2022-12-05 - Version 2

Centralized Identity Management: A Guide

Modern IT environments are incredibly diverse, and while this is great for many reasons, it can also make the IT department’s job more difficult. Today’s environments are often comprised of a mixture of on-prem and cloud resources, corporate owned and BYOD devices, varying device and operating system (OS) types such as Mac, Windows, Linux, iOS, Android, and more.

All of these factors, plus the popularity of hybrid work, add complexity around managing identities and sometimes make it feel like centralized and simplified identity management is out of the question. Luckily, this is not the case at all, though some organizations might need to adjust their infrastructure and tool choices to be more future-proof to achieve a modern and unified identity management strategy. Let’s take a look at why that is and how it can be done.

Centralized Identity Management Barriers

As mentioned above, heterogenous IT environments can be a problem for IT, because resources live in many different places, employees work from all over the world, and there are a plethora of device and OS types out there.

Here’s how some of these factors affect identity management:

Cloud and on-prem resources: It can be hard to get visibility into who has access to what resources, and SaaS apps might not connect to a traditional directory such as Microsoft AD.
Hybrid and remote working models: Monitoring, managing, and helping employees that aren’t in the office can be problematic without the proper tools.
BYOD: Personal devices typically don’t connect back to traditional directory services, and they are sometimes difficult or impossible to manage.
Mac, Windows, and Linux device popularity: Most tools are meant to help you manage certain device types but not others, making it hard to keep track of and secure devices that employees use.

All of these factors and more contribute to an incomplete, decentralized identity management strategy in many organizations.

Why Centralized Identity Management Is Key

This decentralized approach is often forced on IT, rather than chosen, simply because of the disparate resources that need to be managed on top of the fact that many organizations use outdated or disconnected IT management tools. This strategy (or lack thereof) can quickly turn into a security and compliance nightmare, an unnecessary weight on IT, a fractured employee experience, and a hit to the organization’s bottom line, among other things.

When users and their digital identities are not centrally managed, it’s virtually impossible to get visibility into their resource access privileges, what devices they’re accessing company resources on (whether company-managed or completely unsecured), what problems they might be experiencing, whether their systems are up-to-date or not, and much more. On top of all of this, Shadow IT is as prevalent as ever, which causes even more security hiccups when left unchecked due to poor identity management.

Considering that 84% of organizations experienced at least one identity-related breach in the past year, you can see how far-reaching the effects of the decentralized identity management problem truly are.

To avoid all of this to the furthest extent possible, IT needs centralized control over all identities, access, and devices, while simultaneously allowing departments and employees the flexibility they need to get work done.

How to Centralize Identity Management

So, the end goal is to provide employees with flexibility in where and how they work, while maintaining the amount of control that you want over their digital identities, access, and devices. To do so, you’ll want to centralize the management of all of these things, as much as possible.

Centralized user management provides IT with the control and visibility over every device, application, and network across the organization, without dictating what resources are the right choice for each group. This strategy saves IT time with easier day-to-day workflows, helps ensure compliance, enhances security, and ameliorates the end user experience.

A modern way to centralize identity management is by adding JumpCloud’s open directory platform to the center of your IT infrastructure. The beauty of an open directory is that it can easily connect to all of your existing infrastructure, as well as any other tools (such as other directories, HR tools, and more) you decide to adopt in the future, allowing your business to evolve and scale with ease. This means that with the JumpCloud Directory Platform, you can centrally manage identities, access, and devices, all from a single, modern platform.

Get complete, centralized visibility into employee identities, what they do or do not have access to, and their devices. With JumpCloud’s identity lifecycle management capabilities, enjoy simplified onboarding and offboarding, add users to groups for easy control, keep devices patched and up-to-date, quickly change access levels, and much more. With this solution, your organization still maintains the flexibility it needs to leverage the best devices, applications, and tools on the market. Plus, you can hire the best talent, regardless of their location, without worrying about how it’ll impact security or how IT will manage them.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About JumpCloud
At JumpCloud, our mission is to build a world-class cloud directory. Not just the evolution of Active Directory to the cloud, but a reinvention of how modern IT teams get work done. The JumpCloud Directory Platform is a directory for your users, their IT resources, your fleet of devices, and the secure connections between them with full control, security, and visibility.

