Cloud computing has profoundly changed the way we do business. Although cloud cost optimisation has become a top priority for organisations (Cloudwards.net), the cloud is still an attractive prospect for many. According to Gartner, enterprise IT spending on cloud computing will overtake spending on traditional IT in 2025.
Cloud is here to stay.
That doesn’t mean that cloud adoption does not have its challenges and concerns for business. It is true that embracing cloud can help businesses improve their agility, scalability and managed costs better, but it is not always a simple or straightforward process, particularly in sectors that have invested heavily in on-premises environments, operate in highly regulated industries or have many legacy applications with complex dependencies and security requirements.
Moving partly or fully to the cloud is a double-edged decision with implications for the business. Not surprisingly, some businesses are hesitant to migrate. The beauty of Cloud computing today is that businesses do not have to choose between only on-premises or only cloud.
They can opt for a hybrid IT architecture. This involves integrating and managing a mix of resources, including physical servers, virtualised systems, private clouds, public clouds, and possibly even edge computing devices.
(Note hybrid cloud focuses specifically on the combination of public and private cloud environments. Multi cloud environments combine multiple providers - Azure, AWS or Google Cloud using multiple private or public cloud setups.)
The goal of hybrid IT is to create a flexible and scalable infrastructure that leverages the benefits of both on-premises and cloud-based solutions. Businesses adopting hybrid IT typically have control over their infrastructure, allowing them to choose the most suitable deployment model for their applications and workloads.
Hybrid IT adoption is increasing
Every business has unique requirements. On-premises setups give companies full control over their servers, data, security and compliance. The downside is that it is expensive to build, secure and maintain. Cloud environments provide flexibility and allow businesses to scale their infrastructure, but data security, compliance and connectivity concerns mean businesses are cautious about adopting a fully cloud-based solution.
As organisations grow and their requirements become more complex, a hybrid IT approach is emerging as a viable solution that combines the best of both worlds.
Why Hybrid IT?
Hybrid IT enables businesses to leverage the benefits of both environments while addressing their specific requirements. For example, sensitive data or applications can be kept on-premises to meet compliance regulations, while non-sensitive workloads or productivity apps can be hosted on the public cloud for scalability and cost-efficiency.
Businesses gain several advantages when adopting this strategy.
Scalability: You can scale up or down your computing resources as needed, without the need for costly hardware or software investments. With hybrid IT, you can utilise the public cloud to handle peak demand or seasonal fluctuations while keeping your core applications and data on-premises or in a private cloud, ensuring better performance and security for critical operations.
Security: Hybrid IT empowers you to meet your security and compliance requirements effectively. By leveraging the hybrid model, you can store and process sensitive data on-premises or in a private cloud, while leveraging the public cloud for less critical tasks. Public cloud providers offer robust security features such as encryption, firewalls, identity and access management, and threat detection, further strengthening your security posture.
Cost-effectiveness: The hybrid cloud enables you to optimise your IT spending by paying only for the resources you utilise. This eliminates the upfront costs associated with purchasing and maintaining hardware and software, as well as the operational expenses of power, cooling, and maintenance. Additionally, leveraging the economies of scale and competitive pricing provided by public cloud providers for specific workloads can result in significant cost savings for your organisation.
Speed: With a hybrid IT, you can accelerate your time to market and foster innovation by gaining faster and easier access to new technologies and services. Utilising the public cloud allows you to swiftly test and deploy new applications or features without concerns about compatibility or integration challenges. Moreover, you can leverage the expertise and support of public cloud providers to enhance your IT operations and efficiency, enabling you to focus on driving innovation and achieving your business objectives.
Think security! Hybrid IT may involve sharing data and resources between different cloud platforms and on-premises systems, which increases the risk of data breaches, cyberattacks, and compliance violations.
Management issues. Managing multiple cloud platforms and on-premises systems, each with its own policies, standards, and interfaces can be a nightmare, leading to governance, provisioning, and scheduling issues, such as inconsistent service levels, resource allocation conflicts, and performance bottlenecks.
Migration pains. Migrating data and applications between different cloud platforms and on-premises systems, which can be challenging due to data transfer costs, compatibility issues, and downtime risks, is something not to be underestimated if going down that route.
