In Part Two of our series, we explore why IT teams must prepare for employees’ return to the office, and how to ensure they can continue to work safely from any location.
Over the last year, companies and employees have adjusted to a changing work landscape. As many transitioned from the office to a remote work setup, it presented challenges for organizations everywhere. Now, as more and more workers return to the office, IT teams must be prepared to take the steps to protect every employee and every device.
The pandemic moved workers from the corporate network to the great unknown of unsecured home networks, which presents issues for employees returning to the office. Is your IT team prepared for employees to return to the office in a full-time or hybrid role, while continuing to support the needs of those working remotely?
It’s important that IT security strategies evolve and change. The return to the office will be less rushed than the quick shift to remote work, but attention must be given to this latest pivot.
Preparing for the Return to the Office
Many employees have been away from their office for over a year. If their devices haven’t been properly maintained, it can lead to security concerns upon the return to the office. IT teams may have adjusted to allow employees to log in via Virtual Private Network (VPN), so work could be completed from just about anywhere.
As employees return to the office, every device on the corporate network must have the latest patches and updates. This includes not just the laptops that may have been in use during this time, but also the routers, printers, and other devices left behind in the office that were powered off for the last year. A health check can promote network security, and ensure the IT staff has the opportunity to certify every device and update it with the latest hardware, software, and antivirus protection.
Bad actors can sit around for weeks or even months, waiting for the opportunity to attack. Attackers understand where weaknesses exist, and seek to exploit them when most convenient. There’s no better time for malicious attackers to strike than the moment dozens of devices come back from unsecured home networks, ready to infiltrate the corporate network with malware. Thankfully, there are now next-gen solutions designed to prevent and mitigate attacks.
Building a Forward-Thinking Technology Infrastructure
As organizations rushed to provide employees with the equipment needed to work from home, they may have had to make compromises in terms of security. Traditional antivirus software no longer provides the necessary protection against today’s sophisticated hackers.That’s why every organization should have Next-Generation Antivirus (NGAV) protection. NGAV is smarter than traditional antivirus tools, using machine learning and AI to detect even the smallest of changes to files and applications. When combining NGAV with endpoint detection and response (EDR), it’s easier to detect suspicious activity and mitigate an outside attack.
Legacy antivirus products slow endpoints down, and don’t provide the same protection as NGAV. Implementation of NGAV on the Cloud has no impact on endpoints, and there’s no need to procure additional software or hardware to protect devices.
The use of multi-factor authentication (MFA) has increased in the last year, too. Multi-factor authentication adds an additional layer of protection via a security question or combination of information only the user has the answer to. This makes it harder for hackers to infiltrate company networks to access sensitive data.
Now, more than ever, cyber liability insurers are looking into business continuity plans and organizations’ security resources. Some insurers may even deny coverage if best practices such as MFA, EDR, and NGAV aren’t in place. That’s why it’s important to ensure that your IT security strategy is prepared for employees’ return to the office, while also balancing the needs of those who will continue to work from home.
Thrive can build the cyber security solution that best fits your organization. If you’re preparing for a return to the office, get in touch with our team to ensure everyone in your organization can work safely and efficiently, no matter where they log on from.
Return to the Office Part 1: How COVID-19 Has Transformed Cyber Security ForeverIn Part One of our series, we explore how COVID-19 has changed cyber security, and what the long-term effects will be.
The COVID-19 pandemic accelerated business changes and how organizations operate on a daily basis. It also led many organizations to review their technology infrastructure and cyber security practices, as employees transitioned to work-from-home, bring-your-own-device, and hybrid work set-ups.
In the cyber security world, an accelerated digital transformation certainly can be seen as a positive, but it must be done in a manner that protects the organization and all end users. In many ways, COVID-19 has transformed cyber security forever, as temporary actions now have become permanent strategies.
What exactly is the “new normal”, and what cyber risk and mitigation measures can a business take to protect themselves? Here are some of the ways COVID-19 has changed the way we think about cyber security.
Work From Home: Here to Stay
There’s a case to be made for an increase in Cloud-based cyber security services, due in part to the number of people working from home. Many will continue to work from home for years to come. According to a survey by Tessian, 47% of people working in the technology industry reported clicking on a phishing email at work. And, 43% of people reported making an error that had security repercussions.
