Technology – Azured
=
Book a call with us
Preparing for a flexible future?

It’s no secret that working from home and cyber attacks are both on the increase. An IoD survey found that almost 75% of businesses planned on ‘maintaining the increase in home working’. And if that trend is likely to continue, it would be ignorant not to follow suit and step up the IT security that makes your business possible (for all those devices, applications, passwords that can make or break a day at the office).

🧐 For instance, did you know that at least 65% of people reuse passwords on multiple sites… despite 91% of them knowing that it’s risky?

…sound like anyone you know? 🤷‍♂️🤦‍♂️

💡Sometimes what we need is a team of people who really know their stuff to put together a really useful guide with interesting information, best practice and practical tips. And sometimes, someone like HTG – People-first Technology pops up and…BAM 💥

And they’ve done just that. Download the white paper today.

#HTG #Azured #MicrosoftAzure #MS365 #EmailSecurity #Cyberattacks

Human operated ransomware is “preventable disaster”?

Human-operated ransomware campaigns are one of the most significant and impactful trends in cyberattacks today, according to the Microsoft 365 Defender Threat Intelligence Team.

Hands-on keyboard attacks start small, but in the background, something bigger is happening. Watching your every move. Noticing patterns. Identifying weaknesses. And then BOOM.

We’ve helped some pretty big players over the years. But we know that businesses prefer to keep these things on the DL, so we’ll never share this information – and you certainly won’t find any case studies or testimonials. You’ll just have to take our word for it on this one. Offering a discreet service lets our clients know that we’re serious about their security.

And if you haven’t watched the webcast from Microsoft yet, we’re going to share it again.

Protecting cloud and on-prem. It’s time to plan!?

We’re always banging on about cloud-based security. But it’s important to remember that human-operated ransomware attacks aren’t a cloud-only problem. These highly sophisticated attacks know no boundaries and can impact on-prem, too. In fact, it’s easier to protect your cloud environment than it is your on-prem environment. Weird eh.

If you’d like to know why, get in touch and we’ll delight in telling you more! We don’t like to be pushy – it’s just not in our nature. But when it comes to something as serious as this, we implore you to get your security plan in place. And, if you do have one, implement the darn thing. This is the party you can never be too early to.

Whether or not your security plan is in place, we’re offering free 1-2-1 30-min sessions with one of our wizards of tech. We can guarantee that you will take at least one thing away that will improve the security posture of your business. And that will make us sleep better at night. It’s a win/win.

But if a free security review is not for you, we really really really want you to watch this instead.

Human-operated ransomware: what we all need to know?

Human-operated ransomware is different to the cyberattacks that we usually hear about. They’re incredibly sophisticated and inherently difficult to spot.

As the name suggests, they require a human touch: invaders infiltrate, watch for patterns, highlight weak points – and then strike many months, or even years, later. By which point the attackers will know more about you and your business than you do.

And as they move laterally across your business, they can (and will) cause immeasurable damage as they go. Microsoft’s Principle Cybersecurity Consultant, Jim Moeller, warns that “we’re facing one of the greatest threats to cybersecurity, ever seen.” And that should’t be taken lightly.

We don’t like to be pushy. But when it comes to something as serious as this, we are…a bit. It’s so important to have a security plan in place. If you do, implement it. And if you don’t, get in touch! This is the party you can never be too early to.

https://info.microsoft.com/ww-thankyou-Human-Operated-Ransomware-webcast.html?LCID=EN-GB&ocid=eml_pg235439_gdc_comm_mw

The new kids on the cyber-security block?

Human-operated ransomware attacks. They’re the new kids on the cyber security block. And they mean business. Well, they actually mean potential catastrophic damage to your business. And by business, we actually mean your data, identities, and a demand that runs in to thousands (or even millions) of pounds.

We don’t like to be pushy or overbearing. But this is serious. Businesses must have a security plan in place. And if you do have one, implement the darn thing!

We feel really strongly about keeping businesses secure. And, of course, once personal passwords are being used in a business environment, we’re not just talking business. We’re talking about the security of you and your family’s personal data, too.

In fact, we feel so strongly about it, that we’re offering free 30 min 1-2-1 no obligation security reviews for our new or existing customers.

Human-operated ransomware attacks are a threat to us all. To understand more about their risks and how to securely safeguard your business, this webinar from Microsoft is an eye-opener – even for the non-techies!

https://info.microsoft.com/ww-thankyou-Human-Operated-Ransomware-webcast.html?LCID=EN-GB&ocid=eml_pg235439_gdc_comm_mw

How boredom can lead to your most brilliant ideas?

We’re often telling our children that the best ideas come from boredom, yet it’s a notion that, as adults, we struggle with – we simply don’t allow the time to be bored.

Manoush Zomorodi’s TEDEd is FULL of interesting information… A decade ago, we shifted our attention at work every three minutes – and now, it’s every 45 seconds. Every day. On average, we’re switching IT tasks 566 times a day – and checking emails 72 times a day. It really is exhausting stuff!

We’re always “on” – replying to emails and booking calls when previously we would have just enjoyed a brief moment of “down time”. But when we slip in to “default mode”, the results can be staggering. Awesome ideas, brilliant problem solving and great strategies…all appear with such clarity.

