We are now part of the Falanx Group

Comment

We are now part of the Falanx Group

Falanx Group.png

ACQUISITION OF SECURESTORM LIMITED

Falanx Group Ltd (“Falanx”, AIM:FLX), the global cyber security and intelligence provider, in line with its strategy of increasing value in the high growth Cyber Security market, is pleased to announce the acquisition of Securestorm Limited.

Mike Read, Chairman and Chief Executive Officer of Falanx, commented:

“The acquisition of Securestorm provides Falanx with a number of exciting opportunities, to both support our growing UK Govt business and expand our footprint in these marquee organisations.  The unique relationship with Amazon Web Services and the introduction of our MidGARD service to a global market place is also very promising. We also welcome Tony Richards to the team, a highly respected and recognised cyber security thought leader who will head our consultancy arm and take up the position of Falanx Group Chief Information Security Officer”

Tony Richards, Founder of Securestorm Ltd, commented:

“The combination of Securestorm with Falanx is a perfect match, enabling the integration of Falanx’s MidGARD and security testing services with Securestorm’s managed security and consultancy services to deliver a stronger portfolio to our customers. I look forward to working with Mike Read and the rest of the team, to expand Falanx’s market share and increase overall growth, utilizing our partnership with AWS, relationships across the public  and tech sectors, and placement on various government procurement frameworks. ”

Read the full report here.

THE SAME BUT BETTER

Securestorm team are pleased to annouce that this announcement means our clients and potential customers get to enjoy the same great level of expertise and services but with added benefit of new portfolio and top range of solutions that arises out of this acquisition. We are now in a position to offer strategic intelligence to penetration testing, red teaming and more as our practice grows.  

 

Comment

LIVE ON G-CLOUD 10

Comment

LIVE ON G-CLOUD 10


Securestorm go live on 'g-cloud 10' 


Securestorm has been officially been awarded G-Cloud 10 status following the success of the previous G-Cloud versions. You can find us on Digital Marketplace here.

In this iteration, Securestorm are committed to bring to market even more innovative as well as pragmatic solutions and services that are designed to help Government organisations be secured from cyber-threats, enhance their cloud capabilities as well as be UK Data Protection 2018 compliant. 

 

Securestorm Director, Tony Richards, added "It is once again great to be live on the new version of G-Cloud. Keeping in-line with the launch of previous G-cloud iterations and considering the Data Protection changes, Securestorm is further committed to delivering more, offering integrated services and exclusive solutions such as our Total Security Packages & Training, Risk & Vulnerability Management and Data Protection ServicesThis combined with our industry experience, delivery capabilities and subject matter expertise on Security & Data Protection domains will no doubt once again see us successfully solving security challenges for our clients across the Government." 

The following services by Securestorm can be found on the Digital Marketplace:

CYBER SECURITY CONSULTANCY

Securestorm, an NCSC certified Cyber Security Consultancy, assists customers in defining their security needs and designing and assuring security of public, private or hybrid cloud services.

Features

  • Certified under the NCSC Cyber Security Consultancy scheme
  • Certified Cyber Security Professionials
  • AWS Certified Cloud Professionals
  • (ISC)2 Certified Cloud Security Professionals (CCSP)
  • Leaders in secure OFFICIAL environments architecture design and review
  • Review security options chosen and those available against best practices
  • Security Architects

Benefits

  • Company certified under the NCSC Cyber Security Consultancy scheme
  • Cyber Essentials certified company
  • Utilising the inherent security of cloud services for reduced complexity
  • Understanding of security options for current or future deployments
  • Recommendations for user role and privileges to meet business requirements
  • Improved audit and incident response capability
  • Expertise in delivering secure cloud services to existing G-Cloud customers
  • Ensures compliant and secure cloud services for your organisational needs
 

Cloud Security Consultancy

Cloud services such as Amazon Web Services or Salesforce are increasingly being used but often do not utilise all of the security options available. Securestorm, an NCSC certified Cyber Security Consultancy, assists customers in defining their security needs and designing and assuring security of public, private or hybrid cloud services.

Features

  • Certified under the NCSC Cyber Security Consultancy scheme
  • AWS Consultancy Partner
  • Certified Cyber Security Professionials (NCSC CCP)
  • AWS Certified Cloud Professionals
  • (ISC)2 Certified Cloud Security Professionals (CCSP)
  • Salesforce Security Partner
  • Leaders in secure OFFICIAL environments architecture design and review
  • Review of AWS or Salesforce Identity & Access Management permissions
  • Review security options chosen and those available against best practices
  • Threat Modeling, Information Risk Assessment and Management conducted

Benefits

  • Company certified under the NCSC Cyber Security Consultancy scheme
  • Cyber Essentials certified company
  • Conducts annual Security Assurance and Audit of AWS services
  • Conducts annual Security Assurance and Audit of Salesforce
  • Utilising the inherent security of cloud services for reduced complexity
  • Understanding of security options for current or future deployments
  • Recommendations for user role and privileges to meet business requirements
  • Improved audit and incident response capability
  • Expertise in delivering secure cloud services to existing G-Cloud customers
  • Ensures compliant and secure cloud services for your organisational needs

Securestorm are actively working to champion Cloud Security best practices that enable Government and businesses to run more efficiently and cost effectively. Read about our contribution and best practices in a recently published research papers:

 

Total Organisation Cyber Security Package

The Securestorm Total Organisation Security Package is designed to help organisations get the best cyber security services and solutions bundled in a single, encompassing, annual package. 
The security package provides organisations with Information Risk Management, Vulnerability & Security Testing, Unified Cyber Security & GDPR Training and Cyber Essentials Certification.

Features

  • Intutive Continuous Information & Risk Management Dashboard
  • A Full-stack Security Testing & Vulnerability Management Solution
  • Unified Cyber Security and GDPR Training and Awareness Platform
  • Simplified Cyber Essentials Consultation & Certification
  • Dedicated Consultation, Support & Communication with client
  • Optional: Data Protection Officer as a Service package
  • Optional use of: Data Protection Impact Assessment Tool

Benefits

  • Expert consulting by NCSC accredited Cyber Security Consultants
  • Single, encompassing, annual service to simplify security budgeting
  • In-house security authority to mandate compliance, training & oversee governance
  • Improve organisational efficiency and external reputation
  • Boost security culture, maturity and endurance compliance
  • Expert resource support for organisation with knowledgable professionals
 

Privacy and Data Protection Services - DPOaaS

The Securestorm Data Protection Officer Service (DPOaaS) assists clients on all matters relating to privacy and data protection as mandated under the GDPR. The DPO will serve as an independent expert both internally as well as with regards to customers, staff or the Supervisory Authorities.

Features

  • Certified under the NCSC Cyber Security Consultancy scheme
  • Certified Information Privacy Professionals (CIPP/E)
  • Certified Cyber Security Professionials (NCSC CCP)
  • Range of DPOaaS service levels to match organisation need
  • Experienced Data Protection and Privacy Experts
  • Experienced in GDPR compliance Gap-Analysis and Audit
  • Experienced in GDPR compliance implementation and Data Mapping
  • Use of: Data Protection Impact Assessment Tool
  • (ISC)2 Certified Cloud Security Professionals (CCSP)

Benefits

  • Company certified under the NCSC Cyber Security Consultancy scheme
  • Cyber Essentials certified company
  • Fullfill mandated DPO role without FTE
  • Understanding of security options for current or future deployments
  • Improved audit and incident response capability
  • Ensures compliant and secure cloud services for your organisational needs
 

Managed Security and Information Assurance Services

Securestorm, an NCSC Certified Cyber Security Consultancy, provides Managed Security Services, incorporating: multi-disciplinary teams of experts, qualified and experienced in: Risk Management, Operational Security, Security Testing, Security Architecture and Data Protection.

