Why MFA Is the Cornerstone of Your Ransomware Prevention Strategy

As society and businesses are moving gradually beyond the tectonic shifts created by the pandemic, several digital innovations define the new norm — hybrid secure work environments, digital engagement, and customer service. At the same time, the hyperconnected world will continue to face expanding cyber risks on multiple fronts. Cybercriminals are using increasingly sophisticated tactics, tools, and technologies, making the efforts of securing and building cyber defences even more challenging for organisations.

Ransomware attacks are increasing in numbers and severity

The explosive pace of digital transformation among both public organisations and private enterprises has provided criminals with a window of opportunity. As a result, there have been an increasing number of cyber-attacks in recent months, particularly ransomware. According to the Verizon 2022 Data Breach Investigations Report (DBIR), there has been a 13% increase in ransomware breaches – more than in the last five years combined.

The effectiveness of criminal gangs also reflects the growing success of the Ransomware-as-a-Service (RaaS) model. A joint advisory on ransomware issued by the FBI, CISA, NSA, UK’s NCSC and Australia’s ACSC highlight that RaaS has become increasingly ‘professional’, with well-established business models and processes. The business model complicates attribution because there are complex networks of developers, affiliates, and freelancers.

One of the most important “service providers” that RaaS criminal organisations rely upon is Access-as-a-Service, known as Initial Access Brokers (IAB). These criminals provide ransomware attackers with an easy way into corporate networks, paving the way for the actual damaging attacks.

In Australia, 55% of security incidents are attributed to compromised credentials – either because of a social engineering campaign or a credential stuffing attack. Ransomware attacks accounted for 23% of all cybersecurity incidents, however, compromised credentials can be further used to launch other attacks, including ransomware.

MFA blocks unauthorised access to networks

Digital businesses are boundaryless organisations and the new frontier to defend is the digital identity of people, apps, services, and machines. As a result, access management models are now being re-conceptualised to offer the right level of business resilience, as well as deliver critical authentication features suitable for multi-cloud computing environments.

A significant element of a robust access strategy is the deployment of multi-factor authentication. “When implemented correctly, multi-factor authentication can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network,” highlights the Australian Cyber Security Centre (ACSC).

Multi-factor authentication is a great preventive security control since it makes the lives of criminals much harder. Criminals are always looking for the easiest way into corporate networks. Compromised credentials offered for sale on the Dark Web promise a great return on investment for every attacker. Considering the proliferation of compromised credentials on the Dark Web and the effectiveness of phishing campaigns, we can say that criminals do not break into systems and networks, they log in.

MFA mechanisms mitigate cyber-attacks when an account is compromised and reduces unauthorised access since the attacker needs to pass the required combination of factors during authentication. Setting up and enforcing MFA across an enterprise places obstacles in the attackers’ pathway, preventing the breach of data stored in multiple locations, both on-premises and in the cloud.

Laws and regulations in the United States and European Union are now mandating the deployment of MFA. Standards like the recently updated PCI DSS 4.0 require MFA to secure accounts in business environments. MFA is also a prerequisite for getting cyber insurance coverage. The discussion therefore is not whether to deploy MFA, but rather what type of MFA to deploy. To reduce the possibility of sophisticated criminals bypassing MFA, security researchers and regulators suggest implementing phishing resistant multi-factor authentication, such as FIDO2 security keys.

MFA is an important element of your access policy

Ultimately, a robust MFA deployment will become the cornerstone not only of preventing ransomware attacks but also to implement a modern access security policy. Your access policy should be risk-based, contextual and scalable to be able to cater to diverse business requirements. Your employees are accessing data and resources using a variety of devices and networks; therefore, your access policy should be flexible and scalable enough to balance security with experience.

A modern access security policy will enable your organisation to:

  • Evaluate whether a user is properly authenticated
  • Isolate the resource the user is attempting to access
  • Determine if the request is from a trusted, stolen, or third-party device
  • Confidently decide whether access should or should not be granted

Align prevention with business continuity

Access control with MFA at its core is only one part of your ransomware defence strategy. You should align your preventive security with your business continuity and recovery plans and operational goals to ensure that your data is protected through multi-layered defence controls.

Somerville offers a robust portfolio of services and solutions to help you protect your data in the cloud. Download our whitepaper to discover how to achieve cyber resilience in face of the evolving threat landscape.