Without the protection of firewalls in the office, many end users are seeing an increase in cyber attacks. If a home Wi-Fi network doesn’t have proper security protocols in place, this can also lead to security concerns. The increase in BYOD (bring-your-own-device) has led to new concerns, as well. As more employees use personal laptops, phones, and other devices to access sensitive corporate information and other important data, it can leave organizations at risk.
Hackers will continue to adapt and develop new malware to breach systems. Businesses must be prepared to support a global workforce regardless of where and what device the end user logs on from.
More Training: A Must
Going hand-in-hand with the move from the office to the living room, it’s clear that more training than ever is needed to protect end users and the organization as a whole. As has been said in recent years, human error is every organization’s biggest cyber security threat.
Pre-pandemic, employees may have provided access to files or information to those who should not have had access. Or, a USB drive may have “accidentally” come from the office to the home and back again, not properly protected, putting critical information at risk.
IT systems must continue to adapt to workplace changes as more people work from home. Single-sign on and multi-factor authentication can be solutions, but training should be a valued piece of the process, too. Providing training for employees on phishing attacks and breaches can help them better understand the current cyber landscape.
The Cloud: No Longer an Option, But a Necessity
Organizations tend to purchase security tools they believe are doing the job. However, these tools aren’t always talking to each other, which can actually hamper the implementation of a comprehensive business cyber security plan.
Adding new tools may end up having an undesired effect, which hackers understand and look to exploit. If gaps exist between tools and weaknesses are found, breaches can (and likely will) occur. Plus, if vendors make upgrades while organizations don’t follow, security issues may increase.
On-premise solutions served organizations well for years, but the Cloud is built on the promise of scalability and adaptability. The Cloud provides a level of security not found in on-premises solutions, and helps streamline software, so no tool is left behind.
Thrive is here to be your partner in cyber security. Contact us to learn more about our services today!
Google Workspace Price Increase: Finding the Best Cloud Storage SolutionAdditional contributions to this blog were made by Brad Chase, Senior Director of Sales, SkySync
Following a late-2020 rebranding, Google recently announced price increases for its Workspace product. For many businesses, reducing costs was an important reason to consider products like Google Workspace (formerly GSuite) in the first place.
Now, with price increases taking effect, organizations may have a decision to make about Cloud storage providers. As prices change and limits on storage evolve, it’s easy to understand why businesses may be rethinking their options. While Google Workspace and Office 365 represent the two largest Cloud storage providers on the market, businesses may utilize several other providers such as Box or Dropbox, too.
Does it make sense to continue to utilize all of these services? Is migration the right path forward? The recent Google Workspace price increase may be driving migration thoughts for businesses, as they look to avoid potentially costly contract renewals.
Migrating to a Cloud Storage Platform
The COVID-19 pandemic shone a spotlight on the need for organizations to have collaboration and productivity tools at the ready, to support those in the office and those working remotely. Every business will have a choice to make when it comes to selecting a SaaS solution capable of driving seamless collaboration.
With costs rising, migrating to a more cost-effective Cloud storage solution is front of mind for many organizations. For some, this means eliminating redundancies and moving everything to a platform that may already be an option within the organization. Microsoft Office or Google products that go beyond file storage and sharing may already be in use, which provides the option to upgrade to Office 365 or Workspace more easily.
Comfort can end up playing the biggest role in the decision-making process. If installable apps are the biggest driver, Office 365 may be the best fit. Google Workspace, meanwhile, brings everything online with its browser-based approach.
Evolving workforces are accelerating enterprise organizations’ move to the Cloud, particularly the world of Cloud SaaS. Workspace, Office 365, and other Cloud offerings offer shared team storage and Cloud storage for remote workers to use more easily.
Finding the Right Cloud Storage Fit for Your Organization
In this day and age, every organization deserves a SaaS offering that delivers collaboration, business productivity, and streamlined communication. Since the turn of the century, Microsoft became well-known for providing organizations with on-premises technology stack solutions.
However, with the emergence of Cloud-hosted SaaS technology, vendors like Box, Dropbox, and Google capitalized. Business users no longer required IT-sanctioned solutions; they could embrace the most intuitive platform that helped them do their job. The multi-Cloud ecosystem took off.