Features

  • NCSC Certified Cyber Security Consultancy
  • Full Managed Security Service team
  • Continuous Information Risk Management Dashboard - Nol-ij
  • Core Service includes: Chief Information Security Officer (CISO)
  • Core Service includes: Information Risk Manager (IRM)
  • Core Service includes: Operational Security Manager (OSM)
  • On demand security functions: Security Architecture
  • On demand security functions: IA Audit and Review
  • On demand security functions: Security Testing Services
  • Optional: Data Protection Officer as a Service package

Benefits

  • Fixed Cost service, invoiced in monthly increments
  • Sick leave and holidays are covered
  • Dedicated Service Manager
  • Experienced in Justice, Policing, Defence and Ceneral Government.
  • Clients include: MoJ, YJB, The Supreme Court, Civica, GDS
 

CybSafe - Cyber Security Awareness, Behaviour and Culture Analysis, Training and Risk Mitigation

CybSafe is a British cyber security technology company. The next-generation, award-winning, AI-driven security awareness training platform uses GCHQ accredited content, advanced analytics, psychology and behavioural science to measure, understand and report on cyber security culture, increase employee engagement and demonstrably reduce human-cyber and data protection risk.

Features

  • GCHQ & IISP accredited training developed by former Government specialists
  • Content and platform features grounded in psychology/behavioural science
  • Machine learning technology customises content, putting security into context
  • Advanced proprietary analytics measure user awareness, behaviour and culture
  • All content is updated and improved throughout license period
  • Ongoing adaptive user testing ensures retention of learned knowledge
  • Sharing and communication features encourage user interaction, adoption and engagement
  • Supply chain assurance tool allows oversight of supply chain risks
  • Fully customisable content to reflect organisational policy and procedure
  • Integrated simulated attack tools include phishing, smishing and USB drops

Benefits

  • Human-centric design empowers users to contribute and engage with security
  • Demonstrably reduces human-cyber risk including phishing click rates
  • Demonstrably increases user engagement, communication and improves attitude
  • Plug-and-play design requires no input from admins after initial setup
  • Allows complete oversight of organisational cyber awareness, behaviour and culture
  • Administrator dashboard allows comprehensive reporting for easy demonstration of compliance
  • See genuine change in organisational security culture
  • Learning content accessible remotely, at any time, reducing user downtime
  • Completion will comprehensively support compliance with GDPR and NISDirective
 

Edgescan - Continuous Technical Security Vulnerability Assessment

Edgescan is a managed, Continuous Technical Security Vulnerability Assessment service with continuous, security testing and system visibility that delivers a unique service combining full-stack vulnerability management, asset profiling, alerting and risk metrics. As official partners, Securestorm, an NCSC certified company, will assist customers with on-boarding the service and portal configuration.

Features

  • Continuous security technical vulnerability testing
  • "Full-stack coverage" - Web applications/sites & hosting /cloud environments
  • False positive-free results, managed service with vulnerability analysis
  • Variable testing frequency: fortnightly, monthly, quarterly or on demand
  • Incredibliy detailed vulnerability reporting, including code injection & responce
  • Continuous system visibility via secure online portal
  • Super Rich API for painless integration with JIRA and ServiceNow
  • Customisable Alerting, via email, SMS or other channels
  • Highly Customisable reporting, in PDF, CSV and EXCEL formats
  • 24/7 Governance Risk and Compliance Metrics

Benefits

  • Provides continuous visibility on premise and cloud environments
  • Helps free up security staff to focus on other issues
  • Helps comply with auditing and compliance standards
  • Suitable for OFFICIAL (including OFFICIAL-Sensitive) classified services
  • Enables to react quickly to security threats, by identifying issues
  • Value for money over traditional security for start-ups to corporates
  • Helps manage critical assets freeing up resources & time
  • Expert analysts ensure risk reported accurately and rated appropriately
  • High flexibility with systems accessibility as and when required
  • Monitor security rating to help track performance and improvements
 

CLOUD SUPPORT

CLOUD SOFTWARE

Knack - "Low Code" Application and Database Pilot Development platform

Knack is an easy to use "Low-Code" development platform that Securestorm can provide as a pilot development service that lets you quickly build online applications and data databases as a proof of concepts. With Knack you can structure data, connect by linking related records together and extend data integrations.

Knack Low Code Development Platform Consultancy

Securestorm provides expert consultancy on how to use Knack, the "Low-Code" development platform, including: setup, configuration, management and development. Knack is an easy to use "Low-Code development platform", suitable for OFFICIAL information, that transforms data into powerful online databases, with clean interfaces, and requires no coding.

 
 

CLOUD SOFTWARE

CLOUD SUPPORT

Nol-ij, the Continuous Information Risk Management Dashboard

Nol-ij is a cost effective, Continuous Information Risk Management Dashboard, that supports and streamlines governance, information risk management and security assurance through identification, evaluation, treatment and management of strategic, operational and project security risks, ensuring decision makers have the necessary information at their fingertips to confidently manage their risk portfolio.

Nol-ij Configuration, CUSTOMIZATION and Support Consultancy

Nol-ij, the Continuous Information Risk Assessment Dashboard can help organisations identify, track and minimize the information risks inherent in their systems and services. Securestorm provides expert consultancy to assist and enable organisations to setup, configure or even adapt and customize the Dashboard to their needs.

 

Getting in touch: 

To request for a for additional information on any services tailored to your organisation's infrastructure, budget and considerations please get in touch via enquiries@securestorm.com or call 0203 8655890 for advice and consultation. Additionally visit our technology services directory Informd.Online to view assurance reports of Cloud Services

Comment

Securestorm to Work with UK Supreme Court

Comment

Securestorm to Work with UK Supreme Court

 
SecureStorm_Logo_MSW-02.jpg
1200px-Supreme_court_crest_(official).svg.png
 

Securestorm wins 'Security Services' contract with the UK Supreme Court

Securestorm Ltd., the provider of pragmatic Security services and solutions, is pleased to announce that it has been awarded a contract to deliver a managed ‘Cyber Security’ solution and services package tailored to boost the overall Security efforts of its client the UK Supreme Court.

 AWARD WINNING FULLSTACK VULNERABILITY &  SECURITY TESTING MANAGEMENT

AWARD WINNING FULLSTACK VULNERABILITY &  SECURITY TESTING MANAGEMENT

 GCHQ ACCREDITED - UNIFIED CYBER SECURITY TRAINING & AWARENESS

GCHQ ACCREDITED - UNIFIED CYBER SECURITY TRAINING & AWARENESS

The work will consist of providing an award winning Continuous Security Testing and Vulnerability Management system called Edgescan. Another key solution provided will be the GCHQ Accredited - Unified Cyber Security Training & Awareness Platform called Cybsafe. Part of the work will also include provision of Cyber Essentials accreditation, which is an NCSC and Government-backed, industry-supported scheme to help organisations protect themselves against common online threats.  

