Secure Workplace
All the pieces of a secure workplace to ensure your cybersecurity solution is fit for the multi-cloud and hybrid world. Reduce the threat of security breaches by reducing the attack surface and give your business the assets and solutions to enable a secure workplace where employees can work from anywhere on any device.


What is Secure Workplace
One of the challenges we face when talking to clients about achieving a secure workplace is being able to define the components at a level which makes sense. All the pieces need to connect in a way which is easy to understand and relate to.
To address this and provide some context, we should think about the secure workplace as the following areas:
- People – Identity, user credentials, access control, multifactor authentication
- Devices – Device security, biometrics, encryption, Endpoint Detection & Response
- Cloud Services – Cloud App Security – Building the business case for information protection
- Information Protection – Classification and labelling of information to prevent data leakage
- Governance – Policy enforcement, compliance, and the ability to prove who has access to what information, and more importantly, why?
People
Before you can begin to secure the workplace, the people who interact with it must be considered, understood, measured, and secured. The starting point for any individual is their identity, followed naturally by the locations they use to interact with the workplace, and how they manage their critical credentials like passwords and or tokens etc. and access to business information, applications, and collaboration platforms.
During and after implementation of a security strategy or solution, it is important to take the learnings and invest the time to educate individuals and groups within the business to drive security, governance, and risk awareness.


Devices
Next, we ensure the relevant level of security controls exist for each persona, or group within your organisation on their assigned devices. At the base level, ensuring devices are secured against next-generation malware and advanced threats is critical, so each endpoint should leverage Endpoint Detection and Response (EDR) capabilities allowing automatic investigation of alerts and remediate options for complex threats in minutes with industry best practices and intelligent decision-making algorithms to determine whether a threat is active and more importantly, what action to take.
Cloud Services
It is crucial to understand any areas outside of the workplace which present a potential risk. Discover how data is being created within the organisation and shared externally, understand which SaaS platforms are in use and extend information protection into the cloud. Remove risks associated with data leaving the organisation and ensure data classification or policy is adhered to, eliminating Shadow IT.


Information Protection
Once you understand how information is moving outside of the organisation, new behaviours are learnt (good or bad), from which the learnings can be applied to the underlying policies behind each persona, or group.
Discover and manage sensitive, classified, or compliance specific information, understand risks within and external to the business through discovery, design, implementation, and documentation of an information protection platform. Discover who has access to what and more importantly why. Gain control over unlimited sharing and access to your client’s information estate.
Governance
Achieving effective information protection policy goes a long way to meeting compliance standards and with people, devices, cloud data, and information secured, it is often assumed all bases are covered. However, not quite, to retain compliance, you must pass through an Audit, which could be planned or random. To satisfy an auditor, the key is to exhibit the ability to quickly show who has access to certain information, and the reason “why” they have access. To successfully pass an Audit, information governance needs to be delivered in a manner where the “reason” and “duration” for access is captured at the time the information is shared.

Read the full Secure Workplace story
