ITV360: for end-to-end ZeroRisk IT and applications

The shortest path to optimum resilience, performance and availability

In particular smaller organizations are struggling with the ever more demanding IT environment and support processes. This is partially because of the high level of business process automation and underlying digitization; partially because of the security and privacy requirements due to GDPR.

ITV360 is designed for these smaller organizations. It is a holistic, affordable approach based on building blocks combining optimum resilience, performance and GRC (Governance, Risks and Compliance).

The following territories are covered:

  1. Digital resilience & integrity:
    • Identity & Access Management (powered by Directory-as-a-Service) is the starting point for an end-to-end, ZeroRisk policy.
    • Hybrid applications and dito IT-infra vulnerability testing, monitoring and management.
    • Protect your devices and data from different disasters like malware, ransomware and IT failures (hard- and software).
  2. Availability and performance:
    • End-to-end load & stress testing of applications, systems and networks.
    • Performance and availability monitoring/management; including the real user experience.
    • Troubleshooting-as-a-Service.
  3. A GRC approach taking organizational/GDPR/ISO27001/ISO27002 aspects into account; part of which is:
    • Assure successful patching and updates.
    • Assure backup, restore and disaster recovery based on a pre-defined RTO/RPO.
    • Prevent data leakages, malware and ransomware.

The main goal for all 3 is helping organizations with a cost effective, high performing, secure application and IT environment.

Expected results

The expected outcome is optimum resilience, availability and performance for your organization and the supporting business applications. This is because the data from one territory is re-used in other territories.

Typically resilience and integrity of any given application and IT environment is based on point solutions:

  • Network segmentation with firewalls that support IDS, IPS and webfiltering
  • AntiVirus and EDR agents protecting endpoints
  • Backup, restore and disaster recovery
  • SIEM for forensic analysis across all these area’s

However, those point solutions don’t interact with each other. Meaning that if one detects something that is not behaving as expected, it is challenging (if possible at all) to interact with the other point solutions. For example by making configuration changes preventing problems from spreading to other domains and endpoints.

Combining Directory-as-a-Service with MFA, realtime vulnerability scanning/monitoring and backup/recovery in an automated way gives you the best possible protection with the lowest TCO. Meaning the chance of becoming affected by some malicious user installing malware is close to zero due to an end-to-end ZeroRisk policy across the complete application and IT chain; more information is found here.

This step is about visibility on the end-to-end behavior of applications as experienced by users. This can be real users and virtual/test users.

The end-to-end, user plane is important; especially with multiple service/cloud providers. This is because typically, the service/cloud providers are reporting that all SLA’s are in the green. While at the same time, users are complaining about applications not behaving as expected.

The virtual/test users are used in 2 ways: (1) – on-going availability and performance testing and (2) – load testing of applications, systems and networks.

Combining this with protecting endpoints, applications and networks is important. This is because any kind of protection may result into applications not behaving as expected by any kind of user.

Diagnosing applications, systems and networks that are not behaving as expected is a 3 step approach:

  1. Getting the basics right
  2. Determining where the delays are coming from.
  3. Determining the root-cause and its dependencies.

More on information on these 3 steps is found here.

Like any typical GRC (Governance, Risks and Compliance) approach, we are covering the following topics:

  • Internal organization structure and business processes.
  • Change- and innovation programs.
  • Cooperation with customers and suppliers.

However, this is where the comparison stops. From here on, we help with an automated follow-up by re-using existing documents. There are numerous advantages:

  • By re-using existing Word- and Excel-documents, it is easy to get started as well as maintaining the system; no need for legal- and GRC-specialists.
  • Weekly, monthly and yearly adjustments of existing Word- and Excel files is not needed.
  • Auditing efforts are reduced with at least 50% by combining similar controls. For example combining GDPR and ISO27001 controls.
  • Automated checks; including risk and impact analysis. For example the outcome of an awareness assessment among the people in your organization.

As a result, all the information for the next round of audits is available at your fingertips.

Once completed, the level-of-effort to any upcoming audit is limited to following-up the reminders as coming out of the system.

Discover the entrance and where they are comming from with ITV360/ITV-360

Hack attempt in action!

Automated ISO27001/AVG compliance with ITV360/ITV-360

Cyclic awareness training

 

Learn more

Fill in the form below if you want to learn more about our application and data integrity solutions.