Watch Manoush Zomorodi’s TEdEd: How boredom can lead to your most brilliant ideas

Azured makes it easy…To protect the home office.?

When we consider home office security, we’re talking identities, devices and data. There’s a whole lot of stuff going on around our kitchen tables at the moment that should probably be a bit more secure than it currently is…

You can imagine the challenges… Your Finance Director needs access to your accounting software – and that contains some supersensitive data. Your Sales Director has a client presentation and needs to access the client’s history. Your CEO doesn’t have the right permissions to see the data they need. And then there’s Geoff the admin assistant, who can log in – and access EVERYTHIING… And he hasn’t updated his anti-virus software since 2008. You get the picture…

We’ve put together a short video to explain how our smorgasbord of solutions provide enterprise grade security – within the budget of SMEs.

And that’s not all folks… we’re offering a free security assessment in February and March. No obligation, naturally. But if we can help, you can bet your meatballs we will.

PS. If you do like the sound of a free security assessment, drop us a message and we’ll be in touch.

CASE STUDY: Hyve Group?

No one works in isolation in any business, but in the aptly named Hyve Group plc, a FTSE 250 international trade show organiser, the need to join forces is intrinsic. The company operates a highly collaborative environment sharing ideas and opportunities between teams. With 1,200 workers in 13 countries focused on delivering innovative and dynamic events around the world, its need for a flexible, collaborative IT environment made it a strong candidate for digital transformation.

“Azured deliver more, for less. An environment that is more cost effective – and a service with greater security that is more reliable and easier to manage. Our global team, operating in 13 countries, went home Friday evening and came back Monday morning and everything was in place, ready for us to start working.”

Keith O’Hara, Group Technology and Information Director, Hyve

The challenges of multi-platform identity migration – with unreliable data…

As a consequence of growth through acquisition Hyve’s international footprint was made complex by different IT architectures. They naturally ran multiple applications – some shared, some not – and inevitably maintained multiple identity platforms, with all the complexity that implies for user, device and application identity management.

Hyve approached Azured to lead the project, knowing that it has specific and deep expertise in identity migration – one of the central challenges of the project. Acting as lead architect for the transformation, Azured assembled a team of project specialists whose knowledge and skills are not normally found in-house among client IT departments.

In crafting the solution, the core objective was that everyone on Hyve’s creative teams around the world should be able to use a single sign-on to virtually all the applications they need, from all the devices they use during the transition and after completion.

Given the complexity of the existing state, it would be a tall order for any specialist IT consultancy, but is firmly in the home territory of Azured. The confused state of the identity data made it unfeasible to consolidate into an existing directory services system.

Shaping a seamless single sign-on solution

Azured suggested it would be more favourable to migrate into a new hybrid identity platform (both on-premise and cloud-based). To do so would also be consistent with the planned move to cloud-based infrastructure for applications available across the enterprise.

To manage the migration, Azured would need to analyse the source platforms and remediate its data, removing duplicates (typically multiple identical objects in different identity platforms), cleaning up incorrect entries, deleting obsolete identity objects – for all its people and devices, current and past. It is a challenge that appears more straightforward in the description than in practice, when you bear in mind that each one of Hyve’s people might have more than fifty applications for which her log in needs to work, and consequently multiple objects relating to that identity must be migrated.

The Azured approach is marked by its attention to the device identities as well as the users of those devices. As an object of the user’s identity, everything she uses has identity data that must be recorded and moved into the new platform for it all to work as seamlessly as the brief required, namely, a single sign-on experience to everything: devices, networks, applications, permissions.

To guarantee all would be operating perfectly on the Monday morning after the migration, Azured created a simulated environment in a lab. The team focused on the critical applications first, analysing each device type (laptops and desktops) to understand the relationship between the user and the device, its operating system, and the applications the user needs to access.

Azured used a combination of scripts and software to iteratively interrogate the identity data, remediating it where it was inconsistent with the new platform in a lab simulation. The lab approach refines the migration process by continually analysing devices, applications and identities to arrive at a stable setup.

Streamlined. Secure. Cheaper? Sorry, did you just say, cheaper?

The migration was completed in a year, with the switch over achieving the Azured target of 72 hours downtime over one weekend, with critical systems such as mail and messaging only being off-line for a few hours overnight.

The identities for all Hyve’s people and its devices are in the new identity management system giving them uninterrupted access to all the applications they need. While holding all identity information in the new system Azured was also able, during the transition, to make accessible legacy applications whose server identities still reside in the old system. Azured were able to demonstrate that it was more cost effective to leave some of the legacy applications in the old world – having remediated it, than to migrate them to the new environment, saving Hyve significant sums of money.

The success of the project can be in part attributed to the technical solution, but also to the management of the project team and the relationship between Azured and the Group IT Director at Hyve. Hyve kept Azured operating at arm’s length, allowing the team to analyse, test, simulate and craft the solution to the IT brief, free from outside influence.