The Securestorm Cyber Security Package will ensure that the Supreme Court will be able to use a full-stack assessment engine to identify any vulnerabilities or risks to their website and applications while improving cyber security behaviour, visualising human factor vulnerability, and reducing cyber risk with a unified security training programme. The added Cyber Essentials consultation and accreditation will reassure the public that the Supreme Court is working towards securing IT against cyber-attacks and have security measures in place against cyber risks.

Tony Richards, Director of Securestorm, commented:

"We are delighted to have won the work to deliver this crucial cyber security project for the UK Supreme Court and are confident that we can contribute to the creation of a digitally secure and connected environment as we have done with our other Government clients. The Supreme Court, plays an important role in the development of United Kingdom law. As an SME, it is a testament to our expertise, experience and capabilities in that we are able to support the nations crucial legal system at a security level."

 
About: Securestorm® are leading security experts who deliver pragmatic advice, practical solutions and solve security challenges across the Digital, Cloud, Cyber and Data Protection (GDPR) domains. With a combination of experience, expertise and strategic awareness, Securestorm offers technical and strategic consultancy, managed security services and solutions to clients across both Public and Private sectors. Securestorm holds several certifications, notably being NCSC Certified Cyber Security Consultancy, Crown Commercial Suppliers, and Cyber Essentials. Furthermore, Securestorm are also industry prominent for its proven delivery capabilities.
bar.png

Comment

GDPR Key Points to Remember for C-Suites

Comment

GDPR Key Points to Remember for C-Suites

pexels-photo-325924.jpg
 
info.png
 
  • The General Data Protection Regulation (GDPR) is an EU legal requirement. The UK Data Protection Act (2018) incorporates the GDPR into UK law.

  • Personal data for individuals shall be processed lawfully, fairly, and in a transparent manner.

  • People need to be told what personal data is being collected and for what purpose.

  • Personal data shall be collected for specified, explicit, and legitimate purposes. It shall not be used for any other reasons that conflict with these purposes.

  • Personal data shall only be kept and processed for as long as it is required for that purpose and for no longer than that.

  • A Data Protection Officer (DPO) is required if you process large amounts of sensitive personal data or systematically monitor Data Subjects on a large scale.

  • Personal data must be kept up-to-date and accurate.

  • People have the right to receive a copy of their data, or can request that their personal data no longer be used. Insome cases, they can have it erased entirely.

  • Organizations must implement appropriate security measures to protect personal data against accidental or unlawful destruction, loss, alteration, or disclosure.

  • In addition, organizations need to ensure all staff members who handle personal data are properly trained in how to secure and protect that data.

 
bar.png

Comment

Malicious software used to illegally mine cryptocurrency

Comment

Malicious software used to illegally mine cryptocurrency


compromise of the third-party JavaScript library ‘Browsealoud’


*Image for illustration only

During the compromise, anyone who visited a website with the Browsealoud library embedded inadvertently ran mining code on their computer, helping to generate money for the attackers. No money was taken from users themselves, but the mining code performed computationally intensive operations that were used to earn the cryptocurrency. These operations may have affected the performance and battery life of the devices visiting the site.

Browsealoud was taken offline shortly after the compromise, mitigating the issue. However, website administrators, and other JavaScript library developers may wish to take further steps to prevent future compromise by following the guidance by National Cyber Security Centre (NCSC) below:

 
Advice for members of the public
  • The cryptojacking harnessed people’s computers to help ‘mine’ for cryptocurrency. This involves using your device to perform computations and does not take any money from you or your accounts.
  • The only impact on affected users’ computers was that they temporarily had minor performance loss and reduced battery power.
  • If you have experienced unusually slow performance from your computer, reduced battery life, or visited the affected websites we recommend:
    • Closing the browser you visited the webpage on is likely enough to stop the mining;
    • Clearing the browser cache will remove all traces of the code. Guidance on how to do this is available here: http://www.refreshyourcache.com/en/home/
Advice for website administrators
  • Make a risk-based decision on including third-party JavaScript in your site. This will vary depending on the size of the website you manage and who is supplying the code. Consider whether the code you are including could compromise your users, and balance this against the risk of this happening for your site.
  • If practical to do, consider hosting the JavaScript locally on your own server rather than linking to code hosted elsewhere. This means changes to the libraries require access to your server, although this will mean you will need to install security patches yourself.
In certain cases, some technical measures can also help prevent inclusion of compromised third-party resources:
  • SRI (Sub-Resource Integrity) allows the browser to check a cryptographic hash of the script to ensure that your users are running the unaltered version. However, SRI will only work if the script is relatively static. If it changes regularly, the signature will no longer be valid and the script will not be loaded by users. Also, browser support for SRI is not universal.
  • CSP (Content Security Policy) allows you to whitelist locations where scripts can be loaded from. Several independent researchers have written that having a well-defined CSP in place would have blocked this attack.
We recommend putting the above mitigating measures in place where practical, and while we recognise these will not necessarily protect end users in all cases they will reduce the chances of your website being compromised.
Advice for third-party JavaScript developers
  • Implement robust change control for your code, including monitoring your codebase for unauthorised modifications, reviewing code contributions, and having a rapid takedown process in place for if a compromise is detected.
  • Where you offer hosted versions of your library, ensure that you have robust access control and logging in place for making changes to the library.
  • Consider supporting customers who wish to use Subresource Integrity (SRI). For example, providing numbered versions of libraries which remain static, and so have a static cryptographic hashes will enable customers to validate their integrity.
 
 

we can help...


SecureStorm_Logo_MSW-02.jpg
Certified Service - 56902444 Risk Management Mini Mark copy.png

Securestorm Director & Advisor to Public Sector, Tony Richards said "This is likely a result of improper security controls put in the place. That is why we insist the organisations that we work with to know exactly what is running on their systems, especially using when procuring third-party services or features. In addition to NCSC guidance on the matter, organisations need to consider the overall security maturity of the third-party service provider at that initial phase which helps to assess the level of risk that they may be exposed to at the outset".

If your organisation needs help risk assessing third-party services, give Securestorm a call. As NCSC Certified Cyber Security Consultants, we focus on advising our clients with a pragmatic lists of actionable solutions that allow organisations to make big changes, fast and most importantly remain Cyber Secure.

 

 

Comment

UK industries:"Boost Security or Face Fines!"

Comment

UK industries:"Boost Security or Face Fines!"


new Government ANNOUNCEMENT to protect essential services from cyber attack


The UK Government issued a press release that warned British industries to boost cyber security or face hefty fines for leaving themselves vulnerable to attack. Here are the key-points from the press article.

  • Organisations risk fines of up to £17 million if they do not have effective cyber security measures
  • Sector-specific regulators will be appointed so essential services are protected
  • National Cyber Security Centre publishes new guidance for industry

Link to the full article here.

GETTING STARTED

1. GET YOUR GUIDANCE FROM THE NCSC:

The National Cyber Security Centre (NCSC), the UK’s centre of cyber excellence established in 2017, has published detailed guidance on the security measures to help organisations comply. These are based around 14 key principles set out in the NCSC consultation and government response, and are aligned with existing cyber security standards.

