Security: Codec covers all bases
Proper security measures should ensure that all parts of a business are covered which is why full-stack solutions are growing in popularity. As with finances, employees, transactions and customers – security is now part of the fabric that makes up a business, and for good reason. Being hit by an attack can have serious ramifications for your business. At best, preparing might mean you’re temporarily inconvenienced. If you put in no groundwork, your entire business could go up in smoke as your workflow, finances and reputation take a major hit. With GDPR now in effect, the main concern faced by those in the security space is ensuring that the data you handle is protected, says Codec’s Senior Cloud and Platform Consultant Leonardo Felippine (pictured).
(Note: This news item is a summary of an article published in the Sunday Business Post on May 27, 2018)
“One of our roles is to make sure that the security features are able to prevent any leaks before they happen,” he says. “Attacks are becoming more sophisticated than ever. They imitate sites and emails and the security features you need should be able to react to what’s going on at that time.”
As with many security efforts, the focus is on being proactive rather than reactive. Malware signatures are harder to detect though traditional methods, and more devices than ever are now connected online, giving a greater number of entry points. The median number of days an attacker resides within a network before detection is 146 days and the threat landscape has changed, as have the security measures used to protect users.
In the case of Codec which, uniquely in Ireland, offers services and solutions across the full suite of Microsoft products, protection requirements need to cover a wide area.
“Previously the area that security was focused on was emails,” says Leonardo. “Most security solutions were based on emails so we had [things like] data loss prevention . . . now Microsoft is applying that same knowledge to other areas . . . and now you have the same classification policies and labels across emails. SharePoint, OneDrive and all of the documents across there.”
“For example Office 365 is compatible with most cloud services or SaaS providers. It’s able to bring threat analytics, and it’s also able to monitor your on-premise environment, local computers and servers.”
Tools like Advanced Threat Analytics, which uses machine learning and behavioural analysis to spot patterns and detect unusual or suspicious behaviour from a user or device, are leading the way in ensuring businesses are safe. Codec, current Microsoft Country Partner of the Year, works with a number of major companies to help keep their security in optimal shape, including one major European organisation which specialises in offering travel experiences.
Part of the reason Codec chose Microsoft is because it’s always improving, updating and enhancing its products. Microsoft has a roadmap of what updates and changes are going to be implemented to its security suite, and that, combined with Codec’s knowledge of its products, puts it in a strong position.
“Microsoft’s roadmap looks to improve the functionality to the services that exist today, and that we usually work with,” says Leonardo.
“To provide further insights on data encryption, on data leaks, on how to easily protect data, and make things more streamlined for end users are the kind of things they are looking to integrate even more.”
In addition, it is worth noting how Microsoft approaches the aspects of security beyond the technology. For one, policies and processes are a major aspect of any company’s security plan, and Codec is working with a number of major customers to ensure GDPR compliance.
One solution is Microsoft’s Azure Information Protection which, after scanning files, can suggest specific policies that will help protect those files or automatically apply protection policies to them.
The other element is ensuring that users are aware that the decisions they make can have an impact on their security.
While an easy option is to just implement rigorous security measures, the reality is this isn’t always feasible so a compromise between implementing effective security protocols and enabling employee accessibility is usually the preferred option. As long as employees know the pros and cons of their decisions, progress can be made.
“We usually try to offer training to end users who are both able to get the most out of the solutions we are deploying for productivity, but also to let them have an idea of how sensitive the information they’re working with can be because it’s something that’s usually taken for granted,” says Leonardo.
“Sometimes they don’t even know the level of damage it can do if data is exposed, not only financially but on the reputational side of things.”
“Data security issues simply cannot be ignored – with the emergence of increasingly sophisticated cyber threats combined with the strict compliance protocols laid down by GDPR – it would be a massive oversight for any business to not be proactive in addressing these issues. Being prepared in a wise mantra in any facet of business and especially so when it comes to data.”