productivity and frustration from employees – and ultimately – your customers.
• How old is your hardware? Legacy servers, workstations, and networking equipment can be incredibly inviting to hackers, making your business more vulnerable to data breaches. Determining how often the devices on your network are updated can help you figure out the percentage of devices that are compliant. If hardware or software is no longer supported, it’s time to look for new options.
• How quickly are you deploying patches? Studies have found high percentages of data breaches, and ransomware stem from exploits of known but unpatched vulnerabilities. Make sure you are deploying the latest updates and patches needed to stay in compliance and stay protected. If the average company takes around 3 months to patch a critical vulnerability, being more responsive makes you less of a target.
• Are there unidentified devices on your internal network? Any unidentified devices, such as Internet of Things (IoT) devices or employees’ personal devices can create an entry point for bad actors to infiltrate your environment.
• How many breach attempts have you had? Documenting the number of intrusion attempts can help provide insight into how frequent the breach attempts are and identify any patterns or common sources of entry that cyber attackers are using to attempt to gain entry into your network.
• What is your Mean Time Between Failures (MTBF)? Knowing your MTBF allows you to assess the durability and reliability of your IT stack. MTBF calculates the average time interval between two successive component or system failures.
• What is your Mean Time to Detect (MTTD) and Mean Time To Acknowledge (MTTA)? The MTTD metric determines the average time it takes for your organization to detect a potential security breach. It’s important to know how vigilant your security system is and how responsive the IT stack you have in place is should an attack occur. Your MTTA is the average time between when your organization has detected an incident and the time it takes to formally log the incident. This key metric can help you determine your organization’s readiness and ability to combat security threats.
• How many of your employees have received cybersecurity awareness training? Do you require your employees to regularly take training modules, spanning from entry-level employees to the C-suite? Maintaining good documentation for your employees to reference can help with audits and post-incident analysis. Additionally, having KPIs for cybersecurity training, such as knowledge improvement, employee behavior change, and employee engagement rates, can provide valuable insights for your organization and identify any areas that need improvement for your organization to be successful.
• Do you have a security rating? Getting an official cybersecurity risk assessment score can help you determine whether or not there are significant gaps in your infrastructure or overall cyber strategy that need to be addressed.

How Thrive Can Help

Knowing the current state of your organization’s cybersecurity posture can feel overwhelming, but analyzing key cybersecurity metrics can help identify potential issues quickly. Partnering with a Managed Service Provider like Thrive that evaluates your IT stack and builds a plan to address gaps is how many mid-market and SMB companies ensure their organization’s business goals are achievable while safeguarding their data. Contact Thrive today to learn how we can help you avoid being a statistic.

While the importance and value of service should not be understated as a common theme in technology outsourcing, the quality of that service will be significantly enhanced by the service provider’s knowledge of your industry and your people. The commoditized element of technology outsourcing is largely associated with leading Cloud providers, such as Microsoft, Amazon, and Google, and any product or service derived from their portfolio. There are, however, technology products and tools specific to industries that need to be provided on top of such general user collaboration technology.

Know Your Product.

Using the financial services industry as an example, it is important for outsourced IT providers to know about the different products used in different industries. Whether you operate on the buy/sell side and actively operate within the markets, or whether you’re a private equity firm working on deals and acquisition opportunities at any time of day and in any location, there are lots of different requirements that your managed IT provider needs to be aware of to continue to add value to their services. Portfolio and order management systems are widely used by firms and managers to track their positions. Many of these systems have inter-application dependencies on applications like Excel, and many of them have 3rd party data requirements in order to populate spreadsheets and models with live data.

Knowing the ins and outs of an industry’s primary product is key for a managed IT provider to offer high-quality support to customers. Whilemany of the products used in the financial industry are often SaaS-derived, some of them still run on-premise. Depending on the execution strategy, the requirement on speed and performance might be absolute, and so along with product information, come back-end infrastructure requirements. IT providers may need to run such applications in a private Cloud, requiring additional expertise, such as database administrators (DBAs), server and infrastructure professionals, and market data professionals, who are used to handling and provisioning market data and market identifiers along with all associated dependencies. While many of these skills are niche, they might not be commonly known throughout 1st and 2nd line support teams, and so, with time to market of paramount importance to such customers, it is imperative that issues associated with financial services products find their way to the relevant support professional in a timely manner.

Know Your Audience.

Knowing the individuals on the other end of the telephone in addition to the restraints and or obligations they are placed under, is also a key requirement when adding value to the financial services industry as an outsourced managed IT provider. Customers might be working in financial markets and therefore, understanding the instruments and markets they work in are important when offering support. If a deal maker is in a different country and happens to call into a help desk at 01:00 in the morning regional time, they want the same level of service as if it is the middle of the day. Anything less might impact the very deal they are about to close.