2. FOLLOW A CYBER-SECURITY LED APPROACH

Cybersecurity is everyone's problem, not just the responsibility of IT departments.
Companies have to accept the fact that security has to be planned and implemented in to all business processes. Most organisations that deal with numerous consumer data may need to appoint, outsource or train key responsible personnel like CISOs, Information Security Officers and Data Protection Officers (DPOs).

3. TALK TO AN EXPERT!

By now most companies have build up a 'cyber-awareness', that they must protect and invest in information security and IT assets to reduce the risk of breach, loss or exposure of data, theft of resources, and overall brand reputation with addition to the hefty penalties that they might incur. The recent breach reports and news articles like the popular TALK-TALK incident are examples of why.  However, the challenge is how, particularly when most businesses lack the key skills to do so.

Looking for the right security partner can be a daunting task especially in a crowded marketplace. But there are some key factors to consider while looking for consultants that fit your purpose:

  • Trust: Find out if they have relevant industry accreditations. For example, being an NCSC certified Cyber Consultancy would be good start. It is not always about certifications over experience, but your selected security partner should hold relevant qualifications that suit your industry type.
     
  • Pragmatic:  It is essential that your security partner provides practical advice and solutions that are carefully analyzed and chosen to reflect the right balance of benefit and costs. That is why going for a 'one-size-fits-all' solution does not work. Depending on your organisation, a degree of flexibility is required due to factors such as firm’s size & strength, matrix, cyber-security culture and maturity.
     
  • Experience: It is important to know that you are getting the skill-set you paid for. Many large and reputed IT security vendors most often have the best online-presence but when it comes to experienced talents to actually fulfil clients responsibilities, they fall short. Our advice would be to get to know the team and look into their experience and client-delivery records.
     
  • Industry Exposure: Each industry has its own information security protocol to follow. Furthermore, there are also different security group of guidelines such as NIST, ISO:27001, etc that apply to different organisations. This is why choosing a partner with relevant industry exposure makes a difference in your security goals.
    - Are you a Government Body or SME/Large Private organisation ?
    - Or are you a regulated industry like Banking, Finance or Telecommunications ? 

why securestorm ?


SecureStorm_Logo_MSW-02.jpg

Securestorm® are leading security experts who deliver pragmatic advice, practical solutions and solve security challenges across the Digital, Cloud, Cyber and Data Protection (GDPR) domains. With a combination of experience, expertise and strategic awareness, Securestorm offers technical and strategic consultancy, managed security services and solutions to clients across both Public and Private sectors.

Securestorm are a NCSC Certified Cyber Security Consultancy with demonstrable experience and proven delivery capabilities. Advanced security solutions and services include: Nol-ij® - Continuous Risk Management, Edgescan® - Full Stack Vulnerability Management, CybSafe® - Unified Cyber Awareness Platform, and Falanx MidGARD™ - Advanced Monitoring Platform.

 
bar.png

Comment

The Ultimate Guide to DPO

Comment

The Ultimate Guide to DPO

DPO: A GUIDANCE DOCUMENT


Securestorm's experienced Data Protection Team has released has released an extensively researched guidance document to help understand roles, responsibilities, regulations, and applicability of Data Protection Officers to help clear misconceptions and promote better understanding for organisations that are considering a DPO role within their practice. 

Download our guide below or use our reading pane to preview the content:

 
library.jpeg

DPO Guidance

Securestorm 

 

Reach out to our knowledgeable GDPR Practitioners to address GDPR related questions, for invitation to complimentary GDPR learning sessions or to discuss your personal or organisational requirements. We advice clients across the Public and Private Sectors on all things Data Protection (GDPR/Privacy), Cloud & Cyber Security. 

Comment

Getting 'YOUR.COM' GDPR Compliant

Comment

Getting 'YOUR.COM' GDPR Compliant

a guide to gdpr compliance for your website

It’s only a few months until the General Data Protection Regulation (GDPR) comes into force, with May 2018 almost upon us. The new regulation created by the European Commission aims to standardize data protection procedures. Companies will be required to comply with measures regarding the data they hold and how it’s managed.

Data protection goes beyond being a legal necessity, but is also an important step in creating trust with your stakeholders, customers, clients and associates. It’s a process that requires transparency from your organisation and it's practices. There are several steps you need to take now in order to make sure you’re compliant with the new regulations, and we’ve presented a guide below to make sure you’re following best practices for your company's gateway i.e, Website:

For more guidance materials or tailored advice on GDPR & UKDP from subject matter experts, reach out to Securestorm here. We specialise in a range of Data Protection as a Service offerings including, GDPR Assessments, GDPR Planning & ManagementDPO Services, Data Protection Impact Assessments and Privacy Management Services, to name a few.

top-banner-cyber-security.jpg

Comment

Beyond Tick-Box Training...

Comment

Beyond Tick-Box Training...

Securestorm, the NCSC Certified Cyber Security Consultants are proud to have officially partnered with CybSafe, the GCHQ-accredited cyber security awareness training solution to deliver an intelligent and constantly-evolving training software platform that gives organisations a level of expertise, insight, research and understanding that goes above and beyond traditional tick box training.

CYBSAFE-social media announcement-Twitter.png

Tony Richards, CTO, Securestorm said, "We are delighted to tie-up with CybSafe. As cyber security advisors working alongside multiple organisations across Government to Private sectors, we have always expressed how security awareness and training is not a 'tick-box' activity. With our partnership we are able to provide innovative and engaging security training helping organizations to really embed and sustain better behaviours when it comes cyber security. The goal here is to embed a resilient security culture throughout organisations."

HUMANIZE YOUR TRAINING

Most businesses know that the human aspect of cyber security is important. They also know that they aren’t doing enough to address it and worry that they carry too much unnecessary cyber security and data protection risk as a result.

The issues preventing good cyber security behaviour from the everyday-technology-users within their organisations aren’t actually just knowledge and understanding. Many people are also Apathetic, Disengaged, Fearful or Confused.

These businesses want a cyber security awareness solution that demonstrably addresses the human aspect by changing behaviour, shows a demonstrable return on investment and marks them out as an organisation that can be trusted to take data protection seriously.

What is CybSafe?

CybSafe is Unified Cyber Awareness Platform. It is a data-driven, cloud-based software that addresses the human aspect of cyber security. In doing so it helps businesses to improve cyber security behaviour, visualise human factor vulnerability, and reduce cyber risk.

A Unified Cyber Awareness Platform

CybSafe is a Unified Cyber Awareness Platform that helps organisations intelligently address the human aspect of cyber security by focusing on ABC – Awareness, Behaviour & Culture.

It is advanced software that:

  • delivers GCHQ-accredited awareness training,
  • uses simulated multi-vector attacks and other methods to measure changes in behaviour, and
  • enables businesses to engage their people by keeping them informed and encouraging them to contribute their insight.

CybSafe helps organisations:

  • reduce their cyber risk,
  • build a positive cyber security culture,
  • meet their GDPR and other compliance requirements and
  • see a return on their investment.

It brings together (many of the aspects) a business needs address the human aspect of cyber security effectively.

  • Train & Educate
  • Change behaviour
  • Inform
  • Engage
  • Measure & Analyse
  • Visualise & Report

CybSafe is a platform that can either be delivered on its own (for businesses without the capacity to do more), or as a mainstay feature that is complemented by additional security awareness activity. It is the only GCHQ-certified training tool of its kind that delivers this.