2022 JumpCloud

New Subscription Tab

Do you want to view the details of your purchased license? Need to send the license PDF to your CFO? This one is for you. In your dashboard, navigate to Settings -> Subscription. Click the three dots icon at the right to download the report. New and easy license view, just for you!

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

vRx 2022

Choosing the Right Access Control Model

In my previous article, Code security and safety tips when making guidelines, I mentioned that it is very important to give someone access based on the role assigned in your system. I have also mentioned the 3 most widely accepted access control models: Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Permission Based Access Control (PBAC).

Choosing the right access control model for your project/organization is of great importance from a security point of view. With the proper implementation, you can prevent unauthorized access to the resources. Thus, you can prevent possible attacks.

There are more access control models, and I will try to show you their differences. By doing that, I will help you choose the best model for your application.

How to determine which access control you should give to the user/employee?

First, you would need to identify the person’s job. Then you would need to authenticate them by their identification, and then you would need to grant a person access to the hardware/software they need. By doing that, you must ensure they have the right level of permission to the organization’s resources to do their job. At this stage, you would need to choose the type of access control model.

Main categorization of access control models

There are 6 main types of access control models:

Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Role-Based Access Control (RBAC)
Rule-Based Access Control
Attribute-Based Access Control (ABAC)
Risk-Based Access Control

Mandatory Access Control – This model gives access controls only to the system’s owner. The end user doesn’t have any rights. The system owner can allow the end user which resources to access. This model has the highest level of restriction compared to the other models.

Because of its restrictive level, this model is used in government facilities and/or the military.

This model is also connected with two security models: Bell-LaPadula and Biba.

Biba allows the user with a lower-level classification to read higher-level info and the user with a higher-level classification to write to lower levels.

Bell-LaPadula allows the user with higher-level classification to write on its level and not on the lower levels, but they can read at lower levels.

If you want to know more about these two security models, check out Bell-LaPadula and Biba video. You can also check out Clark Wilson model, which focuses on upholding integrity.

Discretionary Access Control – This model gives all access controls to the user. It is the opposite compared to the MAC. As you can guess, the implementation of this model can lead to many cyber attacks, so you must be very aware of its flaws if you plan to use it.

Role-Based Access Control – This model gives predefined permissions based on the employee’s position. This can be tricky to implement if you need to later modify a person’s permissions and provide some specific access to some resource.

Rule-Based Access Control – This model gives access control based on rules. The system administrator manages the rules, checks the boxes, or adds some code to the settings. In the web application, this can be implemented in some settings page where you would have, for example, a list of rules, and by each rule you would have some check box. Depending on which of the rules you will check, you can save it and have the rules list you can use to assign to someone/or some custom role, etc.

Attribute-Based Access Control – This model is defined by attributes. Attributes are tightly coupled with subject, object, environment, and actions. This means that we would have a lot of variations based on mentioned attributes, which could lead to increased implementation difficulty/complexity.

Risk-Based Access Control – This model gives access based on risk evaluation. Mainly the profile risk of the user who is going to log in is evaluated. For example, if the user logs in from a different location, the risk is higher, and they will be prompted to further authenticate.

Example of implementation of Role-Based Access Control in the web application

For this example, I am going to use the Angular framework. You will see in the code below that I am checking roles in two cases. The first case is when you navigate to a certain page if the user has access to it, and the second is if the user has access but should be permitted to see a certain part of the page, or they have just read rights but not write…

Create RoleGuard class that will implement the CanActivate interface. As mentioned on the Angular official site, the canActivate method will return true if the route can be activated. It will give the access and false if the requested route cannot be activated.

