Microsoft Corporation - Experts & Thought Leaders

Auguria, Inc., a pioneer in AI-powered security operations solutions announced the latest version of its Security Knowledge Layer™ Platform. The newly enhanced platform can integrate with some of today's biggest data sources, including SentinelOne, CrowdStrike, Palo Alto Networks, and Microsoft Windows Event Logs. Auguria also unveiled its Explainability Graph Feature, a trailblazing tool that provides visual, context-rich threat data for security teams. Expanded integrations Security teams process an average of 78 trillion signals per day across various platforms, making it difficult to sift through data and identify potential threats. Auguria integrates seamlessly with the below key data sources, enabling organisations to harness richer insights and operational efficiencies: SentinelOne: With SentinelOne Singularity™ platform's industry-pioneering endpoint detection and response (EDR) and threat telemetry, Auguria users gain advanced enrichment, data compaction, and alert correlation, resulting in alert fatigue reduction and enhanced SecOps efficiency. CrowdStrike: Auguria supports the CrowdStrike Falcon® platform's EDR data, providing AI-driven prioritisation and actionable intelligence for faster, more accurate incident response. Palo Alto Networks: The integration brings world-class firewall and network telemetry into Auguria's Security Knowledge Layer™, enriching Palo Alto Networks data with contextual intelligence, noise reduction, and prioritisation for faster incident investigations. Microsoft Windows Event Logs: Often overwhelming in volume, Windows Event Logs are transformed into actionable insights, with Auguria filtering out noise, enriching data, and surfacing critical events for review. These integrations enable SecOps teams to consolidate, prioritise, and analyse data from multiple sources within Auguria's platform, reducing complexity and enabling faster, smarter security decisions. Introducing the Explainability Graph Auguria's Explainability Graph is a pioneering feature designed to visualise threat data, providing security teams with an intuitive and contextual map of anomalous activity. It provides a detailed yet easy-to-digest representation of suspicious or anomalous activity, helping teams to: Uncover Root Causes: Understand the "why" behind unusual behaviour or threats. Connect the Dots: Identify the underlying relationships between seemingly isolated events. Act with Confidence: Gain actionable insights to mitigate emerging threats faster. With the release of Explainability Graph, Auguria is demonstrating its data science prowess at being able to coalesce and relate millions of streaming log events. The result: security teams can stay ahead of increasingly sophisticated threats with minimal friction. Why do these updates matter? "Our latest integrations and Explainability Graph reinforce Auguria's mission to simplify security operations while amplifying outcomes," said Chris Coulter, CTO and co-founder at Auguria. "By supporting industry pioneers like CrowdStrike, Palo Alto Networks, Microsoft, and SentinelOne and innovating with tools like our Explainability Graph, we're giving organisations the clarity and precision they need to succeed in today's complex threat landscape without being overwhelmed by noise." Key benefits for SecOps teams Cost Efficiency: Reduce SIEM and data storage expenses by intelligently managing less-critical telemetry. Noise-free Insights: Automatically filter up to 99% of non-actionable data. Faster Investigations: Enriched, prioritised data accelerates response times. Proactive Threat Hunting: AI-driven detection of anomalies and high-risk behaviours. Customisable Outputs: Export enriched data to SIEM, XDR, or other security tools seamlessly.