An awareness programme should be an intelligently woven together series of activities that engage, educate, assess and inform Users. If done properly Users feel empowered rather than undermined. They also increasingly see the value in their understanding of cyber security and feel part of the collective solution. It’s a journey that takes many from ambivalence, disinterest and a feeling of inconvenience to interest, appreciation and sensible caution.

Most businesses don’t have the time, expertise or resource capacity to focus on the human aspect of cyber security as much as they should/would like.  CybSafe’s Unified Cyber Awareness Platform automates the provision of this activity making its delivery effortless on the part of busy professional people.

Who is CybSafe for?
  • For businesses that realise that they need no longer pay lip service to the ‘people component’.
  • For those that understand that they don’t have the staff, time or expertise to address this component effectively on their own.
  • Any organisation that would like to directly address the human factor in cyber security to reduce their chances of having a breach – and benefit from the insights and experiences of others whilst saving money in the process.

Like to know more ?

If you would like more information or advice on our range of Security Training and Awareness Programmes, get in touch here.

bar.png

Comment

Awarded For Supporting Forces

Comment

Awarded For Supporting Forces


securestorm gets awarded for supporting forces 


Securestorm are pleased to have received the bronze award recognition from the Armed Forces Covenant - Employer Recognition Scheme (ERS).

  Certification Received in Recognition
 
We would like to thank you for your statement of intent to support defence personnel. The ERS recognises commitment and support from UK employers for defence personnel. The scheme awards employers who support those who serve or have served in the Armed Forces, and their families.
— MOD OFFICIAL

As part of our on-going commitment we particularly seek to support the employment of veterans young and old, through actively targeting veterans in employment campaigns, actively supporting industry training and work placement schemes and mentoring veterans within the industry. We now proudly carry the Armed Forced Covenant logo to show our membership and involvement. 

For more information on our involvement with the AFC or opportunities for Armed Forces, please get in touch with us on enquiries@securestorm.com or visit our CAREERS page for latest vacancies.

Bronze banner.jpg

READ RELATED NEWS:

Army.jpg

Honouring Our Armed Forces

cyber-defences-security.jpg

Veteran To Cyber Security Professional 

VISIT OUR CONTENT:

Comment

Honouring Our Armed Forces

Comment

Honouring Our Armed Forces

Honouring Our Armed Forces

 
ARMED FORCES (GREY PNG).png
 

Securestorm has recently signed an official agreement to honour the Armed Forces Covenant.

By extending the support to the Armed Forces Community, we recognise the value Serving Personnel both Regular and Reservists, Veterans and military families contribute to our business and our country. By directly getting involved with the Armed Forces Covenant, we extend and re-affirm our beliefs by actively supporting initiatives, taking up causes and voicing their messages in our actions.

Embedding the 'Core' Principles in Our Culture

Our Armed Forces fulfil the responsibility of protecting the realm on behalf of the Government, sacrificing some civilian freedoms, facing danger and, sometimes, suffering serious injury or death as a result of their duty. Families also play a vital role in supporting the operational effectiveness of our Armed Forces. In return, the whole nation has a moral obligation to the members of the Naval Service, the Army and the Royal Air Force, together with their families. They deserve our respect and support, and fair treatment.


"We (Securestorm Ltd.) will endeavour in our business dealings to uphold the key principles of the Armed Forces Covenant"


Securestorm not only acknowledges this agreement as an initiative but also holds these values deep within the company culture and origins. In fact, Securestorm Co-founder & CTO, Tony Richards served in the armed forces before making his mark on the Cloud & Cyber Security domains as an industry leader & strategist, especially working alongside and solving challenges for Public Sector organisations like the Ministry of Justice, Youth Justice Board, Supreme Court, and GDS, to name a few.

Showing Commitment & Support in Our Actions

As part of our on-going commitment we particularly seek to support the employment of veterans young and old, through actively targeting veterans in employment campaigns, actively supporting industry training and work placement schemes and mentoring veterans within the industry.


"We (Securestorm Ltd.) recognise the value serving personnel, reservists, veterans and military families bring to our business"


Drawing from our expertise and specialism in the security field and using our partnership with organisations like Amazon Web Services, we are able to contribute to important schemes like the AWS Re:Start. We recently hired and mentored a young veteran who is now on the path to becoming a Cyber Security Consultant. Along the way, he recieved regular support, technical training and qualifications, customer facing experience and an all important work contract from Securestorm. You can read about his journey below:

'A Veterans Journey to Civilan Life'

Securestorm

 

Tony Richards, commented "With years of experience in the army as well as working in a trending industry, my team and I are able to provide the 'right' nurturing and 'balanced' mentorship required to help the members of Armed Forces pick up and apply new skills suited to them as well as transition back to civilian life. We have already seen some great success in our involvement and we will continually do so in all our future endeavours".

We also take this opportunity to encourage other organisations and associates in our community to support and take up this cause of supporting the AFC. This goes beyond getting veterans back to normal life as the industry needs to recognize what they have to offer. There is a big opportunity to fully develop veterans’ skills and train them to be specialists in order to meet the rising national skills shortage in technology, particularly the vast field of Cyber and Cloud Security.

For more information on our involvement with the AFC or opportunities for Armed Forces, please get in touch with us on enquiries@securestorm.com. Don't forget to visit our other helpful content and handy resources:

 E HA

Comment

Cost Effective GDPR Compliance for SMEs

Comment

Cost Effective GDPR Compliance for SMEs

cost effective gdpr compliance for sme'S

According to the latest survey results, the majority of SME businesses are unsure about meeting the GDPR compliance deadline. Moreover, a large part of the business community is unsure of the overall relevance of GDPR to their core business model and operations as well as the overall cost of compliance and business disruption it may cause.

So what should businesses do?

orange banner 4.png

REORGANISE

orange banner 4.png

STRATEGISE

orange banner 4.png

OPERATIONALISE

orange banner 4.png

TRANSFORM


orange banner.jpg

REORGANISE

  • Determine the relevance of GDPR to your business and operating model: GDPR is not about data protection, it is about personal data protection. It is important that businesses determine the degree of personal data they use. 

Actual personal data usage may be very different from perception. For example – a simple weather updates portal. It does not need any personal customer data however it does store and processe the names, addresses, family details, bank account numbers, passport details, work authorisations, salaries, bonus payments and sick leave details of its 50 geographically spread agents. All of these are personal data and some are sensitive data

  • Reorganise asset ownership and limit liabilities: SME owners should take advice on  reorganising their business ownership and asset ownership. Numerous businesses start as one man idea and then evolve to become a small team. But, due to digital connect or a people based operating model, they collect significant personal data. Owning sensitive assets with associate compliance and liabilities can best be addressed by forming corporate entities and limiting individual liability. 

The corporate entity should be the owner of share capital and owner of assets including data/digital assets – even if the product is an app available online with a relatively small number of users.

  • Consolidate data ownership: Personal data is an essential element of business flow. Many SMEs use online software-as-a-service tools to manage their business processes and since one tool may not give them all functionalities, data often resides in multiple sets. It’s therefore critical that businesses build their data asset inventory and document who is owner/active custodian of data sets available. 