With Office 365 subscriptions serving a core growth vertical for Microsoft, this loss in market share served as a wake-up call. Culturally, they shifted towards a customer-focused model that prioritized technology adoption and business stakeholder engagement beyond the IT department. Technologically, Microsoft prioritized OneDrive for Business enhancements and launched the innovative, unified collaboration product known as Microsoft Teams.
Microsoft Office 365 carries a familiarity factor, as its suite of apps has been a favorite of on-premises offices for years. For enterprise organizations that have grown out of the need for Box and Dropbox, Office 365 is the Cloud SaaS solution that closely matches what everyone is used to from its on-premises capabilities.
Whether utilizing Office 365, Google Workspace, or another Cloud storage system, Thrive can assist with handling your storage solutions. Now is a great time to take a closer look at your data landscape, to see where redundancies can be found in an effort to avoid Cloud storage price increases. Not sure where to start? Get in touch with the Thrive team today.
Information Technology Acronyms You Need to Know: Part 2In a recent blog, we took a closer look at some of the IT acronyms that we believe are the most important. But, why stop with just seven?
In part two, we’re sharing a few more information technology acronyms that should be well-known, describe them, and explain how they impact your organization.
EPP: Endpoint Protection Platform
Focusing on prevention, an Endpoint Protection Platform is capable of providing security and blocking malware on end user devices (or endpoints), such as mobile devices, laptops, and related workstations. An Endpoint Protection Platform is a traditional anti-virus solution, and while it may solve some of the issues on the front lines, it should be paired up with Endpoint Detection and Response (EDR). While an EPP can prevent traditional malware, ransomware, and zero-day vulnerabilities from reaching devices, Thrive’s Managed Endpoint Security and Response offers real-time response and a more reliable security solution for organizations.
MDM: Mobile Device Management
As enterprises experience an increase in end users utilizing mobile devices to handle certain tasks, it is important to have a Mobile Device Management solution in place. If devices are left unsecured, it may expose corporate data and other vital information. As the workforce evolves, an integrated Mobile Device Management solution ensures compliance for devices and workstations. Thrive offers a targeted solution that provides comprehensive control over mobile devices within an organization on one platform.
SSO: Single Sign-On
Single sign-on software allows users to access more than one database or application with one standardized set of credentials. SSO software is meant to provide simplified access to applications or programs without having to log in multiple times. Not only do SSO products improve ease of use for users, but IT administrators and developers will also enjoy centralized access management. Thrive ensures single sign-on software is properly implemented, with secure access to applications and data for users.
MFA/2FA: Multi-Factor/2-Factor Authentication
Multi-factor and 2-factor authentication, often used interchangeably, requires a user to provide multiple forms of verification to access an application or resource. 2FA is a subset of MFA, but maxes the number of factors at two, while MFA can be two or more. While an application or website requiring a password may seem safe, passwords are often far too easy to guess. Multi- or two-factor authentication may require a user to enter a pin from their phone, or provide a fingerprint verification to gain access to the application. One-time passwords (OTPs) are often used, too, which may be sent via email, text, or through a mobile app. If your organization requires users to access a corporate VPN or cloud-based application, MFA/2FA should be a part of your business strategy.
RPO: Recovery Point Objective
RTO: Recovery Time Objective
Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are critical parts of any organization’s business continuity and disaster recovery plans. RPO defines the goal related to the maximum amount of data (measured by change over time) that may be lost just prior to the disaster. RTO defines the approximate or maximum time until the data and/or systems can be accessible again in order to continue business operations. RPO and RTO are parts of a business continuity plan, which is designed to help organizations understand where data is stored and who has access to it.
For more information about Thrive’s NextGen managed services, be sure to contact our experienced team today!
RSA Conference 2021: Important Lessons from This Year’s MeetingThe 2021 RSA Conference certainly looked a bit different this year, as top cybersecurity professionals gathered virtually for keynotes, interactive programs, seminars, and tutorials.
Now that we have had the time to digest the information from sessions on privacy, machine learning and AI, analytics, risk management, and governance, we thought it would be important to share some of the key takeaways from this year’s conference, how Thrive is working to implement new strategies, and what it all means for your organization moving forward.
Asset Management is Growing
IT asset management is essentially the process of ensuring that all business assets are properly accounted for, maintained, upgraded, and replaced in a timely fashion. IT assets may include hardware, software systems, and mobile assets. With the increase in Cloud usage in recent years, that also plays a role in asset management.