A Cloud-First Strategy Demands Security Stability

Businesses across the globe are accelerating their shift to the cloud. Infrastructure is more agile and distributed in the cloud, enabling customers and hybrid workforces to access data from anywhere. A “cloud-first” strategy is driving dramatic increases in multi-cloud adoptions. Alongside the benefits of using multiple cloud platforms, security challenges have increased for business executives and security professionals alike.

Regulations and Laws Drive Cloud Security

An important driver for protecting data and services in the cloud is regulatory compliance. Australia’s Privacy Act 1988 includes provisions to promote and safeguard the privacy rights of Australian citizens. The Privacy Act outlines 13 Privacy Principles that regulate how Australian government agencies and businesses handle personal information. As the Act evolves, the latest draft calls for:

“the maximum penalty of AU$2.1 million for serious or repeated breaches of privacy will increase to not more than the greater of AU$10 million, or three times the value of any benefit obtained through the misuse of information, or 10 per cent of the entity’s annual Australian turnover.”

Compliance with these security and privacy requirements is the sole responsibility of the business, no matter if the data is stored on-premises or in the cloud. While the responsibility for protecting data stored on premises is easily understood, many companies lack the understanding of the shared responsibility concept of cloud security.

According to this concept, cloud service providers (CSP) are responsible for managing the security and availability of the cloud infrastructure, while businesses are responsible for the security and protection of their own data, services, and applications in the cloud. Unwitting disregard of this principle will leave all these resources open to a growing number of vulnerabilities and threats.

Preventive Security is the Best Security to Harden Your Cloud Presence

To harden the protection of data in the cloud and to safeguard cloud-first initiatives, organisations are investing resources into building preventive security. The 2022 Thales Cloud Security Study indicates that cloud-first organisations prioritise the deployment of the following as the most effective ways to reduce cloud risks:

  • Data at rest encryption.
  • Cryptographic key management.
  • Remote access management, including multi-factor authentication (MFA).
  • Zero Trust architecture.

However, the same survey indicates that the large number of organisations directing money towards a great variety of tools speaks to the complexity of addressing the diverse set of risks in the cloud.

Cloud Complexity and Skills Shortage Increases the Chances of a Data Breach

Complexity is a key challenge when securing workloads in the cloud. The Cloud Security Study highlights that 51% of the organisations agree that it is more difficult to manage privacy and data protection in a multi-cloud environment than on-premises.

Complexity is exaggerated by the skills shortage problem. According to the (ISC)2 2022 Cloud Security Report:

  • 93% of organisations are moderately to extremely concerned about the shortage of qualified professionals.
  • Having the right skills to deploy and manage a security solution across all cloud environments is the biggest challenge for 61% of the organisations.
  • The lack of qualified staff is the biggest operational headache when trying to protect cloud workloads.

As a result of these challenges, cloud data breaches have become a commodity. The findings of the Thales Cloud Security Study are compelling:

  • 45% of respondents said they have experienced a data breach in the cloud, up from 40% in 2021.
  • 32% of respondents had to issue a breach notification to a government agency or body, customers, partners, or employees.

Focusing on the tactics that criminals leverage to breach data, ransomware is the number one threat. Verizon’s 2022 Data Breach Investigations Report (DBIR) indicates that ransomware attacks increased by 13% within 2021, an increase as big as the last five years combined. To break into organisations, attackers follow three main paths – compromised credentials, phishing campaigns, and exploiting vulnerabilities. However, while ransomware tends to hold headline attention, cloud storage misconfigurations are responsible for 13% of all breaches, and human error is involved in 82% of security incidents.

Businesses Need to Invest in Continuity and Recovery

It seems clear that relying on prevention controls alone is not enough for cloud-first businesses. There is no bulletproof solution, and the wisdom of a layered security practice, with resilient response methods is sound advice.

When data breaches do happen, the time to detect and recover from the incident is essential. The Verizon DBIR 2022 indicates that almost 70% of the breached organisations detected the attackers within days or less. This is extremely encouraging, as just a few years ago, the dwell time of malicious actors within a network was more than 9 months. However, while that percentage looks promising, it must be tempered by the awareness that there remains another 25% that still required months or more to detect a problem.

Ignorance and late response times are the biggest enemies to business continuity. Hence, businesses need to have in place robust and tested recovery solutions to minimise impact and protect the organisation’s data and systems if an attack happens.  Prevention security cannot block all attacks. It can prevent most breaches, but certainly not all of them. While you cannot stop all cyberattacks, you can minimise the impact of a successful cyber incident.