This is good business practice and will provide GDPR and compliance objectives.

orange banner.jpg

STRATEGISE

  • Establish and evaluate scope of compliance: Consult your legal advisor to determine your scope of compliance. SMEs often operate as virtual organizations with staff working in different geographies and governed under different cyber security and data protection laws. Similarly, digital product consumption is global. It is therefore critical that SMEs draw a clear scope of compliance.

The scope of compliance needs to be evaluated to identify possible risk avoidance strategies, for example switching to a same country cloud service provider. Why climb the hill when you can go around it?

  • Determine optimum compliance budget: Businesses need to establish an optimum compliance budget. It is important that management considers overall scale, sensitivity and competition parameters on personal data use. If a business uses significant personal data then GDPR compliance is a necessity. If however, GDPR compliance is also expected to offer competitive advantage then it’s important to have marketing team on-board and share some costs. Organisations can subscribe to numerous GDPR compliance services rather than making capital investments.
orange banner.jpg

OPERATIONALISE

  • Evaluate “DPO as a service”: GDPR requires an organisation to appoint a person in the position of Data Protection Officer - DPO. But, it gives flexibility to have the DPO position as a full time, part-time, shared or a contract resource.  In order to reduce cost whilst maintaining compliance, SMEs must explore the option of appointing a shared DPO.

The DPO credential requirements are quite unique and “DPO as a service” provides SMEs the most efficient and practical support on compliance. The business should evaluate the DPO’s personal competence, intellectual property and support team available to address the variety of challenges that GDPR compliance is expected to present.

  • Move to a managed service model with suppliers and insist on their GDPR readiness: Outsourcing or specialised sourcing is a great way of implementing efficiency and business compliance. Due to shared cost overheads, the impact of particular compliance drops significantly. In line with this strategy, organisations should move to a managed service model for the parts of their business operations which fit their outsourcing strategy. During the implementation of a managed service strategy as a business or efficiency initiative, specialised focus should be given on compliance. This should reflect in the contractual terms that are entered as well as the governance framework for performance management. 

The Data controller will continue to remain accountable, sourcing a specialised and compliant data processor may just relieve management of large recurring compliance investments.

  • Market your GDPR compliance as a competitive strength: SMEs need to market the GDPR compliance of their product and business to derive competitive leverage. Large businesses have much higher at stake in terms of penalties and brand loss but they also have compliance budgets and programs for internal systems and processes. These compliance programs include ensuring current and prospective suppliers are GDPR compliant.

Being ahead in the race for compliance and marketing it as a strength would avoid elimination on compliance grounds and lend a power advantage during techno-commercial negotiations.

  • Implement cyber security hygiene practices: The key concern of regulatory (ICO) wrath will originate from two sources - A serious complaint from a data subject on systemic non-compliance or security incidents of personal data leakage impacting individual privacy. It’s therefore important to note that more than 70% of security incidents result from weak implementation of security basics, e.g. “admin-admin” username-password combinations, out dated unpatched systems, common password sharing, firewall any-any configurations, more than need/role based access, insider collusion, etc. 

Implementation of good security basics (refer to Cyber Essentials ©) which includes managerial and technical controls gives moderately strong data protection assurance to business management and will shield against higher penalties.

  • Take insurance cover: If the business is focussed on personal data, it is critically important that the organisation has cyber insurance cover. 

This cost will provide the necessary oxygen in case of multiple controls failure. With a constant rise in cyber incidents and a higher participation of insider agents (employees, ex-employees, suppliers staff), data leakages by error can lead to fines, loss of goodwill, disruption of operations and significant erosion of customer confidence and revenue. There could be additional liabilities emerging from suits that may be filed by customers, investors or partners.

orange banner.jpg

TRANSFORM

  • Embrace privacy be design: SMEs need to make a fundamental shift on data governance. Their products, processes and customer interactions need to respect personal data from collection to disposal. They need to evaluate concepts of data minimization, data segregation, data retention, identity management, disclosures, consent and lawful/agreed processing norms. The concepts of the data lean organisation needs to be implemented.

This is a cultural change which DPOs are expected to drive as they operationalise their roles for GDPR compliance.


Check out our content & resources:

Comment

GDPR will drive "Data Lean" Organisations

Comment

GDPR will drive "Data Lean" Organisations

Orange_Line_button.png

G.D.P.R

A Driving Force of 'DATA LEAN' Organisations

GDPR presents a unique opportunity for organisations to benefit from becoming “Data Lean”. This is a complete reversal of the current business mind-set where organisations collect maximum data about their current and potential customers because they believe it helps them to understand their needs better. The days of unauthorised data mining for upselling / cross selling certainly are numbered.

GDPR compliance necessitates organisations to change their business practices and data management systems. For example:

  1. Data Minimisation: The concept of data minimisation requires that only necessary data is collected as relevant to the business objective of the activity. Today organisations manually and automatically collect unnecessary data from customers so they have the option to mine it for future business purposes. Under GDPR, Data Controllers would be prohibited in collecting unjustified large data sets.
     
  2. Rights of Data Subject & Responsibilities of Organizations: GDPR grants individuals the right to enquire and seek all their personal details with the organisation to be provided within 30 days. Similarly, individual’s right to be forgotten implies an individual may demand deletion of all his/her personal data in all systems with the organisation. In order to comply, organisations will require all of their databases that contain personal data to be integrated or centrally managed across modern and legacy systems. Hence the limited the number of databases that store personal data the simpler the life for data controllers and processors.
     
  3. Data Processing, Sharing & Consent: GDPR requires organisations to seek individual consent for the purpose(s) that their personal data shall be used. It also requires explicit consent on sharing of data with 3rd parties and associates. Specific and Explicit consent provisions tie the hands of the organisations to “creative analytics” of personal data. It also limits organisation freedom to data partnerships for cross sales. Stretching the use of data to gain marketing leverage would certainly encourage individuals to use their right to object and/or withdraw consent.
     
  4. Data Relevance and Deletion: GDPR requires organisations to inform individuals how long their personal data shall be retained at the time of collection. To comply - organisations will need to envisage the time utility of data before the data collection activity and delete data after it has completed the committed time-frame. Alternatively, individuals are empowered to demand deletion at any time. This balance of rights would ensure that organisations only keep relevant data with themselves and adopt an effective data deletion policy.

GDPR compliance will drive organizations to maintain only necessary personal data which they need for agreed business purposes. While the cost of storing data is declining the cost of managing and safeguarding isn’t.

The advantages of becoming “Data Lean” include limited exposure to data loss issues, customer liabilities, regulatory wrath and goodwill damages as well as reduced cyber insurance premiums for compliant organisations.


VISIT OUR CONTENT:

bar.png

Comment

GDPR: Force for Good or an Evil Necessity ?

Comment

GDPR: Force for Good or an Evil Necessity ?

orange banner.jpg

GDPR: Force for 'Good' or an 'Evil' Necessity

by Alex Pavlovic - GDPR 'Strategist'

For those of you who were involved in the much maligned and, at the time, over-hyped Y2K or the ‘Millennium Bug’ you could be excused for thinking that with the General Data Protection Regulation (GDPR) there is a sense of déjà vu. 

