Technological enablement of business processes, products and services is unavoidable. The alternative is watching customers and competitors evolve in ways that leave your organization behind.
Not surprisingly, this technological enablement brings risks, as well as, opportunities. Chief among those risks is security. As more aspects of business activities are digitally transformed, there are more potential vulnerabilities.
It’s not enough to build and maintain a firewall, because a company’s data is literally everywhere, not just inside a moat. That is why, security must be embedded in every aspect of a company’s Digital Transformation.
NIST Cybersecurity Framework (CSF)
The U.S. National Institute of Standards and Testing’s NIST Cybersecurity Framework (CSF) has come to be recognized as the most mature and accepted standard for cybersecurity management. Some of the key ideas in the CSF form a cyclical process of analysis and action that must be an ongoing aspect of any organization’s Digital Transformation:
- Identify the potential threats, vulnerabilities, and what’s most likely to occur. Also, identify what you have that’s worth stealing.
- Protect what you’ve identified as vulnerable and important. Prioritize your approach.
- Detect suspect activity. Know when something bad is happening. Use as many automated techniques as possible.
- Respond to malicious activity in ways that eliminate the problem. Build technologies in each functional area to enable effective response.
- Recover by getting systems back to normal and improving processes and protections going forward.
NIST Cybersecurity Framework (CSF) Map to Microsoft Technologies
To help organizations make quick and effective progress on applying the CSF to each security layer, Concurrency has created a map that unites the CSF with Microsoft technology.
This map is a practical guide to applying CSF concepts across many areas of Microsoft enterprise solutions, including:
- Service Management Platform
- Operations Management Suite & System Center
- Visual Studio Team Services & Deployment Practices
- Predictive Analytics
- Enterprise Mobility + Security Suite & System Center
- Office 365 & Dynamics 365
- Azure Platform & Best Practices
The Defense Against Modern Threats Starts Now
To effectively address security threats requires both the right mindset and an appropriate plan:
- The first step is admitting you can do better.
- The second step is to know that you can always do better. Security is not something you do and is then done! Security is about continual engagement.
- Then, plan for addressing the security threats that are most relevant based on risk and financial impact.
Making a plan brings security needs out into the open—and that enables all parts of the organization to participate in the solution. A plan must systematically address security vulnerabilities, assign ownership for them, and establish priorities. Without a systematic approach, an organization cannot claim to be addressing security threats.
For these reasons, our work with clients often begins with plan and design. We also assist with execution, in which we help clients apply specific technologies to meet the demands of modern security. And because security is an ongoing process, we also support clients through continuous improvement projects as they continue to advance in both their Digital Transformation and their success in protecting that transformation from modern security threats.
Security Program Accelerator: A consultative engagement with experts from Concurrency. We will help you improve the security posture of your organization as technology needs become more integral with your operations and the risk of security threats become more intense. The project will provide an understanding of the current security position, prepare an actionable plan to address the needs, and prioritize the activities within a scalable program using the NIST Cybersecurity Framework and an agile backlog.