Categories
Cloud advice

Road to Cyber Essentials: The Intune BYOD Controls

This is the 4th part of my blog series on the Road to CE series.  We’ll be starting to look at the technical controls inside of AAD and Intune to assist with Cyber Essentials.  Please note I’ll be specifically talking about AAD and Intune. As previous stated under Cyber Essentials you need to know the […]

Categories
Cloud advice

Road to Cyber Essentials: The Policies

This is the third in the Road to CE series, we’ll be talking about the written policies need to support Cyber Essentials, most of these will just be updates to existing policies. TLDR: Review and update your policies to enshrine the technical controls and accommodate for technical control feature lackings. If you don’t have an […]

Categories
Cloud advice

Road to Cyber Essentials: The Start

Jisc are Cyber Essentials compliant, this will be a series of blog posts on how we achieved this. To start off you need to evaluate your digital estate, start small and expand from there.  Your IdP will be your biggest asset in assisting with CE, make sure your systems use your IdP for login, try […]

Categories
Service announcements

Managed Website Protection – a Jisc cloud WAF

In Jisc Cloud Solutions one of our most common recommendations for securing web applications is to ensure that you use a Web Application Firewall in order to block malicious attacks. Of course Web Application Firewalls are not silver bullets – they should be deployed alongside services such as IPS and traditional firewalls to ensure defence […]

Categories
Cloud advice

Azure Active Directory – Issues with User Consent

This blog has been written in collaboration with the Jisc Trust & Identity and Cyber Security teams. Jisc has recently become aware of a potential security risk associated with the default Azure Active Directory (AAD) security settings that are commonly in place across our membership. If your organisation uses AAD (or plans to use it), […]

Categories
Cloud advice

Remote access and Zero Trust

Zero Trust is a concept which has been around for at least the last decade. Whilst organisations were aware of it and implementing aspects of a Zero Trust architecture, it was not until 2020, for obvious reasons, that pretty much every organisation was forced into thinking about its adoption; responding to a distributed and fragmented […]

Categories
Cloud advice

ADFS – Moving away from federated 365 authentication

Single sign-on (SSO) plays a key part in providing a secure authentication solution. However, the architecture and authentication flow of these solutions are paramount in ensuring that your identity broker retains its availability and integrity. IAM makes up a core component of the NCSC Cloud Security Principles. Therefore, when implemented it is important that the […]

Categories
Cloud advice

Top 10 security tips for deploying and using Teams

Unsurprisingly, the world and its dog appear to be shifting large amounts of their collaboration activity (team chat, shared documents, meetings and telephony) into Microsoft Teams right now. Here are our top 10 tips for rolling-out Teams securely. This is particularly important given the large number of people now working from home. Whilst some of […]