The “It’ll never happen” versus the “sky is falling on our heads” camps seem to be resurfacing.

millbug.jpg

It’s been 20ish years since the Y2K project work started. I worked in a trading floor environment at the time and there was a huge, aka expensive, project to identify systems and processes impacted by the date change; the risks of doing nothing far outweighed the investment. Quite a few instances were discovered and we did identify issues with hardware and software.

Was it the end of the world like some predicted: No
Would it have impacted operations on January 2nd until they were fixed: Yes.  
Would we have been able to trade: hmm, tricky - quite a few database and spreadsheet issues were identified. But was it a timely overhaul of outdated systems and processes: Yes.

What the lead up to Y2K did do was focus staff, and most importantly, the executive’s & senior management’s attention to the risks and impact of not doing anything - sound similar to some current conversations ?  
The risks of doing nothing far outweighed the investment; at the time there were early and late remediation adopters.

Did that result in getting systems, infrastructure and controls updated (things which IT had been crying out for): Yes.

 
 

GDPR has rightly been identified and embraced by organisations (it could be said, long overdue) and plans are finally being developed to rectify the omissions in technical and organisational controls/measures. High profile projects once again have the Executives’ attention and support, albeit grudgingly in some cases.  Commitment for resource and budgets are once again being given and remediation work has commenced.  

THINKING 2.png

If the controls aren’t implemented will it be the end of the world: No, though it could knock a hole in a company's finances.
Will it impact operations: it could do if a regulator orders a company to halt processing.
Will it be a timely overhaul of outdated systems and processes: I certainly hope so !

Thoughts ?
Leave your comments down below...


 
alex.jpg

ALEX PAVLOVIC

GDPR 'Strategist' &
Lead Consultant

Alex is a Lead Consultant with 25 years of IT, Audit, Information Security and Risk Management experience. He is a specialist in the GDPR and is an advisor and implementation manager for multiple clients across a wide range of industries.

If you are interested to run or participate in GDPR sessions, contact: alex@securestorm.com 
 

Visit our content:

bar.png

Comment

Cloud Champion

Comment

Cloud Champion

Meet techUk'S 'Cloud Champion'


Cloud is fundamental to the UK’s digital future. But an organisation’s decision to move to the cloud will mean organisational change. Leading employees, particularly IT professionals, feeling anxious about how the cloud will impact the way they work. This level of change will for many be a significant step change and cultural shift in how IT services are consumed. If not properly managed organisations could struggle to fully optimize the full potential of cloud.

The purpose of techUK’s ‘Cloud Champion’ campaign is to showcase technology leaders that are playing a leadership role in championing and supporting organisation’s move to the cloud. The campaign will highlight best practice by leaders that are creating cloud enabled organisations, across all sectors, and a cloud driven workforce that will be vital for the UK’s digital future.


Securestorm are techUK members and fully support the organisation's wider initiatives by  participating in meaningful dialogues, strategy measures and thought-leaderships. Read the recent coverage about the 'Trust In Cloud' initiative and access the research papers here.

About: Securestorm are dynamic cyber security experts that delivers practical advice with the aim of meeting and solving challenges across Cloud and Cyber Security domains. With a combination of experience, expertise and strategy, Securestorm offers guidance to clients across Public and Private sectors.
Securestorm holds several accreditations, notably being NCSC Certified Cyber Security Consultancy, Crown Commercial Suppliers, and ISO:27001. Furthermore, Securestorm are also industry prominent for its proven delivery capabilities.

Comment

Meet Chris: Army Combat Engineer to Cyber Security Professional

Comment

Meet Chris: Army Combat Engineer to Cyber Security Professional


a veterans journey to civilan life


                              Chris Smith, Royal Engineer                                         British Army

                            Chris Smith, Royal Engineer
                                        British Army

When Chris Smith, a Royal Engineer veteran, left the military recently he wasn't sure what to do next — a dilemma for many former military personnel.

But Chris eventually found his calling in the technology industry, and is now rapidly making the transition from military life to the professional services environment.  

Chris's move into technology began when he enrolled into the AWS re:Start initiative where his interest in the area of Cyber Security got him a work placement with Securestorm Ltd.

Chris said, "I was initially lost, but once I found out about the opportunities within Cyber Security and the support available to me, I knew this was my future. The Securestorm placement combined with AWS re:Start initiative gave me direction, confidence and re-assurance which is vital to anyone who is coming out the military and pursuing a completely new avenue. Most folks do not realize how daunting the transition to civilian life can be!"
 
Chris 3.JPG

Army Engineer

Typical Day at the Army

Chris 2.JPG

On a 'Mission'

Military life

 

Chris is now a Security Analyst for Securestorm Ltd., the leading Cloud and Cyber Security consultancy based in London. As a National Cyber Security Center (NCSC) certified organisation, Securestorm works closely with public and private sector clients advising on security matters. This gives veterans like Chris a first-hand working experience within a diverse setting and an all-round exposure facing various customers across the industry.


  Giving Veterans a Fresh Start in Technology


Building Talents: The AWS re:Start Programme for Military & Securestorm Placement Program

The AWS re:Start for Military is aimed at supporting members of the UK Armed Forces community and guards with training and job placement program. This program is designed to educate young adults, military veterans, members of the military reserve, those leaving the Armed Forces, and service spouses on the latest software development and cloud computing technologies. Securestorm are AWS partners and are heavily involved in getting new minds get the necessary training, education and development to make it in the field of Security.

 

                  Interview: Meet the Recent Graduates

 
As the visionary head of Securestorm, CEO Mandeep Obhrai stated, "We are committed to our partnership with AWS as we embark on diverse initiatives from bringing innovative security solutions to supporting the community around us through a well-developed training and placement program. As a start-up with multiple achievements in our sector, we can help inspire, motivate and mentor new starters in technology on a very personal level with adequate support and nurturing along the way".
Army veteran turned leading Cyber & Cloud strategist, Tony Richards, CTO & CISO of Securestorm said, "While most former military personnel do not have cyber-security training, they do have compatible skills, teamwork spirit and are extremely focused by nature. These qualities are essential to our industry. Being receptive to learning, development and mentor-ship are perhaps more important than having only technical skills especially considering the fast-pace changes in the digital cyber industry.
 
Image uploaded from iOS (3).jpg
Image uploaded from iOS (2).jpg
 

HIGHLIGHTS FROM AWS SUMMIT 2017 PRESENTATION - Watch the Keynote --> here

  AWS Summit 2017 - CTO/CISO Tony Richards with AWS re:Start hire Chris Smith

AWS Summit 2017 - CTO/CISO Tony Richards with AWS re:Start hire Chris Smith

He also added, "We have a collective role to provide support for veterans. At Securestorm, we believe in building upon initiatives such as the AWS re:Start. This goes beyond getting veterans back to normal life as the industry needs to recognize what they have to offer. There is a big opportunity to fully develop veterans’ skills and train them to be specialists in order to meet the rising national skills shortage in technology, particularly the vast field of Cyber and Cloud Security.


get involved with us !


As part of our commitment to the industry, Securestorm provides a broad range of training, learning and development initiatives for our people to achieve their career goals.

For questions and queries related to Security advice or interviews please email: enquries@securestorm.com. For current employment opportunities email: careers@securestorm.com. 


Comment

On Cloud 9

Comment

On Cloud 9


No. 9 brings a single iteration of 'G-Cloud'


G9 has officially replaced G-Cloud 7 (G7) and G-Cloud 8 (G8) to bring about consistent information about all services to bring more of the G-Cloud buying journey online.