Preventive controls must be accompanied with incident response and business continuity plans. Recovery solutions, such as immutable backups allow organisations to effectively protect the integrity and availability of their data and systems in the event of a successful breach. Besides remediating various attacks, backup and disaster recovery solutions help prevent costly downtime even if a natural disaster, hardware issue, or other failure event impacts your business.

“To avoid the worst-case scenario, having a plan in place that includes verified, tested, and secure backups that can be restored quickly is key to dealing with ransomware attacks. Your backup infrastructure is part of your overall cyber resilience and can be the final option for getting back to, or staying in, business,” stresses Edwin Weijdema, Global Technologist at Veeam.

The transition to the cloud is deceptively attractive to many organisations. Scalability, flexibility, and the promise of infinite uptime make the cloud hard to resist. However, it is wise to enter this realm with clear goals and understanding about the security responsibilities for each participant.

Are You Looking for a Trusted Partner?

Somerville offers a robust portfolio of services and solutions to help you protect your data in the cloud. Download our whitepaper to discover how to achieve cyber resilience in the face of the evolving threat landscape.

How to Put Together a Business Continuity Plan to Address the Expanding Threat Landscape

A business continuity and recovery plan was traditionally in place to get businesses and their systems up and running following natural disasters like a flood, fire, or an earthquake. Business continuity is about sustaining critical business functions, not only during a disaster or crisis but in the aftermath of the event as well. The way most organisations responded to the pandemic demonstrated in the most profound way the necessity of business continuity plans.

In an evolving threat landscape, business continuity planning needs to adapt quickly

Digital transformation trends and the increased dependence on highly interconnected technology for improving productivity, reducing operational costs, and supporting a hybrid workforce have created new risks and expanded the threat landscape of organisations. Criminals are capitalising on all opportunities. Software and hardware vulnerabilities and security oversights have become the most likely threat to business continuity, and adversaries are exploiting these vulnerabilities to launch disruptive cyber-attacks.

The hard truth is that ultimately security controls will fail. As adversaries are advancing their tactics and techniques, the potential threat and impact is increasing. For example, the Verizon 2022 Data Breach Investigations Report highlights that during 2021 ransomware attacks increased by 13%, which was as big as the last five years combined. The same report indicates that the four paths criminals use to seize our kingdom are compromised credentials, phishing attacks, exploiting vulnerabilities and malicious botnets. Last, but certainly not least, the human element is the key driver of data breaches. Verizon says that 82% of breaches involved the human element, although some security professionals argue that everything about cybersecurity relates to humans.

When security controls fail, the consequences are devastating. The IBM 2021 Cost of Data Breach report provides some key insights that demonstrate the impact of a data breach.

  • Data breach costs in 2021 rose to $4.24 million, compared to $3.86 million in 2020, marking a 10% increase
  • Data breaches that took longer than 200 days to identify and contain cost on average $4.87 million, compared to $3.61 million for breaches that took less than 200 days
  • Ransomware attacks cost an average of $4.62 million, more expensive than the average data breach
  • Lost business represented 38% of the overall average cost, including increased customer turnover, lost revenue due to system downtime and the increasing cost of acquiring new business due to diminished reputation

Business continuity and business security used to be two distinct and siloed processes. However, the evolving threat landscape is a sign that organisations must change their mindset and follow a holistic approach by merging cybersecurity with business continuity and recovery plans. As cyber-attacks continue to increase in number and sophistication, causing significant disruptions to business operations and damages to the corporate infrastructure, organisations must ensure that efforts to secure business are aligned with procedures to sustain and recover these operations in the event of a cyber-attack.

What is business continuity?

Business continuity planning is essentially a form of insurance. It gives organisations the comfort of knowing that, even if disaster strikes, the damage will not be overwhelming.

Traditionally, business continuity has focused on the idea that a few things might fail. However, the importance of business continuity became apparent during the pandemic, when business leaders realised how greatly they could be affected by unexpected disruptive incidents. And if remote working was an issue of adapting procedures and adopting technologies, organisations had also to combat an increasing number of cyber-attacks. Hundreds of businesses across the globe have suffered by ransomware attacks. Even if preventive measures, like multi-factor authentication and data encryption, can make the attackers’ life harder, the question is not “if” you will get breached, but “when.”

