ITV360: end-to-end ZeroRisk IT starts here!
ITV360 is a holistic, modular, affordable approach combining GRC (Governance, Risks and Compliance), digital resilience and optimum performance.
In particular smaller organizations are struggling with the ever more demanding IT environment and support processes. This is partially because of the high level of business process automation and underlying digitization; partially because of the safety requirements due to GDPR.
While ITV360 scales very well, it is especially developed for these smaller organizations. It helps them with making things run like clockwork (again) without sky-rocketing the TCO (Total Cost of Ownership).
The following territories are covered:
- Digital resilience & integrity:
- Identity & access management being the starting point for an end-to-end, ZeroRisk policy.
- Hybrid applications and dito IT-infra vulnerability testing, monitoring and management.
- Availability and performance:
- End-to-end testing, monitoring and management; including load & stress testing of applications, systems and networks.
- A GRC approach taking organizational/GDPR/ISO27001/ISO27002 aspects into account; including compliance and audits.
The main goal is helping organizations with a high performing, secure application and IT environment.
The expected outcome is optimum resilience, availability and performance for your organization and the supporting business applications. This is because the data from one territory is re-used in other territories.
Typically resilience and integrity of any given application and IT environment is based on point solutions:
- A firewall with IDS and IPS capabilities
- Antivirus and EDR agents protecting endpoints
- SIEM for forensic analysis
However, those point solutions don’t interact with each other. Meaning that if one detects a problem, there is no interaction with the others. Let alone making configuration changes preventing problems from spreading to other endpoints.
Combining MFA with vulnerability scanning and monitoring in an automated way gives you the best possible protection. Meaning the chance of becoming affected by some malicious user installing malware is close to zero due to an end-to-end ZeroRisk policy across an application chain; more information is found here.
This step is about visibility on the end-to-end behavior of applications as experienced by users. This can be real users and virtual/test users.
The end-to-end, user plane is important; especially with multiple service/cloud providers. This is because typically, the service/cloud providers are reporting that all SLA’s are in the green. While at the same time, users are complaining about applications not behaving as expected.
The virtual/test users are used in 2 ways: (1) – on-going availability and performance testing and (2) – load testing of applications, systems and networks.
Combining this with protecting endpoints, applications and networks is important. This is because any kind of protection may result into applications not behaving as expected by any kind of user.
Diagnosing applications, systems and networks that are not behaving as expected is a 3 step approach:
- Getting the basics right
- Determining where the delays are coming from.
- Determining the root-cause and its dependencies.
More on information on these 3 steps is found here.
Like any typical GRC (Governance, Risks and Compliance) approach, we are covering the following topics:
- Internal organization structure and business processes.
- Change- and innovation programs.
- Cooperation with customers and suppliers.
However, this is where the comparison stops. From here on, we help with an automated follow-up by re-using existing documents. There are numerous advantages:
- By re-using existing Word- and Excel-documents, it is easy to get started as well as maintaining the system; no need for legal- and GRC-specialists.
- Weekly, monthly and yearly adjustments of existing Word- and Excel files is not needed.
- Auditing efforts are reduced with at least 50% by combining similar controls. For example combining GDPR and ISO27001 controls.
- Automated checks; including risk and impact analysis. For example the outcome of an awareness assessment among the people in your organization.
As a result, all the information for the next round of audits is available at your fingertips.
Once completed, the level-of-effort to any upcoming audit is limited to following-up the reminders as coming out of the system.
Fill in the form below if you want to learn more about our application and data integrity solutions.