Rubrik, Inc., the Zero Trust Data Security™ Company, announces a new cyber resilience solution for Microsoft Azure Blob Storage. As organisations become increasingly dependent on the cloud, there is an inherent risk for security blind spots and vulnerable sensitive data. Rubrik brings cyber posture and cyber recovery to provide Microsoft Azure Blob Storage customers further visibility into their cloud data, enabling them business agility and resilience. AI training models Microsoft Azure Blob Storage provides secure object storage for cloud-native workloads Microsoft Azure Blob Storage provides secure object storage for cloud-native workloads, archives, data lakes, high-performance computing, and machine learning.  Optimised for storing massive amounts of unstructured data, organisations across all industries use Microsoft Azure Blob Storage as a critical repository for sensitive business information, personal data, compliance records, and data powering artificial intelligence (AI) training models. Azure Blob protection “Simpson Strong-Tie is dedicated to innovation and superior service in the construction industry," said John Meng, the VP of IT Infrastructure & Operations at Simpson Strong-Tie. "Disruptions in business can affect both our employees and our customers as well as our ability to provide exceptional service." "By leveraging Rubrik’s solutions, including Azure Blob protection, we can ensure comprehensive data protection, compliance, and cyber resilience, which allows us to safeguard sensitive information and provide peace of mind to our employees and customers, knowing that their data is secure.” Security technologies and services “Rubrik Zero Labs recently found that 70% of all Rubrik observed data in a cloud environment is object storage, which potentially has far lower security coverage compared to on premise and SaaS data,” said Anneka Gupta, Chief Product Officer at Rubrik. “More shocking is that nearly 90% of that data is estimated to be either text files or semi-structured files, representing data types that may vary in being machine-readable or covered by prominent security technologies and services. That’s a double whammy - until now.”  Cyber resilience solution "The rise of generative AI and large language models is producing an explosion of data that needs to be secured," said Aung Oo, General Manager of Microsoft Azure Storage. “Protecting that torrent of critical AI data at scale in cloud object repositories like Azure Blob Storage requires a purposefully designed cyber resilience solution that Rubrik delivers.” New services for Microsoft Azure Key benefits of the new services for Microsoft Azure Blob Storage include: Autonomously discover, classify, and provide context on all Microsoft Azure Blob Storage data, without that source data leaving the customer’s environment. Assess the security posture of sensitive data against security policies and data requirements for the business. Continuously monitor sensitive data within Microsoft Azure Blob Storage for risky user activity and provide early warning of emerging threats. Identify and remediate redundant Microsoft Azure Blob data to help reduce cloud costs. Support storing backup data to Microsoft Azure Blob Storage Cool and Cold tiers to lower total cost of ownership Rapidly recover the most recent clean copy using a range of recovery patterns, including object-level and whole container. Rubrik Security Cloud Rubrik’s long-standing affinity with Microsoft to help clients boost their cyber resilience The announcement is an extension of Rubrik’s long-standing relationship with Microsoft to help customers further strengthen their cyber resilience.  Most recent integrations include​​ comprehensive management of Microsoft 365 with an expansion of the Microsoft 365 Backup offering, as well as Rubrik Security Cloud with Microsoft Sentinel and Azure OpenAI Service. Integration with Microsoft Sentinel In 2023, Rubrik became a member of the Microsoft Content AI Partner Program after joining the Microsoft Intelligent Security Association (MISA) and unveiling an integration with Microsoft Sentinel.  Additionally, Rubrik was named 2024 Microsoft Healthcare Partner of the Year. Rubrik’s new data protection capabilities for Microsoft Azure Blob Storage are now generally available.

