UNIFY Solutions has always been an Identity and Access management specialist, enabling customers to achieve greater security and stability. As we have built solutions to cover all areas of operations, we have also continuously improved our internal security policies and practices.
In recent years as we have moved to cloud-first, we have brought greater structure, formality and automation to our security, building out governance, risk and compliance and utilising powerful solutions from our key partner, Microsoft. UNIFY mirrors all organisations for whom the threat landscape continues to evolve as threats get smarter and more efficient. We also must keep track of what’s happening and how we can best mitigate threats, empower our teams and maintain robust defence systems.
As CISO, I am primarily responsible for establishing and maintaining UNIFY’s enterprise security vision, strategy, architecture and roadmaps to ensure the company’s information assets are adequately protected. In the last couple of years UNIFY has continued to tighten internal security through security risk and privacy assessments, including building different frameworks to formalise operations, measuring what’s working and what isn’t, and ensuring that everything is performing proactively. For instance, we have applied frameworks such as ISO 27001, the information security management policy for governance, risk and compliance (GRC), which we also leverage in other areas such as business continuity.
Shining a light on the Microsoft suite
I cannot understate the extent to which the tools we have access to today allow us to create value for our customers. As a systems integrator, our role has always been to ‘glue’ systems together. This hasn’t changed, but the intelligent toolsets provided by Microsoft continue to evolve, allowing us to focus on solving actual business problems, for our customers and for ourselves, as opposed to just ‘keeping the lights on’ with technology and hosting solutions.
You only need to look at Gartner’s Magic Quadrant over time to see the leading role Microsoft occupies in the security space as well as across the technology landscape more broadly. Not only do we implement Microsoft security solutions for our customers, but also for ourselves.
What I admire most about Microsoft’s security solutions is that they’re loosely coupled but highly integrated, so by ‘lighting up’ each new service we can feed additional information into other products and get more value out of the platform.
One good example of the integration capabilities of the Microsoft suite is Azure Sentinel. As a cloud native security information and event management (SIEM) tool, where it really shines is with its out of the box connectors to the other Microsoft components. Utilising these connectors, UNIFY integrated half a dozen other products or services with a relative ease – a benefit not available with many other SIEM tools.
AI and the automated alert monitoring features included in the platform, as well as the benefits of the Office 365 signals and the Intelligent Security Graph, which utilises machine learning to look at different datasets and pulls out alerts and anomalies, bring enormous benefits in our drive for proactivity. Other tools help identify what devices we have and what their threat levels are. For example, patch management is a difficult problem when you don’t have tools in place, but Microsoft Defender detects what software is installed on each device, ensures that operating systems are up to date, and protects against software threats.
Essentially, all these tools work very well together and are highly integrated, enabling us to secure our threat landscape. Using the Microsoft platform to automate manual or recurring requirements allows us to focus on non-technology security and privacy opportunities such as self-awareness and training programs, which are crucial for securing organisations.
Taking note from Microsoft’s Zero Trust principle
Microsoft’s Zero Trust principle states ‘never trust, always verify’. It essentially assumes breach and focuses on not trusting endpoints in order to ensure tools and resources remain secure.
Businesses are increasingly going cloud-first or cloud-native. They are likely to be implementing BYOD systems, contending with people working from home and downloading their own external tools, and realising that the concept of network boundaries is archaic.
For Microsoft customers, Mobile Device Management, Microsoft Intune and Azure Active Directory become extremely important. Microsoft Security receives silent signals from different endpoints, assessing all the websites that are visited on endpoints, and other risk profile indicators. These build into the Intelligent Security Graph, which highlights relevant data points. By lighting up different services, we get more visibility of the threat landscape which helps us make more informed decisions.
Bringing in education and awareness alongside technology to build a stronger security culture
In addition to technology, education and awareness are critical for organisational security. Being a Security organisation, UNIFY Executives understand the necessity and importance of investing in security, and the need to have training programs in place, starting with an induction awareness course.
At UNIFY we have a spam training and awareness program, and as the CISO, I devote time driving awareness campaigns with our colleagues about various topics such as phishing exercises, alignment to our GRC framework and policies and the importance of having a stronger security culture within our organisation. The team here is eager to learn, but for any organisation, including ours, it is vital for managers to take ownership of the security performance of their teams. Having policies in place such as our ISO 27001 certainly helps in driving this initiative.
Now’s the time to invest in your security
In today’s world, with the evolving threat landscape in the cloud, organisations realise that Security is more important than ever and is no longer an afterthought. Preparedness for risks associated with cyber breaches is essential to combat vulnerability and its impact on the organisation. At UNIFY, we have implemented many powerful tools that we use every day and have built frameworks that can be used in different areas of the business – for our customers and for ourselves.
It’s exciting to be working with leading organisations across Australia, New Zealand and beyond to leverage the leading Microsoft technology offerings and adopt and embed world class security practices and solutions to address risks to our digital estate.
To find out more about any of our Security offers, services or approach, fill out the form below.