Within a single organization, there may be desktop computers, monitors, laptops, all different kinds of software, and even items like printers, scanners, and copiers. IT asset management is becoming more and more necessary, as companies must keep up with what needs to be protected. The proliferation of Cloud services and increase in work-from-home setups post-COVID only makes this more challenging.
Thrive offers asset management solutions that reduce costs, improve compliance, and provide increased control over IT assets.
Security Awareness Becomes Security Appreciation
Sentiment is growing that some security awareness training platforms aren’t executing on the value that was hoped for. The general consensus is that end users will need to appreciate the need for security, instead of simply being aware of it. So, how can an organization ensure that end users are up to date with the latest security trends?
Many security awareness solutions are going back to the drawing board to make training more personal and engaging. When employees care about the security of company data, the overall security posture within an organization increases greatly.
Social engineering, phishing attacks, and credential theft will impact businesses for years to come. Thrive’s Cyber Security Bundle offers training through simulated phishing attacks, along with interactive videos that engage the end user and help them gain a better understanding about security posture.
AI and Machine Learning as an Attack Vector
Preventing ransomware is top of mind for chief information security officers. As security teams leverage off-the-shelf AI and machine learning tools, many security experts believe attackers will fight fire with fire, and we may see AI systems compete against one another. Data poisoning attacks against the machine learning technology used in security software could put many organizations at risk.
AI and ML rely on data and algorithms produced over time, and it’s what makes this technology so useful in preventing ransomware attacks. However, if threat actors can gain access to software, they can manipulate the AI and ML in ways that make it difficult to detect and react to.
Thrive partners with IT teams to implement Cloud-based Disaster Recovery as a Service (DRaaS) solutions, with 24x7x365 monitoring that protects critical systems and data.
Ransomware Everywhere
In the next 24 months, it’s expected that smaller-scale ransomware attacks on IoT and mobile devices will increase. Imagine a phone is taken over, but for a small ransom, it can be unlocked. If attackers can find a backdoor into devices and demand smaller ransoms, these hackers can be successful. It is unfortunate, but with the success of ransomware in the enterprise, it’s likely to trickle down to consumers.
Of course, with many end users working from home, this can lead to interruptions to work, particularly if a smartphone or tablet becomes unavailable. Thrive tailors cybersecurity plans for organizations, and includes protection for employees who may be utilizing BYOD (bring your own device) as an option. Thrive is prepared to tackle the cybersecurity issues of the present and future. For more information about our NextGen Technology services, contact us today!
Related News: Thrive Wins Coveted Global InfoSec Awards
How Thrive Drives the Success of PE Funds and Their Portfolio CompaniesToday, private equity firms are looking at unique challenges. In a highly competitive market, with the need to deploy capital quickly, private equity firms work in uncertain market conditions and must deal with the pressure of increased competition and investor expectations.
The success of an investment depends on the ability to move fast, be strategic with growth, and efficient with operations and integration. Thrive assists PE firms at different points of the life cycle, from pre-close IT diligence to ongoing portfolio enablement to exit preparedness.
We are often engaged by private equity and private equity-backed companies to address technology challenges and mitigate risk, so time and energy can be spent on growing businesses and creating shareholder value.
The Unique Nature of the Alternative Investment Community
What makes private equity companies unique is the wide array of industries they invest in. A private equity firm may own a company that must meet certain government or military requirements, or perhaps a company in the medical field that must meet HIPAA compliance objectives.
For many private equity funds, there is an appetite for protecting their LP’s investments in the portfolio companies they acquire. Operational IT diligence should be done on acquired companies, as these are often owner-operated businesses purchased to become part of much larger enterprises. If there are security concerns within a newly acquired portfolio company or platform investment, it’s important to implement a new standard for these businesses and fortify them before capital is deployed and growth is accelerated through the acquisition of other companies.
PE and investment firms are often a target for hackers. If a PE fund or portfolio company is infiltrated, sensitive financial information may be at risk. Thrive specializes in protecting enterprise value while securing the internet infrastructure, applications, and Cloud platforms that power your business.
Providing Experienced PE Consulting Services
Through each stage of the investment lifecycle, we enable PE partners to focus on growth and the future.
Through Pre-Close IT Diligence, Thrive works with PE customers to understand the potential risk areas within the technology stack, explaining compliance requirements and steps that must be taken to secure the stack. For add-on investments, we will review the IT infrastructure of a target company to ensure smooth integration.