Dell Technologies introduces AI innovations that help Dell and Microsoft customers simplify AI adoption, speed deployment and power demanding workloads in multicloud environments. Data protection, cyber resiliency and security advancements help joint customers strengthen their cybersecurity posture.  Data protection and services “Organisations modernising their IT strategies to support emerging workloads, like AI, need solutions that help them innovate faster, control costs and protect data across multicloud environments,” said Arthur Lewis, president, Infrastructure Solutions Group, Dell Technologies. “Our storage software, data protection and services advancements help customers in Microsoft environments accelerate their transformation efforts quickly and securely.”  Accelerating AI adoption and performance Dell Technologies expands the Dell AI Factory with solutions and services set in union with AI Dell Technologies expands the Dell AI Factory with solutions and services developed in collaboration with AI ecosystem partner, Microsoft. Dell APEX File Storage for Microsoft Azure will soon offer a Dell-managed option for organisations seeking a simplified deployment and management experience. Customers can easily meet the needs of AI workloads in multicloud environments using the enterprise-class performance, scalability and data services of Dell PowerScale, pioneering enterprise file storage from the industry’s #1 NAS company. The service delivers:   Burst capacity for performance-intensive AI workloads with an architecture designed to deliver superior performance density and scale.  Reduced management complexity with seamless data mobility and operational consistency across on-premises and cloud environments.  Faster time to data-driven insights through native integration with Microsoft AI tools.   Custom AI solutions Dell introduces new services designed to help organisations simplify AI adoption and create custom AI solutions.  Accelerator Services for Copilot+ PCs demonstrate how Copilot+ PCs can enhance productivity and efficiency with expert guidance on new features, implementation plans, best practices and more.  Services for Microsoft Copilot Studio and Azure AI Studio assist with the development and implementation of Copilot agents and AI solutions tailored to specific business needs.  Implementation Services for Microsoft Azure AI Service help customers support new business opportunities through AI application development on-premises with Azure AI services on Dell hybrid cloud solutions for Azure.    Comprehensive data protection and security   Dell Technologies unveils data protection, cyber resiliency and security innovations for Microsoft customers. Dell APEX Protection Services for Microsoft Azure will deliver Dell-managed, AI-powered cloud data protection and cyber resiliency across edge locations, remote offices and data centres. The service improves operational efficiency and resource usage while ensuring robust data protection using advanced data reduction capabilities.  Organisations can:   Enhance cyber resiliency with zero trust security including immutability, encryption, multi-factor authentication and role-based access controls.  Protect against ransomware and cyberthreats with efficient recovery options for traditional and modern workloads.   Accelerate cyber recovery with AI-powered CyberSense threat intelligence that results in up to 80% less time spent on recovery.  New security services Dell introduces new security services for Microsoft environments:   Advisory Services for Cybersecurity Maturity Model Certification (CMMC) for Microsoft help customers align their cybersecurity posture with CMMC guidelines through specific recommendations for Microsoft solutions.  Managed Detection and Response with Microsoft allows customers to focus on their core business while Dell experts monitor, detect, investigate and respond to threats 24/7 across their IT environment.    Additional comments  “Our customers are looking for ways to modernise their IT infrastructure and adopt hybrid cloud services safely and securely,” said Aung Oo, VP of Azure Storage, Microsoft. “Dell Technologies is enabling their customers to bring their existing knowledge, trusted platforms, and enterprise data to Azure to speed the adoption of critical technologies including Azure AI Services.”  Availability  Dell-managed Dell APEX File Storage for Microsoft Azure will be available in public preview beginning in the first half of 2025.  Accelerator Services for Copilot+ PCs are available now.  Services for Microsoft Copilot Studio are available now.  Services for Microsoft Azure AI Studio are available now.    Implementation Services for Microsoft Azure AI Service are available now.  Dell APEX Protection Services for Microsoft Azure will be available beginning in the first half of 2025.  Advisory Services for Cybersecurity Maturity Model Certification (CMMC) for Microsoft are available now.  Managed Detection and Response with Microsoft services are available now. 