Bringing it all together. Integrating different cloud platforms and on-premises systems can be difficult due to software and execution issues. For example, some software designs may need to run on a specific cloud platform or on-premises system for performance or security reasons, while others may need to communicate across the hybrid environment for functionality or collaboration reasons. Infrastructure-as-a-code (IaC) tools can address this pain point. These tools can help you automate the process of creating and managing your infrastructure resources across various environments. Terraform is an example of a such a platform.
Trust issues. You are trusting your data and systems to different cloud providers and on-premises system vendors and depending on the security, reliability, and quality of their services. This can raise concerns about compliance, accountability, and transparency.
It’s not all savings. You can save a lot with a hybrid IT strategy but be aware of hidden costs due to network bandwidth consumption, data transfer fees, integration expenses, management overheads, and security investments.
Hybrid IT is not a one-size-fits-all solution, but a carefully planned and managed approach to maximise the potential of on-premises and cloud resources. Your business should assess its current and future business needs, existing IT capabilities, and constraints when formulating a hybrid cloud strategy.
Microsoft has announced that Azure Active Directory (Azure AD) is becoming Microsoft Entra ID.
The company said the name change “represents the evolution and unification of the Microsoft Entra product family, and a commitment to simplify secure access experiences for everyone".
Microsoft insists that customers do not need to take any action, and Azure AD users can continue to use the service without interruption. “All existing deployments, configurations, and integrations will continue to function as they do today without any action from you”.
What changes?
Only the name changes. Licensing, terms, service-level agreements, product certifications, support and pricing remain the same. All features and capabilities are still available in the product.
Service plan names will change on October 1, 2023 as per the diagram below (source: Microsoft)
Other changes include:
Azure AD tenant becomes Microsoft Entra tenant
Azure AD account becomes Microsoft Entra account
Azure AD joined becomes Microsoft Entra joined
Azure AD Conditional Access becomes Microsoft Entra Conditional Access
Microsoft Entra
Microsoft Entra protects all identities and secures network access everywhere. The expanded product family has:
Building resilience and a strong security posture require time and investment. Unfortunately, tight budgets and a lack of appetite to focus on security, particularly cybersecurity due to its complexity, leave businesses open to attack.
The Maltese government recognises the challenges local businesses face when implementing security measures and recently launched an initiative – the Cyber-ALT Grant Scheme - designed to empower them to digitally transform their operations and invest in cybersecurity solutions.
This is a fantastic opportunity, and at BMIT we are excited to help you leverage the benefits of the CYBER+ALT Grant Scheme. We specialise in enabling businesses to maximise their potential, implement state-of-the-art IT solutions, and guide them in securing the financing needed to transform their operations.
What is the CYBER+ALT Grant Scheme?
The CYBER+ALT Grant Scheme is a Maltese government initiative that provides financial support to small and medium-sized businesses to implement cybersecurity solutions.
Eligible businesses can receive funding of up to €60,000, covering a maximum of 80% of the initial investment. This financial support can be used to cover a wide range of cybersecurity projects, including:
Vulnerability Management
Threat Detection and Response
Enhanced Cloud Based Platform Security
End-to-End Data Protection
Identity and Access Management
Choosing BMIT as your IT partner
We understand the unique challenges faced by local businesses when seeking financing through various schemes like the CYBER+ALT Grant Scheme. BMIT’s extensive experience, expertise and excellence in servicing and providing local business with best-in-class solutions, make us the ideal partner to guide you through the grant application process. Expertise in Grant Application: Our experienced tech professionals are well-versed in the requirements and intricacies of the CYBER+ALT Grant Scheme. We will assist you in crafting a compelling application that maximises your chances of success.
Tailored Solutions: Every business is unique, and therefore, requires a personalised approach. Our experts will work closely with you to understand your specific needs and design a custom solution that aligns with your objectives.
Cybersecurity Strengthening: We will show you how to identify gaps in your enterprise IT setup and recommended the right solutions to build your cybersecurity defences. We have developed our own easy tool to help you do this in an effective way. Additionally, we will also train your staff on cybersecurity and how to become the business’s first line of defence.
Ongoing Support and Maintenance: We do not just offer a solution. We optimise it for you and provide continuous support and proactive maintenance. We let you focus on your core business.
