The news continues to be filled with cases of ransomware and data breaches. C-level executives ask regularly about their organizations’ security, as well as their compliance posture.
The advent of cloud technology has brought certain capabilities to the industry, such as improving the cost structure of information technology, reducing time-to-market for new business initiatives, and enabling rapid implementation of new business tools. But it also has brought challenges as well, chief among them concerns about the security and privacy of systems and data within the cloud. I would argue that the capabilities far outweigh the challenges because the challenges can be greatly minimized if proper steps are taken when implementing the given solution. Educating ourselves and understanding what we get out of the box and what needs to be implemented once it comes out of the box is the key.
Take, for instance, the growing popular use of software-as-a-service. A popular offering is Microsoft Office 365. When we hear about this offering it brings to mind a number of advantages; no on premise equipment, someone else manages that environment, pay per user, the integrated office productivity suite such as email, Excel and Word, and automatic upgrades. All of these things are true, but there is so much more the service is capable of, and therein lies the trap that lessens the organization’s ability to properly and securely implement this solution.
The good news is that Office 365 is a wonderful product, very rich in functionality and it provides plenty of components that allow you to truly realize productivity, security and compliance, even if you are part of a regulated industry. But…and there is a but. You need to understand that the capabilities often need additional modules (such as mobility, end point protection, etc.) to be implemented and configured while taking in consideration your operations, business, and regulatory needs, and they must be monitored, managed and reported on an ongoing basis. It’s a process, it’s not magic and it just does not happen by itself.
The fear we often face is to think that per user cost will become more expensive. More expensive is the on premise solution, with the licensing that is needed to provide all the components that would be part of the given solution to properly have a functional, secure and compliant offering. Things such as data loss prevention, encryption, two factor authentication, malware and antivirus. And let’s not forget the items that we normally don’t consider in a software-as-a-service cost (on premise infrastructure, system administration, upgrade cost). The case if very strong for the offering of the solution-as-a-service, however it needs to be properly thought through, implemented and overseen, particularly if you are in regulated industries such as healthcare or financial services, or governed by PCI standards.
Lumen21 offers an approach that enables you to address this implementation issue so that you can, in fact, realize the benefits of Office 365 with a higher level of comfort for your security and compliance needs. Office 365 Enterprise Compliance Support leverages Office 365 Enterprise, Enterprise Mobility, Device Management and Azure Storage. It is a proven offering with the necessary controls configured and monitored to enhance your security and compliance needs. This includes validation utilizing industry specific compliance templates for Healthcare, PCI and FFIEC as well as on going monitoring of your organization’s activities against your regulatory requirements and your own organization’s policies and procedures. To learn more contact us at mailto:firstname.lastname@example.org or visit us at www.Lumen21.com