As you can see from the code, in local storage, roles were stored, and in the isRoleAssigned method, it is checked whether the user has the required role from the list of roles in the method’s input. If the user has the role, the method will return true, and it will navigate to the required route, and with false, the user will be redirected to the home page, for example (or maybe some custom page).

import {
 ActivatedRouteSnapshot,
 CanActivate,
 Router,
} from "@angular/router";
 
@Injectable()
export class RoleGuard implements CanActivate {
 constructor(
  private route: Router,
  private _localStorage: LocalStorageManager
 ) {
  }
 
 public canActivate(route: ActivatedRouteSnapshot): Observable<boolean> | boolean{
  return this.isRoleAssigned(route.data.roles);
 }
 
 private isRoleAssigned(roles: string[]): boolean {
  let assignedRoles = this._localStorage.retrieveObject(
   this._localStorage.roles
  );
  if (assignedRoles.roles.filter(role => roles.includes(role)).length > 0) {
   return true
  } else {
   this.route.navigateByUrl("home");
   return false
  }
 }
}

In app.routing.ts, import RoleGuard and as you can see, we are sending in the data, which is a list of roles someone needs to have to get to the wanted route.

import { RoleGuard } from "./auth/role.guard";
 
export const routes: Routes = [
…,
 {
  path: "user-statistic-report",
  component: UserStatisticReportComponent,
  data: { title: "User Statistic Report", roles: ["Manager"]},
  canActivate: [AuthGuard, RoleGuard],
 },
…

That part explained the routing part. The code below will present the state of the button based on the role.

So, I have implemented the role service in which I get assigned roles. And I am calling it on the page to check whether the user has the required role. For example, are they a Manager or an Admin.

 get isManagerOrAdmin() {
  return (
   this.roleService.userRoles &&
   (this.roleService.checkRole(Roles.MANAGER) || this.roleService.checkRole(Roles.ADMINISTRATOR))
  );
 }

When the page is initializing, I will call the mentioned method, and based on the outcome, I will enable or disable the button that has the function of saving the report.

 ngOnInit(): void {
  if (!this.isManagerOrAdmin) {
    this._buttons.find(x => x.title === "Save report").display = false
  }
…
 }

Conclusion

Establishing the model you want to use that is the best for your project/organization is very important. For example, a company with smaller applications will easily implement the Discretionary Access Control model. And other companies whose applications contain highly confidential or sensitive information would prefer to use Role-Based Access Control or Mandatory Access Control models.

I would say put everything “on paper” before you choose the right model; All the requirements your project/organization now has and the ones it could have in the future.

Cover photo by Victor Forgacs

#appSec #accessControlModels

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

2022 vRx

You needed it and we bring it to you: New Pandora FMS Community!

La nueva Comunidad de Pandora FMS ya está aquí

Pandora FMS Community was first launched sixteen years ago. Today, it has more than 2.5K active members* that visit it to participate, learn, answer questions, and contribute everything they can and know. *4.6K discussion threads and over 16K responses. But the time for change has come!

The new Pandora FMS Community is here!!!

With the growth of the community, and the extensive scope of useful content available, we knew it was time to invest in updates to support our users and welcome new members with open arms. We migrated to a new platform. A platform for Pandora FMS Community that allows new user experience with categorized questions and answers as well as private and public groups. New knowledge base and integrated blog. Because of that, the domain changed from https://pandorafms.com/forums/ to https: //pandorafms.com/community/ But don’t worry, all the previous links are redirected to your new home!

The question is: Why are we launching a new community site?

Simply put, we want to help our whole community connect, collaborate, and share knowledge in every way possible. And this launch is our particular investment to provide you with the technologies and capabilities to enhance your experiences and increase support, education and contribution.

What new features await you?

Private and public groups

Community pioneers

Would you like to contribute with your own ideas? What would you like to improve? This is your group, open to anyone who wants a better IT world.

Power users

Restricted group for users who manage complex Pandora FMS configurations (Open or Enterprise) and want to contribute. Discuss the roadmap, usage issues… Access to unpublished material will be restricted.

Beta program

Pandora FMS Beta program helps to publicize what is currently being developed in Pandora FMS, both in the Community and Enterprise versions, accessing development versions generated daily. These versions can be used to test new features, evaluate bug fixes, and evaluate development progress in test environments. Since the group is closed and small, it is an excellent group to propose improvements, usability failure detection or non-contemplated use cases, etc. To join the group, which is a restricted-access one, you must request access through our community website. In this group there are community users and Enterprise version customers alike, there is no need to give away any personal data or identify yourself in any way, all those who want to be part of the group and can contribute something are welcome.