Act fast
The CYBER+ALT Grant Scheme is a great opportunity to finance your cybersecurity plans. All applications are handled on a first come first served basis, and the scheme will close on 29 December 2023.
Microsoft 365 is a cloud-based subscription service that offers a suite of productivity tools and applications for businesses and individuals.
It includes popular programs such as Word, Excel, PowerPoint, Outlook, OneNote, Teams, SharePoint, and more. Last year, Microsoft said it had 345 million Office users with 270 million Teams users (FY22 Q2 results).
But what makes Microsoft 365 so appealing and why has it gained so much in popularity?
First and foremost, M365 is a suite of productivity tools that can help modernise a business’s infrastructure and streamline daily operations. This allows it to focus on its core goals: revenue and growth.
With M365, businesses get a considerable upgrade from Office 365 in that you get a range of additional tools such as cloud storage and security, data analytics, customer support and email management. A major bonus for businesses that have multiple locations or are dependent on remote workers, is that they can benefit from all the features on any device, anywhere, anytime as long as there is an internet connection.
Let’s look at some of the benefits in more detail:
Enhanced Productivity and Collaboration
Microsoft 365 offers a suite of tools and applications designed to improve productivity and facilitate collaboration. Additionally, cloud-based file storage and sharing through OneDrive and SharePoint encourage real-time collaboration among team members, making it easier to work together on projects regardless of location or device.
Scalability and Flexibility
As a subscription-based service, businesses can scale their usage and pay only for the number of users they need. This scalability is particularly advantageous for growing businesses that require flexibility in terms of adding or removing employees from the service. Additionally, Microsoft 365 is accessible from various devices and operating systems, including Windows, Mac, iOS, and Android, providing employees with the freedom to work from their preferred device.
Data Security and Compliance
Microsoft has focused a lot on security and continues to invest heavily in security measures to protect user data and ensure compliance with industry regulations. Microsoft 365 includes built-in security features such as data encryption, threat detection, and multi-factor authentication to safeguard sensitive information. Moreover, it provides businesses with tools to meet various compliance requirements, making it suitable for organisations dealing with sensitive data.
Constant Updates and Innovation
Businesses benefit from continuous updates and access to the latest features and innovations. With regular updates, security patches, and feature enhancements to its applications, users have access to the most up-to-date tools and functionalities. This eliminates the need for manual software upgrades and ensures access to the latest technology and capabilities to improve operations.
Integration and Compatibility
Microsoft 365 seamlessly integrates with other Microsoft products and services, creating a cohesive ecosystem for businesses. Microsoft 365 supports compatibility with various third-party applications, ensuring businesses can leverage their existing software investments while benefiting from the productivity suite.
No matter what kind of business you operate, Microsoft 365 likely has tools that can help one or more facets of your operation. The breadth of services means that your operational and security posture are addressed as the business grows in size, complexity and need for security and risk management.
In December 2022, the European Union approved the final text of a new legislative framework called the Digital Operational Resilience Act or DORA for short.
Covering the financial services industry, DORA comes into force in January 2025 and imposes stringent requirements in relation to ICT and risk management.
While DORA is specific to one industry, the framework can be applied to any industry and business. After all, every business should do its utmost to be resilient when faced with challenging and unexpected events such as a data breach incident or a ransomware attack
What do we mean by ‘resilient’ and how do you build a resilient business?
Resilience building refers to the process of developing the ability to withstand and recover from various challenges, disruptions, and uncertainties. It involves creating a strong and adaptable organisational structure that can effectively respond to and bounce back from unexpected events or crises.
Simply put, it means doing everything possible to get back on your feet when you’re down for the count.
However, to build resilience you need to know what you’re up against, what the risks are (internal and external) and what gaps exist in those defences.
With the increasing reliance on technology and digital platforms, businesses are more vulnerable to cybersecurity threats than ever before. A cyberattack can have a devastating impact on a business's growth and success.
The first step in resilience building is to assess the business’s security posture.
What is a security posture?
A security posture is the overall state of its cybersecurity readiness and resilience. It reflects how well a business can identify and protect its assets, data, and operations from cyber threats, as well as how quickly and effectively it can detect, respond and recover from cyber incidents.