As a global financial technology service provider, Thrive has deep knowledge of all financial regulators such as the FCA, SEC, MAS, HKMA, and so on. Thrive also understands the governing body and regulator requirements as they relate to risk and security, not to mention the more general regional requirements as they relate to National Security and the European Union. For example, the SEC has been leading the way with regard to cybersecurity obligations for some time. The requirements the SEC imposes as a result of its cybersecurity risk management for investment advisors, registered investment companies, and business development companies, may differ widely from the same or similar FCA requirement. Beyond the requirements of financial regulators and governing bodies, additional regulations such as DORA, MIFID II, and GDPR, are also enforced by regional jurisdiction authorities such as the European Union, and so service isn’t a binary function between an end user and a help desk operative. It extends to the broader relationship where managed IT service providers utilize expert account managers with specific industry knowledge to advise their customer points of contact and decision makers in the non-technology aspects of their technology function as it relates to governance and control.

Know Thrive.

Working with an outsourced managed IT service provider who knows how your business operates and understands how your employees work and when they work is crucial to a successful partnership. With Thrive, your organization will be taken care of. Thrive’s experts can address any business concerns and are available to your team 24×7. Contact Thrive today to learn more about how we can work with you to help you achieve your business goals, no matter the industry.

The role of outsourced IT service providers has changed somewhat since Thrive’s founding back in 2000. While at the macro level, the function of outsourcing remains, the complexities and value of the delivery model have evolved. This is especially true for technology outsourcing.

Not so long ago, the status quo for providing technology services to users would have looked something like this: a comms room within your physical place of work housing a top-to-bottom technology stack, typically comprised of complex networking, storage, and compute devices. This room would usually provide the backbone, applications, and data that is delivered directly to the user devices and workstations in that same physical place of work. This comms room would normally be replicated in its entirety to an offsite location, most commonly a data centre for continuity of service, and it would all be supported and managed by any combination of In-House Infrastructure, Development, and Support professionals. The entire ecosystem would come at a heavy cost both financially, and as a time and management burden.

One of the first major shifts in recent times came with the upheaval of this logical set-up, often referred to as “on-prem”, with a switch to removing the on-site comms room and shifting to an entirely Data Center-derived solution – what we know now as “private Cloud” or “co-lo”, depending on the set-type. This first major change removed the dependency on the physical place of work to host enterprise systems and data, made applications more readily available, and reduced proximity risk as it related to infrastructure and the physical place of work.

The second major shift derived from the global expansion and adoption of public Cloud and SaaS services. Until that point, technology outsourcing was very different. You most likely needed a data centre or two, you would have needed significant capital to invest in order to populate that data centre with technology hardware and circuits, and you would have needed significant expertise on staff in order to manage and support it.

The evolution of public Cloud and SaaS services has completely commoditized that same environment and while there are of course exceptions to this rule based on the type of services required, a service provider no longer requires a data centre or significant capital, and has a more linear and consolidated requirement for skills and expertise.

The internal team of professionals that would typically be on the company payroll has also moved to an outsourced function of the service provider, often rendering the entire technology function for all non-proprietary services a cost allocation that makes up part of an outsourced services budget. While this presents several other discussion and risk factors for debate, in the eyes of the customer it has been transformational. There are many more credible providers now available in the market and because they are all ultimately now selling a commodity, the choice for a customer is often a very simple one.

As complex as technology outsourcers like to think they are – and regardless of the value proposition they put to the market – the customer now bases their decision on two very simple factors:cost and service.

Although the former is of merit, it is the latter that holds the most value, as 5-star service would naturally command a higher cost than something suboptimal. While technology and all of the moving parts associated with complex networking, storage, server, and database estates used to be the value proposition (and it should be noted, is still the “behind the scenes” backbone of all public Cloud services), the shift to people, relationships, engagement, and service is now what sets providers apart. Customers are less concerned with the technology and far more concerned with the service and the people behind it.

Choosing your outsourced IT provider requires due diligence. Looking closely at a firm’s people, service, and processes is paramount to a successful partnership. Important things to look for in an ideal outsourced IT provider are:

• The speed in which matters are handled
• The manner in which incidents are handled,
• Familiarity with your industry’s needs, ideal tech stack, and users
• The overall professionalism of the team
• How the service provider manages talent acquisition and talent development
• How available your dedicated team is at a moment’s notice

You can buy the same commodity from a vast number of providers, but you choose to do business with your providers because of how they deliver, support, and manage it. With Thrive, you can feel empowered about your choice of outsourced IT provider. Partnering with us ensures that your business needs are understood and met with expert-driven recommendations. Additionally, Thrive provides 24×7 access to a dedicated team of experts that can help you meet your business goals and stay agile to potential threats. Contact Thrive today to learn more about how we can help your business, today.

As remote work continues to surge in popularity, it’s more important than ever to ensure that your team is communicating effectively and efficiently. There are a myriad of options to choose from making it seem like a daunting task to pick the best – and most secure – communication platform for your organization. Beyond the challenges of staying in sync virtually, making sure that sensitive information being shared across channels stays secure requires a robust IT infrastructure.

The Microsoft Teams app has become a fundamental tool for collaboration, integrating chat, meetings, and business functionalities seamlessly. Using Microsoft’s integrated phone services and calling plans can transform your communications infrastructure into an all-encompassing, efficient hub.

