You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NETWORKS, HOSTING & CONNECTIVITY<br />
clients’ environment security, giving<br />
us the confidence that there is endto-end<br />
protection.”<br />
Source:Beeks Group<br />
Compliance Frameworks<br />
ISO 27001 and SOC 2 are important<br />
complementary frameworks for cloud<br />
service providers to follow.<br />
ISO 27001 is the international<br />
standard for information security<br />
management, governing how overall<br />
security is defined, implemented,<br />
operated, controlled, and improved<br />
within an organisation. It is an ISO<br />
certification that is audited annually<br />
and recertified every three years.<br />
SOC 2 defines criteria for managing<br />
customer data based on five ‘Trust<br />
Service Principles’ (TSC), Security,<br />
Availability, Processing Integrity,<br />
Confidentiality and Privacy. It differs<br />
from ISO 27001 in that it evaluates<br />
the effectiveness of an organisation’s<br />
security controls and processes<br />
over a specific period of time.<br />
Commenting on Beeks’ accreditation<br />
status Neill says: “Beeks achieved ISO<br />
accreditation in 2020 and is aiming<br />
to receive our first SOC 2 report in<br />
February 2024.<br />
SOC 2’s transparent and independent<br />
audit process gives clients and<br />
prospects compelling evidence about<br />
how our security controls actually<br />
work and operate. This gives clients<br />
more dynamic, detailed, and timely<br />
operational information to review for<br />
their own compliance.” he explains.<br />
5 main requirements of DORA<br />
experience in security operations reporting, business continuity and<br />
for government and private sector operational resilience testing. Our<br />
environments and were named Global most recent large-scale Exchange<br />
Microsoft MSSP partner of the year in Cloud implementation for<br />
20<strong>23</strong>.”<br />
Johannesburg Stock Exchange is a<br />
good security case study to highlight<br />
Offering rapid threat detection and these capabilities. However, we are<br />
response for incidents involving not resting on our laurels and have<br />
credential theft, anomalous<br />
engaged an independent audit firm<br />
behaviours, and malware propagation, to conduct gap analyses to assess our<br />
BlueVoyant gives Beeks a head start DORA readiness.”<br />
in threat intelligence sharing, which is<br />
of increasing importance in ensuring DEDICATED SERVICES VS PUBLIC<br />
robust and resilient infrastructures CLOUD<br />
across supply chains.<br />
“Of course, public cloud hyperscalers<br />
will also offer highly accredited<br />
EARLY ADOPTION OF THE DIGITAL solutions to tier 1 participants,”<br />
OPERATIONAL RESILIENCE ACT comments Neill, “but not<br />
(DORA)<br />
necessarily with the correct scope<br />
of understanding of secure and<br />
DORA is an EU financial regulation resilient ultra-low latency and<br />
which comes into full force in January high-performance environments.<br />
2025. According to the wording For example, AWS might advertise<br />
of the Act itself it will define rules fully redundant availability zones,<br />
on the five key pillars; financial ICT but if their customers are not<br />
risk-management, incident reporting, deploying across multiple availability<br />
operational resilience testing, ICT zones, they will not have access to<br />
third-party risk monitoring and the redundancy. Dedicated MSPs<br />
information and intelligence sharing, can guide banks away from these<br />
to safeguard the soundness of the misleading risks, and actually stipulate<br />
entire financial system.<br />
redundant architectures.”<br />
Defence in Depth<br />
Highlighting Beeks’ trusted<br />
partnerships and multi-layered<br />
approach to security controls Neill<br />
explains: “We’ve partnered with<br />
US-based Managed Detection and<br />
Response (MDR) specialist BlueVoyant<br />
to complement our threat-detection<br />
capabilities. Their team of security<br />
analysts each has at least 10 years’<br />
“DORA will put further pressure<br />
on providers and suppliers to align<br />
their products and services with<br />
the necessary controls to comply<br />
with the regulation,” says Neill.<br />
“Beeks is already getting ahead on<br />
this by aligning our solutions to<br />
ease the sales journey and reassure<br />
banks procurement teams. We’re<br />
already doing much of the incident<br />
Neill concludes: “We are arriving in<br />
an age where banks are realising<br />
that not only can cloud technology<br />
provide them with a level of flexibility,<br />
security, and resilience difficult to<br />
achieve with legacy on-premises<br />
solutions, but that generic cloud tech<br />
doesn’t go the extra mile that their<br />
infrastructure needs. Beeks is Ready<br />
to fill that gap.”<br />
NOVEMBER 20<strong>23</strong> e-FOREX 67