A business's security posture is not static, but dynamic and evolving. It changes as the business grows, expands, innovates, and adapts to new challenges and opportunities. It also changes as the cyber threat landscape evolves, with new types of attacks, vulnerabilities, and actors emerging constantly.
When you assess your business’s security posture you are identifying its strengths and weaknesses in cybersecurity, as well as gaps and opportunities for improvement. Cybersecurity alone will not build your business’s resilience, but its importance cannot be understated given that most threats come from cyberattacks.
A security posture assessment is an opportunity to measure its performance against the business’s goals and objectives, as well as industry standards and best practices. It can guide the business on which actions and investments it needs to prioritise to enhance its security posture and reduce exposure to cyber risks.
It is also a strategic issue. Your security posture impacts the business’s reputation, trustworthiness, competitiveness, profitability, and sustainability. It also affects its stakeholders, such as customers, partners, suppliers, regulators, investors, and employees. Therefore, a business's security posture is not only needed but must be aligned with the business’s vision, mission, values, and culture.
A business's security posture is not a one-time project, but an ongoing process. It is a necessity. It is an obligation. It is not a burden. It is a benefit.
How do you assess a security posture?
The starting point is to carry out a security discovery risk assessment. This assessment is typically based on one of several security frameworks such as NIST CSF or the CIS Framework. BMIT’s Cybersecurity Discovery Tool uses the 18 CIS v8 framework.
With over 200 checks, the cybersecurity discovery tool looks at 18 areas that cover cybersecurity from asset and inventory management to backup and disaster recovery strategies.
Any security posture assessment is influenced by many factors, such as the type of complexity of your IT infrastructure and network, the volume of data, how critical / sensitive it is; whether the business is required to comply with legislative frameworks; and budgets. The assessment should be seen as an investment not a cost, but at the end of the day it is a cost of doing business.
The assessment is also influenced by the business’s growth. A high-growth business with a high-risk profile will need regular assessments to ensure that its security posture is maintained.
The security assessment is step one in a long journey towards building resilience. The report that is generated from the assessment offers detailed recommendations and insights that will need to be addressed using different tools, systems, processes and frameworks.
A company should address IT Security governance, including the policies that govern the technology. It is useless, for example, to implement a tool to capture unauthorised assets when you do not have a governing process to review any findings. Here are more points to consider:
Achieving a strong security posture will take time, investment and proper planning.
Every approach will be tailored to that business’s needs, but a comprehensive approach could involve:
Developing a security strategy and roadmap that aligns with the business goals and objectives
Implementing security best practices and standards, such as encryption, authentication, backup, firewall, antivirus, etc.
Educating and training the employees and stakeholders on security awareness and policies
Monitoring and testing the security systems and processes regularly and updating them as needed
Responding to incidents quickly and effectively and learning from them
A business's security posture is not a static or one-time thing. It requires continuous improvement and adaptation to the changing threat landscape and business environment. By investing in your security posture, a business can enhance its competitive advantage and customer trust.
How can BMIT Technologies help?
A business's security posture is not a static or one-time thing. It requires continuous improvement and adaptation to the changing threat landscape and business environment. By investing in your security posture, a business can enhance its competitive advantage and customer trust. Contact us and one of our experts will reach out and guide you accordingly.
Cybersecurity is a critical concern for every business though not everyone accepts the facts and by then it is usually too late.
Businesses need to understand how important it is for them to protect sensitive data, intellectual property, and the overall reputation of the business.
Investing in cybersecurity is a cost of doing business but it is a long-term investment in safeguarding against myriad threats.
There are no two ways about it. You need to dedicate a budget to cybersecurity but that does not mean breaking the bank.
The costs after a security breach are very high. Cyberattacks cost businesses nearly $3 billion in 2020. A lot of that damage could have been prevented if those affected had taken basic steps to prevent attacks in the first place. In many cases, basic cybersecurity awareness and staff training can mitigate some attacks, especially phishing attempts that target employees.
What many businesses do not realise, until it is too late, is that if they experience a cyberattack or a breach, it is going to be extremely expensive to remedy the problem.
Limited budgets: Focus on security essentials
Train your employees
Employees can be the first line of defence against cyber threats but they're also the weakest link in the cybersecurity chain. Educating employees about cybersecurity best practices, training them on how to recognise and avoid phishing scams, the importance of strong passwords, and how to handle sensitive data securely, can be done with a very limited budget. There are training platforms that are cost-effective with subscription-based plans for small businesses.