Benefits of Unifying Your Communications with Microsoft Teams Phone:

Centralized Communications System

• One-stop Communication Solution: Integrating phone services transforms Microsoft Teams from a basic collaboration tool into a unified communication system. Manage voice, video calls, and chats all within one platform—reducing the need to switch between apps and thereby boosting productivity.
• Expand Global and Local Reach: Enable your team to make and receive calls with local phone numbers through Microsoft Teams Voice, regardless of geographical location. This feature not only ensures a consistent local presence but also helps to establish a global reach without the complexities of traditional phone systems.

Cost-Effective Communication

• Significant Cost Reduction: Merging your telephony with Microsoft Teams can lead to substantial savings. Traditional public switched telephone network (PSTN) systems are expensive compared to the VoIP services that Microsoft Teams uses, which reduces call costs, especially for international communications.
• Simplified IT Management: Unifying your communication tools into the Microsoft Teams client minimizes IT complexity. This integration facilitates easier management, maintenance, and secures your communications under one platform, ultimately cutting down on IT costs.
  Boosted Productivity and Collaboration
• Seamless Office 365 Integration: Microsoft Teams Phone services are intricately linked with Office 365 applications. This integration allows for effortless access to emails, contacts, and calendars, streamlining workflows and enhancing decision-making processes.
  Accessibility and Availability – Features such as voicemail, call forwarding, and caller ID are accessible worldwide. This availability ensures that team members are reachable anytime and anywhere, enhancing responsiveness and connectivity.

Enhanced Customer Interactions

• Direct Client Engagement: Integrated calling in Microsoft Teams facilitates direct and immediate communication with clients, providing a personalized touch. Easy access to previous interaction histories offers valuable context during follow-ups, improving customer service outcomes.
• Call Center Features: Utilize advanced features like call queues, auto-attendants, and conference calls to handle customer inquiries professionally. These capabilities are essential for maintaining high customer service standards and ensuring client satisfaction.

Taking your communications to the next level is made easy by partnering with Thrive. Our managed IT service experts will work directly with your IT team to set up and manage Microsoft 365 Platform services, so that your team can communicate and work seamlessly across a secure platform. Unifying your communications will also increase organizational productivity and customer service capabilities. Businesses looking to refine their communication systems will find Microsoft Teams with integrated phone services an invaluable solution. Contact Thrive today to learn more about this advanced communication platform and propel your business to new heights of efficiency and connectivity.

Cyber attacks are becoming increasingly frequent and more complex, so it’s vital to be proactive and lower the odds of a successful breach. That’s why Thrive now offers a Dark Web Monitoring service. By spotting company and personal data as well as employee credentials out in the wild sooner, Thrive gives your organization the ability to respond before they are leveraged by cyber criminals. The service can also protect your brand by detecting doppelgänger domains that imitate your own.

What Is Dark Web Monitoring?

Dark web monitoring involves monitoring and analyzing the content of the dark web, a part of the internet that is not indexed by traditional search engines and is often associated with illegal activities. It aims to identify any mentions of sensitive information, such as personal data or company credentials, that may have been compromised and are being traded or sold on these hidden online platforms. This surveillance can also pick up on threat actors discussing future attacks against specific domains or IP addresses.

What Is Domain Threat Detection?

Besides tracking dark web activity related to your business, Thrive’s services include domain threat detection. Domain threat detection focuses on monitoring domain names and their associated infrastructure for potential security threats. Look-a-like domains that use transposed letters or a different extension could be used for phishing attacks, malware distribution, or brand impersonation. Thrive helps organizations identify and mitigate risks related to their online presence, protecting both their reputation and the security of their employees, partners and customers.

How Can Dark Web and Domain Threat Monitoring Prevent a Successful Cyber Attack?

With dark web and domain threat monitoring, Thrive is able to help organizations identify and expose any compromised domain names or sensitive data that may have been leaked into the dark web, ready for bad actors to purchase and use against your organization. Any sensitive data is susceptible to breach, such as social security numbers, passwords, credit card numbers, etc. With Thrive, we ensure that all sensitive data related to your organization and its employees are kept safe and are closely monitored.

One common method of launching a cyber attack or phishing campaign is called typosquatting, which is when a cyber criminal registers a domain that is very similar to a legitimate domain to trick users who are not paying close attention. With knowledge about these doppelgänger domains, organizations can warn their stakeholders and engage their legal team to take down the domain.

Another attack vector is a compromised login credential. Employees often reuse credentials at multiple websites or applications, so if the account is compromised as part of a breach (even one that seems insignificant), attackers will attempt to use the same credentials on other common websites. To help mitigate a breach due to an employee’s credentials being compromised, requiring multi-factor authentication (MFA) or other stringent login requirements, such as regular password updates, can reduce your risk of exposure. Should a breach occur, Thrive will notify your organization which account and password has been compromised, so that any other accounts using the same password can be updated.

How Thrive Can Help

With Thrive, you will have an expert team dedicated to keeping your organization proactively protected. Through our dark web and domain threat detection services, we are able to help close doors before attacks even try to open them. Contact Thrive today to learn more about Dark Web Monitoring.