Once a business has been acquired, we go in-depth to create a technology roadmap that discusses risk mitigation, infrastructure, and the creation of secure IT operations, all through the Post-Close IT Operations Baseline & Roadmap.
A complete review of cyber security tools, processes, and staffing will be completed during the Cyber Security and Risk Planning stage, with the creation or validation of security compliance policies and procedures.
In the Integration Services & Carve Outs stage, we align with portfolio company leadership, PE sponsor deal teams, and operations support groups to execute any recommendations and carry out integration efforts.
Ongoing Portfolio Management provides guidance to portfolio companies through our service offerings such as vCIO or vCISO, helping to deliver digital transformation. When a portfolio company is marketed, we will provide Exit Preparedness services to position a company for growth.
Thrive understands the challenges private equity firms face on a daily basis. To learn more about our PE-focused services, get in touch with the Thrive team today!
How Thrive Is Helping to Transform and Digitize the Museum experienceThere are around 2,500 museums in the UK and inside each of them are incredible artifacts that define our heritage and gives us insight into how the world we live in today has evolved. The National History Museum alone has some 80 million artifacts, most of which are not on display at any moment in time.
Thrive is extremely excited and honoured to be part of an initiative aiming to leverage the ‘digital world’ to make our heritage accessible to more people. This initiative is focused on ‘Preservation to Presentation’ and, in straightforward terms, is looking to ‘digitally capture’ those artifacts in our museums. Both Augmented Reality and Digital Presentation Tools have, provided schools, higher education, historians, scientists, and the general public with access to these artifacts
The programme is being supported by The Natural History Museum, Imperial War Museum, Science Museum, British Film Institute, and many creative and technology leaders.
Imagine the scenario, a classroom of children is studying dinosaurs, and a trip to the Natural History Museum might be out of the question. However, by clicking on a QR code in the classroom, the children will have the ability to analyse a Tyrannosaurus Rex using Augmented Reality. This tool would be both a powerful, immersive, and transformational learning experience for the children.
Thrive is working alongside Cisco to support this initiative. The role we are playing is providing the private cloud based platform on which this digital content can be accessed. Our highly resilient and secure private cloud environment, built on leading Cisco technology, is hosting both the presentation technology and the data providing the performance and scalability required for such a service. Equally important is the connectivity side; as the initiative looks to run pop-up museums across the country, it needs a service that can cope with significant peaks in bandwidth. A requirement that Thrive can meet through the unique design of our private cloud offerings.
At Thrive, we work with a broad range of organisations, helping them on their digital transformation and their journey to the cloud. This initiative is an invaluable opportunity for us to apply our skills and experience to a fantastic project with far-reaching benefits to the whole country.
If you want to learn more about Thrive’s data centre facilities, the co-location, private cloud, and hybrid cloud services we provide, please look at the Thrive Cloud Services webpage or get in touch with us here.
Why Hiring a Virtual CISO (vCISO) is the Smart MoveFinding a qualified Chief Information Security Officer (CISO) who will be a reliable resource is a challenge, and retaining one even more challenging. Protecting company information, data, and end users is a must. That’s why Thrive has created a Virtual Chief Information Security Officer (vCISO) program, which helps companies fill the gap between business strategy and security operations.
There are several ways in which a company can benefit from hiring a vCISO to assist with strategy, guidance, and oversight. This emerging role provides an outside voice committed to getting the job done efficiently, avoiding internal politics, and eliminating the need for a lengthy search for a CISO.
Why Hire a vCISO?
It’s the dream of every organization to have a long-tenured CISO in their C-suite: a cybersecurity expert capable of driving innovation. That being said, it’s not always the reality.
Larger companies may dedicate time and effort to recruiting and training a CISO, as their resources allow them to do so. Plus, these larger organizations tend to have room in the budget to attract what a CISO commands in salary. That being said, challenges still exist – the average CISO tends to only stay with a company for just about two years according to Nominet, and small- to medium-sized companies may need the services of a CISO, but might not be able to afford one in a full-time role.
As many organizations have an immediate need to address security concerns, it can be difficult to have to wait six to nine months to recruit, onboard, train, and fully immerse a CISO in their role. A vCISO can hit the ground running immediately, be an objective outsider, and provide near-immediate value.
