One of the major times a managed service really goes into action is when an incident occurs. All the planning, preparation and processes that were put in place come into play, so it’s a matter of how quickly can you get yourself back up and running
That’s only possible if a managed service is treated as a partnership rather than a company that comes in every so often.
As Dr Vivienne Mee of VM Group said, that lack of contact can make things difficult, regardless of what service they’re providing.
“When you do go in, you’re trying to get a feel for the organisation,” she said. “What technologies are in place, what is there, what is the impact, and you’re trying to do it in a quite high-pressure environment because . . . you’re trying to [strengthen them], get the company back up and running as well as securing them again.
“It takes a lot of the pressure out of an instant where all those plans have been placed in advance and there’s been preparation work done.”
One major security challenge businesses face is the cloud. While there’s no shortage of services which include cloud technology, what businesses realise is that in the cloud can be quite different.
There are obvious ones like Office 365 or Dropbox, but more innocuous apps and services could have cloud integration that companies may not have considered.
Dr Mee has come across many scenarios where businesses didn’t realise certain services were considered part of the cloud.
“You’d be surprised where the cloud would be introduced to an organisation. From some clients, I would have gone in to do a security review and I’d ask them have you used anything in a cloud environment whether it’s public or private. They’d say we definitely don’t put anything up in the public cloud, we have our own private cloud.
“If that’s the case, that makes life a bit easier, but as they went through the audit, how would you manage that, even simple things like a timesheet where they say ‘we use this great app, it’s online, and everyone can get it on mobile and get it on their desktop’. Categorically at the beginning, they say they don’t have any, but the next minute they’re realising they could have something there on the cloud that they don’t realise.”
Dr Mee does say the cloud has brought with it a number of benefits to organisations, and if these tools are used correctly, they can make them more efficient and flexible. Yet the same concept of knowing where your data is and how it’s being used is crucial.
It’s too easy to spin up a new Office 365 account to avail of extra storage and, similarly, it’s easy to forget about it until something happens.
“They need to realise they need to know where their data is and make sure they’re using the cloud environment,” said Dr Mee. “By all means, I’m not saying don’t use it, I’d say do, as it’ll introduce efficiencies, but make sure the security and privacy impact statements are all signed off, and they realise where all the data is and where it’s going.”
It’s looking at your operations through the lens of security and privacy that is going to take companies forward.
A partner like VM Group, which rebranded two years ago to better reflect the range of services it offers, can help highlight those gaps in your knowledge and help fill them.
There’s no shortage of security breaches and vulnerabilities popping up, so having a partner in that field can keep you up to date and prepared for any eventuality. Especially, as mentioned earlier, innocuous or common apps can end up creating vulnerabilities that people might not have realised.
“Take, for example, the [recent] warnings going out about WhatsApp,” said Dr Mee. “Lots of organisations use WhatsApp - that is an app that’s on the cloud - and most organisations would have them installed on their mobile devices, therefore that introduced a vulnerability to the organisation.
“Now what organisation would have that written in a policy that WhatsApp is used in a cloud environment?
Probably very, very few as they might say ‘that’s just a messaging facility’.
“The messaging facilities that it brings introduce a massive vulnerability to the organisation so with the simple apps, they’re still cloud environments, they should still be on a register somewhere.
More organisations are relying on mobile management solutions to help out their employees by downloading specific apps onto their phone, but there are many who don’t do that, said Dr Mee.
This leaves the door open for more vulnerabilities to be exploited and companies putting themselves under risk.
“That introduces even more vulnerabilities and I think it’s going to get more prevalent,” she said.
“WhatsApp one is the first example, there are probably other ones out there already, but they probably didn’t get as much attention because WhatsApp is so popular.”