Bringing Comprehensive Security To Modern Enterprise Environments

With 2020 proving to be such a disrupted year, organisations have been scrambling to keep up with the rate of technology change that has been impressed on them through the market conditions. For just one common example, organisations have been forced to rapidly transform their environments to enable remote working. For many organisations this has been the first time they have allowed for remote working among employees and to do that, CIOs have needed to open the network up to outside access, and elevate the use of cloud services.

These changes have had far-reaching implications for IT security, as sensitive data has suddenly become accessible… and often accessed via vulnerable consumer-grade technology such as laptops and off-the-shelf modem/routers. As a McKinsey report states: “As legions of employees suddenly found themselves in a work-from-home model, chief information-security officers (CISOs) adjusted, pivoting from working on routine tasks and toward long-term goals to establishing secure connections for newly minted remote workforces. CISOs also took steps to prevent new network threats that target remote workers and to bolster business-facing operations and e-commerce after a surge in online shopping during pandemic lockdowns.”

The threat of cyber attacks

Meanwhile, as the previously-restricted environments have been opened up, there has also been a huge increase in cybercrimes and malicious attacks targeting organisations. The penalties for a data breach are stiff – in Australia, fines apply of up to $2.1 million for a breach involving data loss, and that’s not to mention the reputational damage that is done to an organisation in the wake of data theft. Data security is a substantial enough risk to the health of an organisation for it to be a board-level discussion point among enterprises, but it’s the smaller businesses that are particularly at risk, with research showing that Australian SMEs are generally unaware and unprepared for cyber attacks.

What’s more, when an attack comes, the smaller organisation can be catastrophically impacted on, with research suggesting that as many as 60 per cent of small companies close within six months of being hacked.

Coupled with declining budgets for security as companies grapple with cashflow and resourcing issues, the reality is that companies need their IT security to be made easy and something that can be managed with minimal resourcing. What’s more, they need holistic solutions that will protect the entire environment, rather than a series of point solutions that may or may not work cohesively together.

Best practice strategies for security management

The main challenges that organisations are facing with regards to security in the current environment include:

  • A diversified IT environment:

    With employees now working from home, the “perimeter” that needs to be secured has increased in size rapidly. Now organisations need to grapple with consumer-grade endpoint devices (modems, printers, laptops and phones) connecting to the enterprise network over the Internet, as well as an increase in the use of cloud applications and communications platforms.

  • Rapidly evolving threat landscape:

    The explosion of cybercrime includes new threats arriving on the scene at an unprecedented rate. Taking a reactionary approach to IT security cannot work because it is impossible to monitor and respond to all the threats being created. Organisations need security solutions that are proactive in approach, rather than reactive.

  • The use of consumer-grade IT equipment for work:

    Consumer-grade technology lacks the protections and resilience of enterprise equipment, but home offices aren’t going to have enterprise hardware. The solution needs to be finding ways to secure devices with enterprise-standard software and protections.

  • The increasing reliance on Cloud-based services:

    From AI through to remote working, Cloud applications are critical for modern businesses to improve productivity and efficiency and deliver a better customer experience. However, as they are accessible over Internet connections they are a potential source for security vulnerabilities that needs to be protected.

  • The increased sophistication of attacks:

    Technology now needs to account for the social engineering role in many attacks, and IT security teams need to grapple with the challenge of educating and training staff on security threats remotely, while also monitoring an environment they haven’t got physical access to.

The channel plays a crucial role in helping organisations address all of the above issues.

From auditing their customer’s environment, to developing solutions that provide the all-of-environment security coverage, and then in many cases managing the solution as the customer lacks the resourcing to do so internally, channel organisations are also particularly effective at times of disruption, as they are able to provide advice on best practices, and future-proofing solutions.

What a holistic security solution looks like

DriveLock has designed a solution – the DriveLock Zero Trust platform - that provides end-to-end coverage for modern IT environments that feature a blend of on-premises, cloud, and managed services solutions.

“Zero Trust” is a concept that is designed to minimise and mitigate security risk by operating on an exemptions basis, and in doing so not only does it provide excellent security across a complete disperse perimeter, but it accounts for social engineering efforts by mitigating against mistakes that individuals within the organisation might make.

In other words, the DriveLock solution operates to the maxim of “never trust, always verify,” which prevents data from being compromised or hostile applications being run on networked systems by limiting them until manually approved at the IT security team level.

This solution was developed with a specific focus on helping the channel deliver value into their client’s business by providing easy-to-manage and cost-efficient security solutions.

