Categories
Cloud advice

Easily secure your application with Jisc’s Managed Website Protection

A recording of the recent session run by Paul Martin of Fortinet at the Jisc Security Conference. The session covers Jisc’s Managed Website Protection service and how that helps institutions and organizations mitigate against the evolving security threat landscape.

Categories
Cloud advice

The public cloud shared responsibility model – what does it mean in practice?

A recording of the recent session run by Simon Dix of the Jisc cloud solutions team at the Jisc Security Conference. The session covers the public cloud shared responsibility model in relation to the roles and responsibilities of both cloud vendors and cloud consumers.

Categories
Cloud advice

Optimising Microsoft 365 security and governance

A recording of the recent session run by Richard Jackson and Colm Blake of the Jisc cloud solutions team at the Jisc Security Conference. The session covers best practices for the configuration of Office 365, Windows 10/11 and the Enterprise Mobility and Security (EMS) suite.

Categories
Service announcements

Managed Website Protection – a Jisc cloud WAF

In Jisc Cloud Solutions one of our most common recommendations for securing web applications is to ensure that you use a Web Application Firewall in order to block malicious attacks. Of course Web Application Firewalls are not silver bullets – they should be deployed alongside services such as IPS and traditional firewalls to ensure defence […]

Categories
Cloud advice

Azure Active Directory – Issues with User Consent

This blog has been written in collaboration with the Jisc Trust & Identity and Cyber Security teams. Jisc has recently become aware of a potential security risk associated with the default Azure Active Directory (AAD) security settings that are commonly in place across our membership. If your organisation uses AAD (or plans to use it), […]

Categories
Cloud advice

Remote access and Zero Trust

Zero Trust is a concept which has been around for at least the last decade. Whilst organisations were aware of it and implementing aspects of a Zero Trust architecture, it was not until 2020, for obvious reasons, that pretty much every organisation was forced into thinking about its adoption; responding to a distributed and fragmented […]

Categories
Cloud advice

Being a good cloud citizen

When speaking to members and customers about their cloud adoption, I often use a phase to describe the development required for members of the team that will ultimately be deploying and managing resources in the cloud. I describe the need for these individuals to become “good cloud citizens”. This, of course, is followed by the […]

Categories
Cloud advice

Improving PaaS consumption with Azure Private Link

In my opinion, one of the most significant enablers for consumption of Platform as a Service (PaaS) in Azure has been the launch of Azure Private Link capability. For years, the concept, and successful implementation, of a private network has been a cornerstone of IT security. This is still true, even with an ‘assume breach’ […]

Categories
Cloud advice

Top 10 security tips for deploying and using Teams

Unsurprisingly, the world and its dog appear to be shifting large amounts of their collaboration activity (team chat, shared documents, meetings and telephony) into Microsoft Teams right now. Here are our top 10 tips for rolling-out Teams securely. This is particularly important given the large number of people now working from home. Whilst some of […]

Categories
Cloud advice

Protecting your workloads behind AWS CloudFront

If you run a website serving static data and need a caching solution, AWS CloudFront is the go-to service for this. It works by providing multiple ‘edge’ locations, which are simply data centres located in geographical hot-spots around the world. Data is accessed from the nearest data centre. For example, when accessing your London-region hosted […]