CISOs may also not have the desired combination of business and technical capabilities, struggling to find the balance that is required to manage both business policies and cybersecurity needs – simply put, there aren’t many “unicorn” CISOs available.
Benefits of Hiring a vCISO
When hiring a CISO, organizations have access to an expert, but it tends to be just one person in the role. With vCISO services, an entire team of experts is working to implement a cybersecurity plan and responding to potential threats.
Thrive designs its vCISO services and customizes an Information Security Program that complements business strategy and risk tolerance. In the Discovery stage, we identify what policies and procedures are in place, review internal and external partners, and better understand the current state of affairs.
After acquiring that information and insight, a Risk Assessment is performed, which in turn allows us to create a Current State Analysis document that shows existing deficiencies that should be addressed immediately. In the Development phase, we design and develop a program that’s tailored to the organization. Of course, this is not just a one-time solution – information security is an ongoing effort and the threat landscape is always evolving. We constantly revise our clients’ Information Security Programs to meet regulatory, audit, and compliance regulations.
Our vCISO services fit small- and medium-sized businesses, along with mature organizations requiring assistance with specific policies and governance requirements.
Is a vCISO the right fit for your organization? Speak to our team to learn more about this emerging role and why vCISO may be the best fit for you.
Thrive’s Virtual CISO Webinar: Key TakeawaysThrive recently held its vCISO webinar, hosted by CRO John Holland, who was joined by Andrew Archibald, vCISO, and Dave Sampson, VP of Consulting. In this webinar, Andrew and Dave discussed the role of a vCISO, the importance of implementing a security program, and why organizations must continue to nurture a security program.
Check out the highlights from the webinar below, and get in touch with the Thrive team to learn more about our vCISO offerings.
Dave Sampson, VP of Consulting
On the latest cyber attacks in the news:
When we look at a lot of the attacks this year, we’ve identified some common trends. As we’ve watched the news, it’s clear many of the organizations attacked have no formal security program. There needs to be a formal security program, and that has to start at the executive suite, starting from the top and working its way down. Having a comprehensive security framework behind security strategy is critical, too. Buying a specific tool may require some areas in the framework, like email hygiene, multi-factor authentication, and disaster recovery. When we see news stories and hear of the unpredictability of recovery time, that means the recovery plan probably hasn’t been validated and tested on a consistent basis. Third-party vendor risk has been in the news, too. When you’re providing data to third-party vendors, who is accessing it? If it’s stolen, it’s just as impactful to you as it is to them.
Why a vCISO is the right fit for an organization:
A vCISO coming in on a part-time basis provides the knowledge and the ability to collaborate. Not all organizations need a full-time CISO, and there’s a shortage of full-time CISOs on the market. A vCISO can provide a better cost model and work with executives throughout the organization, and be results-focused. You’re also getting the experience of several individuals. The Thrive consulting team is certified and able to socialize requirements and find the best solutions. We work in different verticals and have the experience to enhance your security posture.
What a vCISO looks like:
This individual will help spearhead a proactive, security-first approach. We have a policy resource library that a vCISO will help modify to meet your needs. A vCISO can also help plan sustainable business operations, and ensure recovery plans are being validated on an annual or semi-annual basis to create a strong cyber security posture.
Andrew Archibald, vCISO
On how Thrive’s vCISO foundation is built:
The Thrive vCISO offering is built on two foundational concepts. The first is the Center for Internet Security (CIS) framework. Thrive has worked with CIS for many years. It’s an easy to understand and approachable framework, yet extremely comprehensive. CIS has added controls around cloud security and remote work in response to the pandemic, as well. It maps to all of the other frameworks, including NIST and ISO. The second component of the vCISO service is built around the ISACA Certified Information Security Manager (CISM) credential and the domains for them. We make sure that there is a robust security culture throughout the organization, as information security is not just a box that is checked. Ultimately, this risk-based information security program is customized to your organization, taking corporate and IT strategy into consideration. We also make sure that recovery measures are in place to respond to, mitigate, and recover from a security incident.
What you get from the vCISO program:
If you don’t have an information security program, we will help develop and maintain a program that complements business strategy and risk tolerance. Some organizations are more willing to accept risk, and others are risk averse, and we take that into perspective when developing a plan. Our offering is based on creating reasonable information security measures to protect corporate assets. This approach is also eminently flexible. Every company has unique security challenges and concerns, and we remain flexible to address challenges and concerns organizations are facing.