The net result for Hyve is not only a more easily managed identity system within a cloud-based IT architecture, but greater flexibility, more security, and ease of use to enable its people to collaborate more effectively between teams and across borders. The control the organisation now has over access and permissions is far greater, giving them a stronger sense of security and reduced risk.

Microsoft’s security evolution?

Microsoft traditionally had left security to its partners and as someone who has been involved in the Microsoft stack for almost 20 years, I’ve been in an interesting position, watching their approach transform and change in line with business conditions.

But this isn’t the first time Microsoft has evolved their position…

When Hyper-V, Microsoft’s “free” enterprise grade hypervisor, was initially released, the product was only used by the most die hard of Microsoft organisations (read: bundled within their Enterprise Agreement) and cost-conscious of small businesses. It seemed to be years behind the clear market leader at the time, VMware.

At the time I knew of only a handful of big customers that had taken the plunge into Hyper-V (with its management friend, VMM) and I would only hear of problems emanating from their support teams, citing; a lack of functionality, “undocumented features” and an absence of those quality-of-life features we had taken for granted from VMWare. Simply stated, the early days of Hyper-V were troubled.

Yet, Hyper-V persevered, with Microsoft’s development team putting in the work over the years to overcome the seemingly insurmountable challenge that lay in front of them. Work that would later form the foundation for Azure’s hypervisor layer and a staple for businesses running on-premises virtualised workloads.

With an aggressive pricing strategy (free) and a slow but steady iterative cycle, the immature product eventually narrowed the gap between its market leading bigger brother. Today the differences between the big players have narrowed with Hyper-V providing the majority of what an average customer needs, minus the premium price of the market leader; a tough proposition to resist. 

“First they ignore you, then they laugh at you, then they fight you, then you win” – Nicholas Klein

Why do I tell this story? Because I see an all too familiar parallel with Microsoft’s security story. The quiet development of services (with a focus on identity and reporting), building upon Microsoft’s existing capability within Mobile Device Management (MDM) and recognising their position in most organisations as the binding glue between services (Azure AD and ADDS). A quiet development that would see Microsoft’s outward view of security evolve as it moved from security being an optional bolt-on (EM+S) to an intrinsic part of their service (Microsoft 365).


Coupled with the billions of investment they put into their ongoing security efforts, it became relatively easy to see why Microsoft had become an “overnight success” within the field and has the established security providers more than a little bit uncomfortable.

But here is why I think Microsoft’s security story is going to be successful for the average punter: Microsoft’s journey will mirror your own.

Microsoft has targeted the average organisation, not just the fortune 500 or the big 4 banks. It’s developed its offering for everyone, no matter how small, with a service that grows with you, allowing you to chose what works, discard what doesn’t and all the while providing bigger businesses with what they need. They did this by solving the problems you’re going to face, and doing it at a price that will get your attention. 
That’s why Microsoft’s Security offering not only will work, but why it IS working.

This article was written by Anthony Koochew, Founder & CEO of Azured in Australia. Anthony is an Architect with over 10 years of experience helping clients realise the most value from Microsoft Azure, Office 365 and EMS. View Anthony’s full profile. You can read the original post, and more from Anthony and the team over in Australia, here.

From traditional network security to SASE, and beyond…?

by Anthony Koochew, Founder & CEO, Azured Australia

In my early days in the industry, the only way I could access work resources was to be sitting at my desk, on my work supplied desktop using my internally delivered corporate services. When I left my desk I wasn’t notified on my phone of an incoming email or Teams meeting- I had to walk back to my machine to get access to such things.

The world was simpler then. Work resources were at work, often delivered from within that same office and accessed within that very same location. So wrap a firewall around it all, lock down the desktop (some people took that to hilarious degrees!) and ensure good hygiene with Anti-virus (AV) and systems updates.

Edge protected, job well done.

Cool.

Contrast that to today. The expectation that has been set by consumer-level services (like Facebook, Gmail etc) is that it doesn’t matter where I am, I will have the same level of experience. Ultimately, it was the consumerisation of IT that drove people to ask why they could access Dropbox from home (or on their iPad) but were restricted to a server fileshare only accessible by VPN or at best, on their work supplied laptop.

Enter cloud, exit on-premises apps. Enter BYOD, exit corporate supplied and managed devices.

The concept of a perimeter network made no sense when there no longer is a perimeter. With data increasingly residing outside of the traditional confines of your offices the “edge” has become increasingly porous and largely irrelevant.

So, how do I deliver a consistent level of protection (and experience) to everyone, everywhere? AND not throw the baby out with the bath water – we had, after all, developed some really powerful security technologies during the intervening years…

Cue SASE or Secure Access Service Edge. SASE is really just a collection of security technologies and ideas (both old and new) built upon a central assumption – users will be disparate, services will be cloud delivered and identity is king.

Furthermore, SASE pushes you to answer additional questions such as:

SASE is ultimately the recognition that the times have changed, that attackers and attack vectors have become more sophisticated, driven by an insatiable appetite for cloud services, and our approach to security needs to recognise that.

Anthony is an Architect with over 10 years of experience helping clients realise the most value from Microsoft Azure, Office 365 and EMS. View Anthony’s full profile. You can read the original post, and more from Anthony and the team over in Australia, here.