Community events and workgroups

Whether you are an IT company professional, a teacher of a technical course or an open source enthusiast, this group is geared towards helping coordinate Pandora FMS working groups and events.

Categories established with different topics

Range ranks and badges with karma system updates

Private messaging on the platform

Its main differences with the previous forum?

The previous forum was limited to questions and answers, a forum for pure and simple discussion. The new Pandora FMS online community, in order to enhance bilateral communication between users, integrates many more options apart from the forum:

Its very own blog.
A knowledge base.
Public and private groups.
Q&A.
Resources.
Private instant messaging.
Online merchandising store.

In short, we wanted to open a wide range of information, concentrated into a single place, to make it easier for all of our users to understand so much information, instead of just using it to their advantage.

Conclusions

The new Pandora FMS Community brings together in one place everything you may need to share, expand and improve knowledge about monitoring with Pandora FMS, both for Enterprise users and those from the OpenSource version. It is not just about bringing together people with the same interest, but about taking advantage of the knowledge of the team and the community so that members can achieve their goals in an integrated way in the same place.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

2022 Pandorafms

Why Healthcare Organizations Are Vulnerable to Attacks

And What They Can Do to Thwart Them

Statistically speaking, a ransomware attack can and will likely happen to your healthcare delivery organization (HDO), and if you don’t believe it, let these stats sink in for a minute:

66% of healthcare organizations were hit by ransomware in 2021 (Source: Sophos’ State of Ransomware in Healthcare 2022).
38% of attacks on healthcare—where the attack type is known—were ransomware (Source: IBM Security X-Force Threat Intelligence Index 2022).
19 days: the average length of a ransomware incident (Source: United States Department of Health and Human Services).

To make matters worse, the impact is felt throughout the entire organization when a ransomware disruption happens. The 2021 HIMSS Healthcare Cybersecurity Survey reported that the most significant security incidents caused disruption to:

Systems/devices impacting business operations (32% of survey respondents);
IT Operations (26% of respondents);
Systems/devices impacting clinical care (21% of respondents).

Why are HDOs Particularly Vulnerable to Ransomware Attacks?

Other than the goldmine of valuable data and enormous leverage gained by shutting down critical services (and potentially lifesaving), here are five main reasons why ransomware gangs target healthcare organizations:

Comparatively weak defenses: HDOs are focused on providing healthcare services and rarely have the dedicated budget to build and maintain a solid cybersecurity position.
Lack of cybersecurity specialists: There’s a reason why the world’s largest enterprises either have staff-dedicated security teams or work closely with third-party specialists. Security is a specialized field, and HDOs typically lack the same resources – or their experts are already overburdened.
An ever-expanding attack surface: The IT environment within most HDOs is a complex and expanding mix of legacy systems, traditional on-premises equipment, specialized devices, and hybrid clouds, creating plenty of opportunity for attackers to find and exploit vulnerabilities to gain entry, establish persistence, and escalate their intrusions.
A large employee base: Many—if not most—ransomware attacks begin with a successful phishing email. Phishing campaigns that target HDO employees are executed with skill, and it only takes one mistake from one employee to bypass defenses.
Poor detection, response, and remediation capabilities: Security is a very specialized field, and many HDOs lack these skills in-house and haven’t proactively engaged third-party providers.

While backups aren’t intended to prevent ransomware attacks (and can’t prevent the attackers from publishing what they steal), they have been proven to mitigate the impact by minimizing service disruption, lowering costs, and ensuring business continuity and compliance. Read our healthcare continuity and compliance article here.

The bottom line: The native backup features built into SaaS applications are woefully inadequate to support a disaster recovery process like the one needed after a ransomware detonation.

The bottom line:

Native backup features built into SaaS applications are woefully inadequate to support a disaster recovery process like the one needed after a ransomware detonation.

SaaS Data Protection Is Your Responsibility. Period.

