The Secure Workplace Story Part 2: Why and How Do You Implement a SWP?
The secure workplace has evolved rapidly over the past 24 months with more and more integration and continuous development to stay ahead of the bad guys. Taking advantage of new capabilities can help businesses to get into a proactive mindset as it relates to cybersecurity and quite quickly reduces the potential for an attack or breach. As we have discussed so far, having visibility into what is going on across all facets of the business provides current and historical behavioural information which can be reasoned upon to continuously develop your plan.
Conversely, some businesses go from day to day wondering “if” they will suffer a breach or data loss incident and are prepared to accept the risk of doing nothing when in the real world, it is not a case of “if” but “when” a breach will occur. A significant number of organisations ultimately pay the price of doing nothing further down the line when an event occurs or audit results in personal fines and/or reputational damage. Being proactive and taking measurable steps towards adoption of the secure workplace can reduce risk over time, increase your security maturity, and ultimately put you in control whilst dramatically reducing the attack surface.
Businesses may have a mandate to become ISO 27001 compliant, or if in finance PCI-DSS, or HIPAA for health. To achieve compliance, and depending on which country you reside in, a baseline must be defined using something like the Australian Signals Directorate (ASD) essential eight, or in the USA, The Information Security Forum (ISF) Standard for Good Practice, or in the UK, the 10 steps to cybersecurity. Which will help in defining the strengths and weaknesses within the current security strategy, and then from there, mapping required security controls to policy to continuously reduce risk over time and improve the overall security posture.
Being proactively prepared for information governance or compliance audit can help avoid significant costs associated with the discovery and collation of information together with creating manual reports. Having the ability to respond to an event or an audit request promptly can be the difference between success and failure.
Insentra has developed a kick start offering called Architect as a Service (MapOne), which has a roadmap deliverable and is outcome-focused, including the time to value, this helps in discovering the real cost of inaction.
MapOne is short and sharp fixed price engagement with senior stakeholders and/or executive sponsors in a business, delivered through a series of workshops, meetings, interviews, and interactive sessions. The sessions intend to discuss the top questions, risks, concerns, and to remove as much Fear Uncertainty and Doubt (FUD) around the secure workplace as possible. The deliverables from the MapOne sessions are a prioritised, a strategic roadmap showing tasks able to be completed rapidly for the highest possible return, through to subscription consumption activities that will drive the fastest possible time to value.
The roadmap intends to allow executive sponsors to work collaboratively with their partners and vendors to better understand and manage cybersecurity risk, cloud subscription entitlements which could drive the successful transformation to the secure workplace.
Most organisations are some way down the road to achieving a secure workplace, however, it makes absolute sense to have an independent review of the current strategy to ensure there is a pathway to success or validate critical thinking.
Alternatively, when looking at all the components mentioned here, sometimes it can all be a little overwhelming This is the perfect time to step back and look at how the business needs to evolve and take advantage of some or all the components in the secure workplace.
If we don’t start, we can never hope to finish.
Join the Insentra Community with the Insentragram Newsletter
Hungry for more?
Azure Information Protection - Deployment - Part 4
By [Hugh Roberts]
In part 4 of the series we take our implemented environment and ensure it is expanded, governed and monitored correctly.