Keep software and systems up to date
Even if you don’t have a vulnerability management program in place, it does not cost your IT team to keep operating systems, software applications, and security software up to date with the latest security patches and updates. If not centrally managed, set up automatic updates on individual machines to ensure critical security fixes are not missed.
Use strong passwords and multi-factor authentication
Encourage employees to use strong, unique passwords that are at least eight characters long and include a mix of letters, numbers, and symbols. Additionally, enable multi-factor authentication wherever possible. This extra layer of security can prevent unauthorised access even if a password is compromised.
Backup your data regularly
It's crucial to back up your data regularly and store backups securely. In the event of a data breach or other disaster, you can restore your data quickly and minimise the impact on your business. There are backup-as-a-service solutions that are not expensive and reduce the need for investment in hardware and other resources.
There are other facets of cybersecurity that could be considered but points 1-4 are a good start if your business has limited budgets or personnel. It’s important to note that just because your business is small, you should not be helpless against cyberthreats. Practical changes requiring minimal effort and cost can help you on the journey towards securing your business.
Multi Factor Authentication now required for all users
Microsoft has announced that as part of its efforts to boost security of its cloud services, it will be turning on the security defaults setting for all Azure tenants. This includes multi factor authentication (MFA).
When signing up for Managed Services from BMIT, these fundamental features are deployed as part of our security baseline. However, we can take your cybersecurity posture to the next level, help you safeguard your employees' identities and protect your data while enhancing your employees' experience.
When?
Microsoft will be automatically enabling the setting after June 27. Before then, admins will be encouraged to proactively enable security defaults.
What happens after the setting is turned on?
After the setting is turned on, every user in the tenant will need to register for multi factor authentication. Microsoft is strongly advising admins to advise and prepare users for this change.
When users sign into their account, they will be asked to install the Microsoft Authenticator App. Instructions on how to set up the app on their mobile device can be found here.
What are the benefits?
According to Microsoft, enabling MFA can help block more than 99.9% of identity attacks to compromise accounts. When enabled:
All users are required to register for Azure AD Multifactor Authentication
Administrators are required to do multifactor authentication
Users are required to do multifactor authentication when necessary
Legacy authentication protocols are blocked
Privileged activities like access to the Azure portal are protected.
With MFA, you are helping to increase the organisation’s security posture and in so doing, you are:
Protecting against password-based attacks: By enabling MFA, even if an attacker manages to obtain or guess a user's password, they would still need an additional factor, such as a mobile device or a biometric verification, to gain access.
Preventing phishing and social engineering attacks: Phishing attacks remain a prevalent threat. MFA adds an extra layer of protection by requiring users to provide a second factor that is typically not easily replicable, such as a one-time password (OTP) generated on a mobile device. Even if a user unknowingly falls victim to a phishing attack, the attacker would still require the second factor, thus preventing unauthorised access.
Strengthening Identity and Access Management (IAM): By enabling MFA, businesses can enforce strong authentication policies and ensure that only authorised individuals with the necessary credentials can access sensitive data and systems.
Enhancing Security in Remote Work Environments: MFA helps protect remote access to cloud-based applications and services by requiring additional verification, regardless of the user's location. This ensures that only authorised users can access critical resources, even when working from outside the corporate network.
Data protection and cyber resilience have become paramount for businesses across the globe. The growing reliance on technology and the increasing sophistication of cyber threats have made it crucial for organisations of any size to prioritise the security of their data.
Recently, BMIT had the privilege of organising along with The Malta Chamber an event that shed light on the importance of data protection and the role of cyber resilience in safeguarding valuable information.
The keynote speaker was the Commissioner for Data Protection, Ian Deguara, who spoke about the work being done in Malta to enhance the level of awareness and latest developments in the field.
Sean Cohen, BMIT Head of Technical Operations, gave a presentation on the technologies and technical implementation strategies that businesses can adopt to safeguard their data.
BMIT’s Chief Customer Success Officer, Nick Tonna, introduced the topic of the event explaining why resilience and digital fortitude played an important role in helping businesses to protect their data.