Backing up cloud SaaS data is the responsibility of the SaaS customer, not the vendor. This applies to all of your SaaS applications, including OneDrive, Teams, SharePoint, Exchange, Azure AD, Salesforce, Google Workspace, and practically any other service from any other vendor.

In its own cloud documentation, Microsoft’s “Division of Responsibility” states that all information and data fall under “responsibility always retained by the customer.” If you’re not convinced data loss could happen to you, ESG Research found that 81% of Microsoft 365 users had to recover data, and only 15% could recover 100% of their data.

While SaaS apps like M365 may provide recycle bins, your data is still at risk because these bins have limited storage durations and can be emptied or bypassed with hard deletes, rendering data unrecoverable. Some companies also attempt to replace backup with workarounds, such as litigation hold, but our blog post elaborates on why legal hold is not a reasonable replacement for backup.

Putting items on retention or legal hold can preserve data longer, but an e-discovery search to find missing or deleted data won’t allow you to do a direct restore. Additionally, the data you export may or may not be in a usable, restorable format.

In fact, in the Microsoft services agreement, Microsoft explicitly instructs customers to back up their data, which is directly in line with the shared responsibility model mentioned above:

We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.

Microsoft services agreement

Ransomware Gangs Are Well Organized and Now Targeting Backups

Ransomware gangs aren’t dumb and don’t lack resources. While the perception may be that ransomware groups are a small team of backroom hackers, they actually operate like Fortune 500 enterprises. Their operations are funded by the proceeds of their crimes, and often supported by a shockingly well-developed ecosystem of specialized services, with some even enjoying the protection of nation states.

Because the potential financial rewards are so high, ransomware teams constantly evolve their tactics, techniques, and procedures (TTPs) to find new ways to get into IT environments, inflict maximum damage, and gain maximum leverage.

It was only a matter of time before ransomware operators began targeting backups, leading Microsoft to warn in its 2021 Digital Defense Report that “information disruptors and attackers aggressively search for backup facilities.”

For example, the Conti ransomware deletes Windows Volume Shadow Copies before encryption and disables 146 Windows services related to backup, security, and database capabilities.

The Conti gang and their affiliates also routinely employ multi-week dwell times as part of the strategy to maximize discovery and find and corrupt backups.

Not yet convinced? These TTPs are just part of why their ransom message confidently states: “As you know (if you don’t – just Google it), all the data that our software has encrypted cannot be recovered by any means without contacting our team directly.”

As a result of these ever-evolving tactics, the CISA Alert DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks recommends “ensuring that backups are implemented, regularly tested, and isolated from network connections.” What is true backup? Learn more about it from our blogpost here.

5-Factor Business Case for a Dedicated SaaS Backup and Recovery Solution

1. Fulfilling Regulatory Obligations

Third-party backup and recovery services help you:

Stay compliant by ensuring your data remains immutable and tamperproof;
Secure data and metadata;
Document and recover not just all data but all data processing;
Ensure auditors have full visibility of everything that has impacted the data.

2. Protecting Organizational Continuity

Keeping services operational is essential for maintaining the revenue that keeps an organization running—and having reliable backups that can be quickly restored is vital for returning to partial or complete service.

Sophos reported that 25% of healthcare organizations disrupted by ransomware took up to a month to restore operations.

3. When Disaster Strikes

Data outages in the real world are a matter of when, not if, making your ability to quickly recover essential data an important part of business continuity planning. Learn more in our disaster recovery guide.

4. Avoiding Ransom Payments

If you fear having to face ransom payment demands, consider these stats from Sophos:

61% of healthcare organizations disrupted by ransomware in 2021 paid the ransom. This statistic suggests that no matter how often the board or the finance team says, “We won’t pay the ransom,” there’s a better-than-even chance that when faced with a brutal reality of business disruption, they will pay.
It turns out that paying the ransom isn’t even a guarantee that services will be fully restored. Even ignoring buggy ransomware decryptors (unfortunately a real thing), Sophos’ investigations revealed, “On average, in 2021, healthcare organizations that paid the ransom got back only 65% of their data.”
And if you’re feeling lucky, the Sophos report noted, “Only 2% of those that paid the ransom in 2021 got ALL their data back.”