The DriveLock security suite includes:

  • Application Control

    Application control limits the ability for non-approved applications to activate and function on devices – if malware has been downloaded to the device it still won’t be able to function without administrator approval with application control installed.

  • Device Control

    Similar to application control, but focused on the users themselves. Device control limits the ability for non-approved users to access and use a device or application, which is particularly beneficial in the event of theft or a lost device.

  • BitLocker Encryption

    Encryption is particularly important for sending data over the Internet, as it scrambles the data until it reaches an approved application at the other end. In this way it protects the data in transit.

  • Vulnerability scanning

    Vulnerability scanning creates an inventory of objects in the networked environment – from printers, firewalls and laptops through to servers in datacentres, and checks each of them against lists of known vulnerabilities, to raise red flags for the IT security team before it can be exploited.

  • End point detection and response

    An end point detection and response system will monitor and collect data from any end points on the network that might indicate a threat, analyse the data, and immediately and automatically respond to any identified threats to contain them. At that point security personnel are notified and can investigate further.

  • Management of Microsoft Defender Antivirus

    DriveLock integrates the management of Microsoft Defender Antivirus with its Zero Trust platform and enables common, convenient centralised management of DriveLock prevention tools Application control, Device control and Endpoint detection & response with Microsoft Defender.

  • Smart Card Management

    With SmartCard Management there is a Middleware available to integrate physical and virtual SmartCards. The solution can be used Stand-alone or integrated in the DriveLock Management Console.

  • EAL 3 + Certified

    Earning EAL 3+ certification is no easy task. It requires stringent testing, which ensures that you have maximum assurance of positive security engineering at the design and engineering stages. This is especially important in critical infrastructure, intelligence agencies, defense and other industries with exceptional requirements towards security.

The suite also includes analytics and remote management tools, meaning that channel organisations can use it as part of a managed services solution, and enable them to bolster the IT security teams within their customers with their own teams and capabilities.

Try DriveLock free for 30 days

Working with DriveLock to secure businesses

DriveLock offers a ready2go security service, allowing users to gain access to the holistic, end-to-end security solution with minimal investment costs, as a subscription model that is based on the number of devices that are to be secured. There is no need to own infrastructure or third-party software to deploy this solution.

On premises solutions for large enterprises is available, but for most organisations, the appeal of DriveLock will be that everything is hosted off-site, with minimal set-up and maintenance requirements. For the channel this will be appealing as it allows them to maximise the responsiveness with which they can engage with their customers, while maintaining the relationship and providing additional consulting around the engagement.

To assist channel organisations in bringing DriveLock solutions to market and maximising the value of those solutions, the DriveLock Partner Program has been built around four separate partner classifications: Sales Partner, Distributor, Technology Partner, and Managed Security Service Partner.

For each type of partner, DriveLock offers a suite of support and services tailored to the specific kind of interaction that the partner will have with its customers, including:

  • Business Planning and Review
  • DriveLock Partner Portal Access
  • Deal Registration
  • Technical Support
  • Consulting Training and Certification
  • Sales Training
  • MDF Funds
  • Marketing Tools and Brochures
  • Not for Resale Licenses

Additionally, DriveLock invests in its channel, providing escalating benefits as its partners invest into the company. Sales partners, for example, can move through a four-tier system, ranging from reseller/referral partner, with minimum requirements, through to expert partners, which can expect significant support from DriveLock around mutual market activities and events in return for a significant commitment to building DriveLock up in the local market.

Become a DriveLock partner today

DriveLock as the solution to modern security challenges

The security challenge that enterprises are facing is evolving rapidly as the very way in which business is done undergoes a period of flux. Historically, companies have turned to channel partners to help them navigate the technical challenges during periods of massive disruption, and security, where the stakes are so high, is going to be top-of-mind for enterprises of all sizes. Old ways of managing security are not going to be adequate for the new wave of cyber-threats, and there is a real opportunity for the channel to help guide their customers to robust, holistic solutions such as DriveLock’s.

For more information on the DriveLock suite, “Zero Trust” platform, and partner programs

Resource Centre

  • Why are IT security managers talking about Zero Trust? | Cyber Security with Zero Trust - Part I

  • 6 steps to introducing Zero Trust in your company | Cyber Security with Zero Trust - Part II

  • That's how DriveLock brings Zero Trust to the endpoint | Cyber Security with Zero Trust - Part III

  • From concept to implementation: 6 steps to greater IT security with Zero Trust

  • Whitepaper: DriveLock Application Control