Buyers and suppliers will be able to use one set of contracts for all their G-Cloud services.


securestorm on g-cloud 9


Securestorm has been officially been awarded G-Cloud 9 status following the success of the previous G-Cloud versions. Securestorm are committed to bring innovative as well as cost effective solutions and services that are practical to help Government organisations be secure from cyber-threats as well as manage resources effectively.  

Securestorm CTO, Tony Richards, added "It is great to be live on G9. Keeping in-line with the launch of previous G-cloud iterations, Securestorm is further committed to delivering more, offering streamlined services and exclusive solutions such as the award-winning EdgescanThis combined with our industry experience, delivery capabilities and subject matter expertise on trending threats will no doubt once again see us successfully solving security challenges for our clients across the Government." 

The following services by Securestorm can be found on the Digital Marketplace:


CONSULTANCY SERVICE


CLOUD SECURITY

EXPERTS

Cloud services such as Amazon Web Services or Salesforce are increasingly being used but often do not utilize all of the security options available.

Securestorm, an NCSC certified Cyber Security Consultancy, assists customers in defining their security needs and designing and assuring security of public, private or hybrid cloud services.

Features

  • Certified under the NCSC Cyber Security Consultancy scheme
  • AWS Partner
  • Certified (CCP) Cyber Security Professionials
  • Cloud Security Alliance STAR Lead Auditors
  • (ISC)2 Certified Cloud Security Professionals (CCSP)
  • Cyber Essentials certified company
  • AWS secure for OFFICAL Architectal Design and Cloud Formation Templates
  • Leaders in secure OFFICIAL environments architecture design and review
  • Review of AWS or Salesforce Identity & Access Management permissions
  • Review security options chosen and those available against best practices
  • Assessment and review of AWS instances and configurations

Benefits

  • Company certified under the NCSC Cyber Security Consultancy scheme
  • Deep dive Security Assurance and Audit previously conducted of AWS
  • Ensures compliant and secure cloud services for your organisational needs
  • Utilising the inherent security of cloud services for reduced complexity
  • Understanding of security options for current or future deployments
  • Recommendations for user role and privileges to meet business requirements
  • Improved audit and incident response capability
  • Expertise in delivering secure cloud services to existing G-Cloud customers
  • Deep dive Security Assurance and Audit previously conducted of Salesforce

Securestorm are actively working to champion Cloud Security best practices that enable Government and businesses to run more efficiently and cost effectively. Read about our contribution and best practices in a recently published research papers:


EXCLUSIVE ON G-CLOUD


 
 

Edgescan - Continuous Technical Security Vulnerability Assessment

Edgescan is a managed, Continuous Technical Security Vulnerability Assessment service with continuous, security testing and system visibility that delivers a unique service combining full-stack vulnerability management, asset profiling, alerting and risk metrics. As official partners, Securestorm, an NCSC certified company, will assist customers with on-boarding the service and portal configuration.


OTHER G-CLOUD SERVICES


 
 

CLOUD SUPPORT

CLOUD SOFTWARE

Knack - "Low Code" Application and Database Pilot Development platform

Knack is an easy to use "Low-Code" development platform that Securestorm can provide as a pilot development service that lets you quickly build online applications and data databases as a proof of concepts. With Knack you can structure data, connect by linking related records together and extend data integrations.

Knack Low Code Development Platform Consultancy

Securestorm provides expert consultancy on how to use Knack, the "Low-Code" development platform, including: setup, configuration, management and development. Knack is an easy to use "Low-Code development platform", suitable for OFFICIAL information, that transforms data into powerful online databases, with clean interfaces, and requires no coding.

 
 

CLOUD SOFTWARE

CLOUD SUPPORT

Nol-ij, the Continuous Information Risk Management Dashboard

Nol-ij is a cost effective, Continuous Information Risk Management Dashboard, that supports and streamlines governance, information risk management and security assurance through identification, evaluation, treatment and management of strategic, operational and project security risks, ensuring decision makers have the necessary information at their fingertips to confidently manage their risk portfolio.

Nol-ij Configuration, CUSTOMIZATION and Support Consultancy

Nol-ij, the Continuous Information Risk Assessment Dashboard can help organisations identify, track and minimize the information risks inherent in their systems and services. Securestorm provides expert consultancy to assist and enable organisations to setup, configure or even adapt and customize the Dashboard to their needs.

 


QUESTIONS ?


To request for a for additional information on any services tailored to your organisation's infrastructure, budget and considerations please get in touch via enquiries@securestorm.com or call 0203 8655890 for advice and consultation. Additionally visit our technology services directory www.Informd.Online to view assurance reports services.

Comment

Road to Victory

Comment

Road to Victory

2017 CYBER SECURITY AWARDS FINALISTS

Securestorm Ltd. are pleased to announce that they have been selected as finalists in the Consulting Practice of the Year for the 2017 Cyber Security Awards. The Cyber Security Awards were established in 2014, to reward the best individuals, teams and companies within the cyber security industry. Excellence and innovation are core themes, throughout all categories. The Cyber Security Awards team, reviews the industry, looking for the best possible applicants.

The winners will be announced at the Cyber Security Awards dinner and presentation at the Chelsea Harbour Hotel on Thursday 29th June 2017.

Awards judge Karla Jobling said “there were more applicants this year than ever before and to be selected as a finalist is a great achievement. The Cyber Security Awards really focus on success and innovation, and we look for those who have passion, for what they are achieving within Cyber Security. I am excited to celebrate with all finalists in June, and announce those that judges feel are deserving winners.”

Mandeep Obhrai, CEO Securestorm stated "We are proud to be finalists for the best consulting practice of the year.  Over the past few years cyber-threats have evolved and we have been marking our success based on how we have delivered practical solutions to critical cyber challenges faced by our high-profile clients. This approach has carried us far and earned us the title of being the industry experts." 

Tony Richards, CTO Securestorm said on the occasion "This is a good motivation for our achievements. We have been hard at work getting on-board a number of specialist Cyber Security frameworks and among the few who are NCSC Certified for various cyber security services from the very start. We hope to use this news to fuel our drive for furthering our technical expertise in the industry."

About the Cyber Security Awards

Situated at the luxury 5* Chelsea Harbour Hotel London, the Cyber Security Awards is a leading awards event for the cyber security industry. The event consisted of reception drinks, 3 course meal with wine, coffee and petit fours. The cyber security awards is the ideal event to gain recognition for your success within the cyber security industry. At the awards, you can expect to network with leading industry professionals from consultancies, technology firms, defence businesses, FTSE 250 and public sector bodies.

About Securestorm

Securestorm Ltd. are leading cyber security experts that provides practical advice with the aim of simplifying challenges in the domains of Cloud and Cyber Security. With a combination of experience, expertise and strategy, Securestorm brings innovative delivery and subject matter expertise to the industry across Public and Private sectors. Securestorm are NCSC Certified Cyber Security Consultancy for Risk Assessment, Risk Management, and Audit & Review. Furthermore, Securestorm are also an approved CCS, CESG, Cyber Essentials and ISO 27001 certified consultants with presence on the G-Cloud, Cyber Security Services 2 and Digital Outcomes and Specialist 2 frameworks.

Comment