Corporate IT security is undoubtedly one of the key challenges of recent years, both for structural reasons and contingent reasons. Undoubtedly, one of the biggest obstacles to overcome, especially for those in charge of managing the infrastructure, is the need for a change in corporate culture. Too often, current security issues start from the need for more awareness on the part of operators. And there is plenty of technological solutions.
Table of Contents
Corporate IT security: antivirus is no longer enough (and perhaps it was never enough)
In the view of non-technical users, in most cases, corporate information security is an abstract value: it is assumed that once some technical measures have been adopted, the problem is completely resolved. The facts amply demonstrate that this is an erroneous belief and must be unhinged. Active prevention systems and risk monitoring are certainly indispensable, but there are still many cases in which violations and attacks originate from human error. According to this research, in 74% of Italian companies, the lack of awareness of the risks is considered one of the main vulnerabilities in using Cloud tools.
For this reason, a different approach to corporate IT security is needed, including, alongside the indispensable technical and strategic solutions, intense work on corporate culture, and training to minimize all threats that cannot be neutralized from an exclusively technological point of view.
But how to ensure safety?
Netmind’s approach is based on three fundamental concepts: protection, data availability, awareness, and training. Today, in fact, only a holistic approach can guarantee a level of security adequate to the needs of a market in which cyberattacks are increasingly numerous and efficient.
Identity and endpoint protection
The Microsoft Azure Hybrid Active Directory solution allows you to adopt structural measures which, as the name suggests, combine the best of on-premises functions with the best of the Cloud. The first step is undoubtedly to secure one of the strategic corporate assets, i.e., the identities of the staff and, in general, of those who have access to the IT infrastructure.
As in a traditional AD, in fact, it is possible to create conditional access rules to resources in a detailed way (and contingent, if necessary) but, at the same time, it is possible to centralize authentications on a single identity provider, even in the case of hybrid access on the internal network and corporate Cloud in BYOD (Bring Your Own Device) mode, using a single set of credentials and taking advantage of the most effective two-factor authentication systems.
Another fundamental aspect of corporate IT security management is undoubtedly data availability. With this, we intend to cover both the aspects related to the opportunity to access data, even in emergencies, and to the integrity of the data itself, with a hybrid approach where the data is saved on different media, so it is possible to intervene quickly even in case of disaster recovery.
The backup environment is protected through the use of object storage that guarantees immutable backups and through segmentation (isolation) at the network level. To respond to good practices, a copy of the backups is also archived in a special section of the corporate Cloud.
awareness and training
A key aspect of Netmind’s vision in the field of security starts from the need to make people aware of the risks, also through training events, but not only. For example, one of the most effective methodologies in the field of corporate IT security training is that of simulation, especially with regard to phishing attacks.
Through appropriate analysis and tracking tools, the specialists of PanDigital, a subsidiary of Netmind, can effectively simulate an attack and verify its potential scope if it were real. A technique that also has an important assessment value of the current state of risk awareness and constitutes an excellent starting and comparison point with a view to the evolution of corporate culture.
Security is an ongoing job.
As insiders well know, to maintain the high-security standards necessary today, continuity is essential, even in analyzing new threats, updating tools, and training personnel, including non-technical ones.