I am hearing increasing reports of UK academic institutions suffering from ramsomware attacks. These are now happening much more frequently than in the past and the consequences, in some cases at least, can be devastating. It is no longer a question of if you will be attacked but when you will be attacked and how […]
A recording of the recent session run by Paul Martin of Fortinet at the Jisc Security Conference. The session covers Jisc’s Managed Website Protection service and how that helps institutions and organizations mitigate against the evolving security threat landscape.
A recording of the recent session run by Simon Dix of the Jisc cloud solutions team at the Jisc Security Conference. The session covers the public cloud shared responsibility model in relation to the roles and responsibilities of both cloud vendors and cloud consumers.
A recording of the recent session run by Richard Jackson and Colm Blake of the Jisc cloud solutions team at the Jisc Security Conference. The session covers best practices for the configuration of Office 365, Windows 10/11 and the Enterprise Mobility and Security (EMS) suite.
In Jisc Cloud Solutions one of our most common recommendations for securing web applications is to ensure that you use a Web Application Firewall in order to block malicious attacks. Of course Web Application Firewalls are not silver bullets – they should be deployed alongside services such as IPS and traditional firewalls to ensure defence […]
This blog has been written in collaboration with the Jisc Trust & Identity and Cyber Security teams. Jisc has recently become aware of a potential security risk associated with the default Azure Active Directory (AAD) security settings that are commonly in place across our membership. If your organisation uses AAD (or plans to use it), […]
Remote access and Zero Trust
Zero Trust is a concept which has been around for at least the last decade. Whilst organisations were aware of it and implementing aspects of a Zero Trust architecture, it was not until 2020, for obvious reasons, that pretty much every organisation was forced into thinking about its adoption; responding to a distributed and fragmented […]
Being a good cloud citizen
When speaking to members and customers about their cloud adoption, I often use a phase to describe the development required for members of the team that will ultimately be deploying and managing resources in the cloud. I describe the need for these individuals to become “good cloud citizens”. This, of course, is followed by the […]
In my opinion, one of the most significant enablers for consumption of Platform as a Service (PaaS) in Azure has been the launch of Azure Private Link capability. For years, the concept, and successful implementation, of a private network has been a cornerstone of IT security. This is still true, even with an ‘assume breach’ […]
Unsurprisingly, the world and its dog appear to be shifting large amounts of their collaboration activity (team chat, shared documents, meetings and telephony) into Microsoft Teams right now. Here are our top 10 tips for rolling-out Teams securely. This is particularly important given the large number of people now working from home. Whilst some of […]