On the vCISO process:
We have a 5-step process to implementing and maintaining the vCISO program, starting with Discovery. In this phase, we’re trying to better understand the existing information security program, or designing one if there is nothing currently in place. We look forward to talking with the board of directors and senior leadership, along with the IT experts to get a grasp of technologies and how they are implemented. We want to make sure the appropriate protections are in place in the Risk Assessment phase, and address any glaring deficiencies immediately.
The Current State Analysis includes a 20-40 page report with recommendations to implement ranked by importance, with remediation items managed and tracked appropriately. In the Information Security Program Development phase, we work to develop a security-focused culture, and create an umbrella document, the Comprehensive Written Information Security Program (WISP), that lays out security strategy, and can be shared with auditors if needed. Of course, day-to-day operations and nurturing will continue, providing updates to management as needed and conducting annual policy and procedure reviews, while making sure the risk profile hasn’t drastically changed.
Missed the Thrive vCISO webinar and want to learn more? Click here to gain on-demand access!
What is Azure Virtual Desktop?As has become evident in the past few years (particularly in the last year), remote work is no longer just a possibility, but a reality. Organizations have seen the value of completing work from anywhere, but many have used patchwork solutions and short-term fixes to help establish a remote workforce.
Azure Virtual Desktop provides business leaders with a scalable, long-term solution, something many organizations are looking for. The right tools are required for collaboration and innovation, but important information and data must be protected in the process. Azure Virtual Desktop enables a secure remote desktop experience from any device at any time, providing end users with the access they need to get the job done.
Running Azure Virtual Desktop on the Cloud
Running Azure Virtual Desktop on the Microsoft Azure Cloud platform allows users to set up a multi-session Windows 10 deployment that provides a scalable Windows 10 instance accessible from anywhere. An end user gains access to Azure Virtual Desktop via a company-issued device, a shared computer, or their own device. For on-the-go employees, the benefits are clear – no matter where someone is, they’re always connected to a full desktop experience with the proper functionality and customization they’re accustomed to.
Organizations will realize cost savings immediately. Hosting on Azure requires less infrastructure than a traditional setup, and there’s no need for costly servers and the space required to house them. Plus, with employees working from anywhere, office spaces can be consolidated, giving users the option to log on either from home or perhaps a co-working space. Should IT departments choose to forego the process of searching for and maintaining hardware, bring-your-own-device (BYOD) is an option. Allowing employees to use their own device reduces costs and ensures a certain level of comfort.
In a BYOD setup, a company can continue to grow without having to focus on costly IT infrastructure or a lengthy procurement process. Since an Azure Virtual Desktop is always up to date, it has the latest security features capable of detecting threats and taking action, and for IT departments, is an alternative to purchasing expensive new equipment or backup and disaster recovery services.
Azure Virtual Desktop Benefits and Considerations
Azure Virtual Desktop deploys and scales in a matter of minutes, with the ability to use existing licenses so you only pay for what you use. For example, if you’re already signed up for Microsoft Office 365 or an enterprise Windows version, a virtual desktop instance can be set up for each user at no extra cost. Remote users gain access to a virtual desktop interface from anywhere, regardless of device type:
- Windows
- Mac
- iOS
- Android
- Any device with an HTML5 web client
IT administrators can increase the number of virtual CPUs, virtual RAM, and create more virtual hard disk storage with just a few clicks. Azure Virtual Desktop can also be the first step towards bringing legacy applications to the Cloud, for those yet to implement a software-as-a-service (SaaS) solution. This allows for the hybridization of the work environment; if an end user requires a full desktop, Azure Virtual Desktop is the solution, but if they only require access to O365, they can work locally.
As the platform is rolled out to employees, organizations must consider the needs of the end user. While an IT department and a group of tech-savvy professionals may enjoy having access to a virtual interface, some members of a team may require further training and coaching on how to use the technology and how to ask for additional resources if they’re required. Our Thrive team provides detailed training prior to deployment.
Azure Virtual Desktop is a great opportunity for organizations to maximize the benefits of the Cloud. Plus, Azure Virtual Desktop is just one more way to provide employees with remote desktop access and the ability to accomplish tasks even if they’re nowhere near the office. To help your organization deploy Virtual Desktop on Microsoft Azure, get in touch with us today.