When everything else falls, it is business continuity and recovery planning that will save the day. Effective business continuity management enables organisations to update, control and deploy effective plans and tools while considering organisational contingencies and capabilities, as well as business needs. Ultimately, the objective of a business continuity and recovery plan is to restore data as fast as possible, minimising thus operations downtime and revenue loss.

Putting a business continuity plan together

Despite the importance of having a tested business continuity plan, “only 38 percent of business operation functions are covered by current disaster recovery plans,” admits Phil Goodwin, an enterprise infrastructure analyst at IDC.

Putting a business continuity plan together is about having a clear visibility into the criticality of your systems, services, functions, and data. Once you have prioritised your business processes, then you need to define acceptable Recovery Time Objective (RTO) and Recovery Point Objective (RPO) goals. According to Veeam, your plan should consider the following four tiers of criticality:

  1. Critical IT infrastructure, like servers, network or Active Directory, where your RPO is zero minutes. This infrastructure needs to be up and running before restoring mission critical functions.
  2. Mission critical functions, like client-facing services and revenue production apps, that are absolutely critical for the business to operate.
  3. Business critical functions, which although critical for the business, they can be unavailable for up to 24 hours without significant impact.
  4. Important apps, like admin functions and marketing sites. If they remain unavailable for a few days, the impact can be mitigated with alternate manual processes.
  5. The rest of the systems, like onsite training, which could afford a downtime of a week or more.

Once the plan is developed, then you should work your way through to maturing the business continuity. Hewlett Packard Enterprise has defined nine steps to maturity – observe, triage, align, adjust, design, stabilise, transform, and optimise. “In the end, the idea is to go from a point where companies are simply observing various problems and reacting to one where technology, people processes, operations, and corporate culture are all aligned and enhanced to quickly adjust to any emerging crisis,” notes Yogesh Hindjua, Chief technologist and practice lead HPE Pointnext Services.

Somerville offers a wide range of business continuity and recovery solutions that can help you become better equipped and prepared in the unfortunate event of a cyber incident. Download our whitepaper to learn how you can achieve business continuity and resilience in face of increasing threats.

 

Q&A with Vincent Avoseh

It’s time for a sit-down with another of our Somerville stars. This time we chat with Vincent Avoseh, Lead Engineer, Network Infrastructure, in our Connect pillar. He has been with us for over three years now, and was recently involved in our major Network Upgrade. Let’s find out a little more…

 

Q: Give us a high-level summary of the new Somerville National Network, and your role in the project: 

The new Somerville National Network is designed to increase the service offerings to customers across all sectors. It is implemented to deliver unique network experiences using the industry’s cutting-edge technologies. I was part of the design team and also lead the implementation.

Q: What was the biggest challenge you overcame working on the network upgrade?

Translating the conceived design into a robust and agile national network that threads the delicate line between complexity of requirements and simplicity of operation.

Q: What’s your favourite thing about working at Somerville?

The Somerville culture—you have to be at Somerville to get the hang of it.

Q: What’s your secret skill?

I believe patience is a virtue. Patience helps you see what you ordinarily wouldn’t.

Q: What’s the first job you ever had?

I started out working as a computer hardware technician pulling computers apart to fix hard-disk, memory, CPU, motherboard or power-supply issues.

Q: What was your most beloved band from your adolescence? 

My beloved band as an adolescent was the Hillsong choir.

Q: What are some of the things you are most proud of in your life?

My family has always been a source of pride for me.

Q: What was your favourite food as a kid? How about now?  

I would have any meal of rice any day.

Q: What’s something on your bucket list that you can’t wait to do?

I would love to travel around Europe and America.

Q: What’s the next country you’d like to visit and why?

Croatia, because it has some of the most beautiful beaches in Europe.

Q: What’s one of your favourite hobbies?

Learning through documentaries.

Q: What’s something about you that surprises people when they find out?

The fact I grew up thinking of becoming a professional soccer player.

Q&A with James Kim

James Kim may be a new face at Somerville, but he’s already making great strides as a Cloud Solution Architect in our Sydney office. Want to get to know him a little better? Read on to find out more…and if you’re lucky, he might give you a chicken wing recipe!

 

Q: What’s the first job you ever had? And what was the biggest thing you took from that? 

The first proper full time job was to support airline systems at the Sydney International Airport where all the check-in counters, boarding pass/bag tag printers are connected to.  I could go anywhere in the airport without restrictions and that was fascinating at young age.