A very engaging and interesting discussion followed with The Malta Chamber CEO, Marthese Portelli, MPS’s Chris Mifsud and Gabriel Sultana CTO from Apcopay, joining Nick Tonna and the Data Protection Commissioner on the panel.
We are thrilled to announce that BMIT Technologies is the winner of the prestigious IT Supplier of the Year award at this year's EGR B2B Awards, held in London on 9th June 2023.
The EGR B2B Awards celebrate and recognise the finest service providers in the online gaming industry, spanning various domains such as software development, payments, recruitment, safer gambling tools, IT infrastructure, and more. This victory not only reflects the remarkable achievements of BMIT but also highlights our commitment to delivering exceptional services and innovative solutions to our valued clients.
“We are incredibly honoured to receive the prestigious IT Supplier of the Year award at the EGR B2B Awards, solidifying our position as one of the top IT suppliers in the online gaming world and the only Maltese tech company to win at these awards. This recognition highlights the remarkable efforts of our team at BMIT Technologies in delivering innovative solutions and exceptional service to the online gaming industry,” Christian Sammut, CEO of BMIT, said after the event.
He added the company is “proud to be a leading player in helping shape the future of online gaming and will continue to push boundaries, drive innovation, and exceed expectations. This award is a testament to our ongoing commitment to excellence and our dedication to providing cutting-edge technology solutions to our global clients."
This award would not have been possible without our incredible clients, partners, and employees who have played a pivotal role in achieving this prestigious award. Their collective contributions have been instrumental.
Being awarded the IT Supplier of the Year award clearly shows the prominent role BMIT has had, and continues to have, in shaping the future of online gaming. By pushing boundaries and driving innovation, we aim to set new benchmarks for service providers in the industry.
As we move forward, BMIT Technologies remains committed to developing our presence in online gaming, driving innovation, and delivering unparalleled technology solutions to our clients.
Congratulations to everyone at BMIT on this well-deserved recognition!
Many business owners don't think about cybersecurity until it's too late. Cybersecurity is not something that businesses can afford to ignore. There are several scary consequences that can result from your business’ lack of security awareness and preparedness.
According to a study by IBM, 60% of businesses that experience a data breach go out of business within six months. A similar report, also by IBM, found that the global average cost of a data breach in 2020 was $3.86 million, a 10% increase from 2019.
Here are seven facts that should make you think twice about neglecting your cyber defences.
Small businesses are not immune to cyber threats. According to Verizon, 43% of cyberattacks target small businesses in general. Small businesses often lack the resources and expertise to protect themselves from cyberattacks, making them more vulnerable.
Cyberattacks can disrupt operations and productivity, cause downtime, data loss, system damage, and network outages. That means loss of revenue and customers.
The weakest link in a secure environment let alone in a business with no security controls. Human error is a major cause of data breaches. According to IBM, 23% of data breaches in 2020 were caused by human error, such as phishing, weak passwords, misconfigured settings, or lost devices.
Data breaches damage reputation and customer trust. Consumers will not think twice and take their business elsewhere if they lose trust in how a business protects their data. Don’t forget the legal and regulatory consequences, and loss of competitive advantage.
A cyberattack can target not only your digital assets, but also your physical infrastructure and devices, such as smart meters, cameras, sensors, vehicles, and medical equipment. This can pose serious risks to your employees, customers, and the public.
Just because a company has moved its data or services to the Cloud does not mean they are not responsible. Cloud security is a shared responsibility. According to Gartner, by 2025, 99% of cloud security failures will be the customer's fault. Cloud providers will take care of the infrastructure, but customers are responsible for their data and users.
Mobile devices are a challenge for administrators. They are often used to access sensitive data and applications, and they are also exposed to various threats such as malware, phishing, theft, or loss. Without any controls, a business’s data is at risk – from email to documentation. A hacked phone can also be used to access the business network.
A business that ignores cybersecurity is putting everything at risk. Investing in cybersecurity is not a cost and this is a key message. The cost of a breach is far higher than an investment in a security solution. A very good reason for any business to invest in cybersecurity.
How BMIT can help
Every business has a unique set of needs. We can help you build your internal capabilities and identify ways to boost security in your business. Contact us, and one of our specialists will get in touch with you immediately.