That’s a poor return for ransoms that typically range from USD 1M to $25M USD.

Those high ransom amounts also mean that even if the business case is made entirely on ransom avoidance, it’s a good bet that a dedicated SaaS backup solution will pay for itself in costs alone the very first data loss incident—not to mention the guaranteed access to and quality of data returned alongside the ease-of-use third-party backup software solutions offer.

Furthermore, as the United States government focuses more on ransomware and its criminal enterprises, paying a ransom may even violate federal laws.

5. Filling Cyber Insurance Gaps and Meeting Coverage Requirements

If you have cyber insurance, you may be wondering if you’re protected from having to pay ransom payments. The reality is that you probably aren’t.

A 2021 research report by MDR provider eSentire found that only 60% of security professionals whose organizations have cyber insurance indicated that their insurer covers the cost of lost business.
In “The Long Road Ahead to Ransomware Preparedness,” ESG Research reported that only 66% of organizations with cyber insurance were covered for ransoms.

Cyber insurance is—at best—a poor solution and having dedicated backups can help lower premiums and protect against areas not covered by insurance policies. We are already seeing a trend where coverage mandates backup.

Ultimately, as mentioned above, paying the ransom does not guarantee your organization will be able to recover data and metadata with great enough fidelity to put you back into operation.

How to Mitigate the Impact – Cloud SaaS Data Backup

When it comes to a data backup solution to circumvent ransom payments, you simply cannot afford not to protect yourself.

There is no shortage of cases where companies pay the ransom and get “data” back, but these companies paying the ransom don’t ever know what condition that data will be in. The way to ensure that your data is safeguarded is to back it up with third-party backup.

SaaS applications and cloud technology have made everyone’s lives easier, however, assuming data in the cloud is safe by default is a cautionary tale in the making and is an assumption that you are likely to regret.

What to do about ransomware: Test Your SaaS Data Risk and Protection Readiness

Completing the following short assessment will help you better understand your SaaS data risk and protection readiness. Simply note a ‘yes’ or ‘no’ in response to the following statements.

Data Risk Assessment:

We have strong IT defenses in place, including endpoint, cloud, and network protection and robust logging.
We have a Security Operations (SecOps) team, Managed Detection and Response (MDR) service, or a similar real-time security function to contain threats that bypass our defenses.
We understand our threat surface, including legacy systems and hybrid IT environments.
We have a robust vulnerability discovery and management program.
All our employees undergo regular, healthcare domain-specific Phishing and Security Awareness Training (PSAT).

SaaS Data Protection Readiness:

We have a backup and recovery solution in place for our M365 application data beyond the limited functionality included within M365.
We can access our data 24/7, even if primary systems are unavailable.
We have a retention policy in place and regularly verify that the procedure is followed.
We comply with HIPAA and other regulatory requirements that apply to our region.
We have tested our M365 restoration processes and are confident that we can fully restore any of our M365 data if it were to be lost.
We are satisfied with the time it takes to restore data, whether we need to restore a specific file or perform a full disaster recovery.
We are satisfied with the time it takes to offboard employees.
We stopped paying SaaS licensing for departed employees.
We can remotely monitor the status of our SaaS applications’ backups.
We can easily get an overview of the total body of data backed up from our SaaS applications.
We are satisfied with the number of resources we apply to backup and related IT tasks.
We understand that cybercrime operators target healthcare delivery organizations and their TTPs target backups.

For both risk and protection readiness, add up the number of times you answered “No.”

If you scored 2 out of 5 or higher on the Data Risk Assessment, your SaaS data is at high risk.
If you scored 3 out of 12 or higher on the SaaS Data Protection Readiness, then it is likely you will encounter serious problems recovering data in the event of a disruption.

To learn more about healthcare organizations and how to secure data in the cloud, access the comprehensive (and complimentary) Keepit healthcare eBook here.

If you’re interested in learning more about Keepit’s backup and recovery solution for protecting and managing cloud SaaS data, continue to Keepit services page.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

2022 Keepit