The biggest thing I took from this job was dealing with mission critical systems whereby the system availability is absolutely critical.  Every minute of delay would cost the airline thousands of dollars and the system architecture with redundancy was crucial to the business.

Q: What’s one of your secret skills?

I am not too sure if I would call it a skill but I do have many hobbies which I have taken to the next level. Photography, Golfing, guitar, piano tuning, composing music, high-end speaker building and design etc. These are not only helping me what to do in my spare time but brings many different topics to have a conversation with people ie: customers and people around me, making them comfortable and interesting. 

Q: Do you follow any sports? 

I used to play golf to becoming a professional at young age until I had a tragic motor bike accident.
After 6 major surgeries I was able to walk and play again but as a hobby and teaching. One of my achievements in teaching golf was to produce a young female golfer called Grace Kim who just turned LPGA professional golfer few months ago. She won the Geoff Ogilvy invitational in Dec 2021 and came second place at the Australian PGA Championship last month.  She has been the ranking no. 1 for three consecutive years among female Australian Amateur golfers + Olympic gold medallist 2-3 years ago in Youth Olympics.

Q: What was your most beloved song or band from your teen years? 

Scorpions / ThinLizzy / Cold Chisel

Q: What are some of the things you are most proud of in your life? 

I think I am proud to be where I am and my family. I came from a non English-speaking country (Korea) and entered into UNSW Computer Science with less than 2 years of study without speaking any English at the start. Now my eldest daughter has entered the same university studying Architecture; she is a lot better than her father (HDs on all her subjects last year).  

Q: What would be your ideal dream meal?  

15 course meal in Tokyo Japan—I had it in 2018.

Q: What’s so cool about hybrid cloud?

You can get the best out of both premises.

Q: What’s something on your bucket list that you can’t wait to do?

Traveling Europe with my wife and my daughters. We all are looking forward to do it.

Q: What was the last gripping movie you watched? 

A Korean movie called “Old Boy”

Q: If you won $10million on the lottery, what would you do/how would you spend it? 

Pay off the mortgage, buy new houses for my parents and parents in-law. Then make donations to our church and friends.

Q: What’s the next country you’d like to visit and why?

Korea and Japan again because there is so much to do there!

Q: What’s something about you that surprises people when they find out? 

My list of hobbies! 

Q: Favorite video game of your youth?

StarCraft

Q: What’s your go-to recipe for cooking to impress? 

James-style Chicken Wings

5 Things I wish I’d known about security before migrating to cloud

Migration to the cloud is a very large concept and represents a significant undertaking for any organisation. The fact that, as a technology, it has been discussed at length for a few years doesn’t mean it’s a given that everyone must do it or that there is only one way to do it. Here are some of the most vital tips that we have learned from our industry partners over the years.

Do the research

Organisations do not need to migrate to the cloud just because everyone else seems to be doing so. Everyone should have clearly defined reasons backed up by strong research and a SWOT analysis. This research should allow everyone involved to clearly understand and communicate the benefits of such a move. These benefits might include agility, scalability, cost savings and innovation.

Anticipate (and seek) the cloud’s added benefits

Most people undervalue – or remain unaware of how public cloud fosters innovation. It’s more than just a place for data. It provides access to a wide array of tools and templates in areas such as big data, machine learning, IoT, and more, that can help differentiate and accelerate business. 

Go long

Public cloud should be viewed with the end in mind. Rather than approaching it iteratively – migrating a few workloads to “see how it goes” it is better to create a long-term plan that demonstrates the viability of migrating an ERP system, a customer service call system, a CRM system, or an on-premises data centre there. Long-term thinking stands a greater chance of extracting value, ensuring consistency, and avoiding missteps.

Modernise

Rather than simply “lifting and shifting” existing processes to the cloud, a migration allows for a redesign. It gives organisations a chance to reassess their existing application life cycle, re-architecting them to take advantage of new cloud-native tools and services. Some organisations choose the approach of allowing legacy applications to continue working on-premises, but as those applications are decommissioned, their replacements will run in cloud using the latest cloud native tools and services. This requires careful planning, but it is important to recognise that a new cloud environment is not just a like-for-like replacement of on-prem, but an advancement.

Focus

Although there are many public clouds out there to choose from, there is little benefit in diversifying and spreading a presence across multiple public clouds or moving workloads from one cloud to another based on spot pricing. This approach is risky and complex. It is far wiser to identify which cloud works best for current and future workloads, and then hire people with the appropriate skills, prepare the migration carefully, and learn about all the efficiencies and cloud consumption discounts that can be applied.

Focusing on a single security vendor also reduces complexity, ensures integration, and provides savings through ELA consumption models. Often, a common management console can be used to control, monitor, and orchestrate diverse environments much more easily.

Secure the hybrid environment

Adopt and maintain a thorough Zero Trust methodology right across on-premises, private cloud, public cloud, and endpoint environments, which includes key techniques such as: “never trust, always verify,” “least privilege,” and micro-segmentation, in all environments.

Securing also includes protecting the physical and virtual network, protecting individual workloads, hardening the web-facing aspects of the environment, proving compliance to auditors, being able to track and deflect bad actors within your environment, and being able to do all of this remotely.

Do not treat security as an afterthought

Security must be built into the process from the very first plans and discussions and scaled in proportion to cloud environment growth. It must be seen as integral to the entire process. 

Include cloud network firewalls, protecting and hardening of workloads – including web-facing applications and those based on containers and serverless technology. Ensure best practice cloud configuration and compliance. Use threat hunting to monitor cloud environments and keep track of bad actors and suspicious behaviour.

Maintain asset visibility

Ensure complete visibility of assets in the cloud and how they’re configured. Make sure that questions around how cloud assets are configured, who put them there, and what permissions they have, can be clearly answered. 

Establish cloud security posture management

The bulk of cloud data breaches can be tied back to cloud misconfiguration and configuration drift issues. Implementing posture management can protect against this. 

Embrace automation

Relying on traditional manual configuration processes in the cloud is a major mistake. The cloud moves and changes too quickly for important security activities to rely on any kind of manual processes. Automation is essential. Define initial engagement parameters and solutions then use machine learning and AI to learn, manage and fine-tune the way to secure the cloud environment. 

Evaluate and control further development

Place solid guard rails around the work that developers are doing in cloud. Developers focus on pushing out new features and functions but might not immediately factor in security. Cloud security posture management policies will assist as developers deal with cloud storage, data bases and more. Additionally, deploy tools that scan GitHub or GitLab code repositories to detect malicious code, misconfiguration or hard-coded credentials before the code goes into production. 

Choose an experienced partner

Work with a cloud security partner who’s done migration many times before – a company that can provide cloud certifications and customer references. Experienced partners should also be trusted advisers who are willing to put forward an opinion or advice.

It is best to select a partner that is a specialist in a particular cloud, such as Azure or AWS, and who therefore knows the platform intimately. Cloud platforms change too quickly for any organisation to be experts in more than one.

An experienced, customer-focused partner should seek to simplify a cloud environment rather than add complexity, offering integrated solutions that work across the various aspects of a cloud environment with common management consoles. They should embrace automation as the best way to keep a cloud environment continuously secure and should provide their customers with regular cloud security insights and improvements relating to the configuration, efficiency, and compliance of the cloud environments. These should be referenceable against accepted best practices such as the AWS or Azure Well Architected Frameworks.

Conclusion

Probably the most important point to take away from this list is that a migration to the cloud is not an “apples for apples” move. It has more in common with trading in a 15-year-old car for a brand-new model. There are technologies and features that the old setup did not and could not have, and these in turn will help an organisation run itself in far more efficient and profitable ways. But before doing so, consider that the second most important takeaway in this collection is to partner with an experienced and reliable vendor that can provide advice along with skill and experience, to ensure the migration truly is a move up to better things. 

————————

Author: Nigel Spence

Cloud Security Partner & Alliance Manager – ANZ

Check Point Software Technologies

Check Point is an industry leader within the enterprise to SME security space from on-premises to multi-cloud environments. The CloudGuard portfolio addresses all of the use cases identified here – from cloud network security, cloud workload protection to cloud posture management. With deep technical and management integration into the AWS and Azure cloud platforms embracing the Zero Trust methodology. Check Point is also Microsoft Azure’s largest co-sell partner leveraging experience from countless cloud deployments around the globe. Furthermore, the recent acquisition by Check Point of SpectralOps has significantly boosted CloudGuard capabilities relating to code-scanning and CI/CD pipeline integration under the whole DevSecOps ‘Shift Left’ security mantra.

Learn more

Download our white paper “Proactivity and Planning: the key to cloud and IT modernisation” to learn more.

 

For more information about how Somerville can play a significantly beneficial role in your organisation’s cloud migration, please contact us.