In the competitive world of physical access control, Big Tech companies are seeking to play a larger role. Physical access competition Apple Wallet continues to stake its claim on mobile credentialing. Amazon One Enterprise is pushing a palm-based identity service. Google/Nest offers smart locks for home access control, with identity and access management provided in the Google Cloud. The entry of these big companies in the historically fragmented physical access control market is causing disruption and foreboding new levels of competition.  Apple Wallet impacting credentialing trends  The popularity of mobile wallets and contactless technologies in general has grown, creating more demand At Apple’s Worldwide Developer Conference in June 2021, the company announced support for home, office and hotel keys, including corporate badges and student ID cards, in Apple Wallet. Later, the company announced Hyatt as the first hotel partner to support the technology. Since then, the popularity of mobile wallets and contactless technologies in general has grown, creating more demand for a seamless solution such as Apple Wallet. Easy access  In 2023, HID Global announced the availability of their employee badge in Apple Wallet, allowing staff and guests to easily access corporate spaces with their iPhone or Apple Watch, including doors, elevators, turnstiles, etc. Employees just need to hold their iPhone or Apple Watch near the reader to unlock.  Factors affecting the rate of adoption However, implementing and maintaining an Apple Wallet-based access control system can incur costs for hardware updates, software licencing, and ongoing maintenance. Factors affecting the rate of adoption include the need to upgrade existing infrastructures to accommodate the technology, and the necessity for access control manufacturers to develop and implement integrations with Apple Wallet.  Benefits of adoption Keys in Apple Wallet take full advantage of the privacy and security built into the iPhone and Apple Watch With larger companies leading the way, some smaller ones might take longer to catch up. There is also a need to educate building owners and administrators to see the value and benefits of switching to Apple Wallet-based access control. Convenience and greater security can accelerate adoption. Keys in Apple Wallet take full advantage of the privacy and security built into iPhone and Apple Watch. Sensitive data protection A compatible app, specific to the building’s access control system, is needed. Once added, credentials are securely stored in the iPhone's Secure Enclave, a dedicated hardware chip designed for sensitive data protection.  Holding an iPhone near an NFC-enabled reader enables transmission of encrypted credentials. In addition to Near Field Communication (NFC), some systems also utilise Bluetooth Low Energy (BLE) for added security, longer read range, and hands-free unlocking. Phones need sufficient battery charge to function.  Amazon One Enterprise Enables Palm-Based Biometrics  In November 2023, Amazon Web Services Inc. (AWS) announced an identity service providing comprehensive and easy-to-use authentication for physical and digital access control. The system enables users to employ their palm as an access control credential, allowing organisations to provide a fast and contactless experience for employees and others to gain access to physical locations as well as digital assets.  Physical and digital locations Physical locations include data centres, office and residential buildings, airports, hotels, resorts Physical locations include data centres, office and residential buildings, airports, hotels, resorts, and educational institutions. IT and security administrators can easily install Amazon One devices and manage users, devices, and software updates using AWS’s Management Console.  Elimination of physical credentials An advantage of the Amazon approach is the elimination of physical credentials such as fobs and badges, and digital elements such as personal identification numbers (PINs) and passwords. AWS says security is built into every stage of the service, from multi-layered security controls in the Amazon One device, which is the same technology used in the Amazon Go retail stores, where shoppers can pay for purchases by scanning the palm of their hands. The devices combine palm and vein imagery for biometric matching and deliver an accuracy rate of 99.9999%, which exceeds the accuracy of other biometric alternatives, says the company. AI and ML The palm-recognition technology uses artificial intelligence and machine learning to create a “palm signature” that is associated with identification credentials such as a badge, employee ID or PIN. Boon Edam, a revolving door and turnstile manufacturer, offers Amazon’s palm biometric technology on its equipment, and IHG Hotels & Resorts uses the technology to provide employees a convenient way to identify themselves and gain access to software systems. Google and Nest Devices in Access Control  When the Nest × Yale Lock is connected to the Nest app, a resident can unlock a door from their phone Google’s Nest devices include smart locks for home access control. The Google Nest × Yale Lock allows access control via both physical keys and passcodes accessible through the Google Home app. When the Nest × Yale Lock is connected to the Nest app, a resident can unlock a door from their phone. Passcodes can be created for family, guests, and other trusted persons. Alerts can be provided whenever someone unlocks and locks the door. When Nest “knows” a resident is away, the door can lock automatically. Voice control, Google Home app Voice control, using Google Assistant integrated with various Nest devices, enables use of voice commands to lock and unlock doors, thus adding another level of convenience. Smart home devices from various manufacturers can be controlled through the Google Home app. SMART Monitoring ADT’s Self Setup smart home security systems integrate Google Nest smart home products with ADT security and life safety technology, including SMART Monitoring technology. Microsoft Azure is another company that could impact access control. The Microsoft Azure Active Directory is an identity and access management platform that could be extended to physical access control, leveraging existing user credentials. Long-Range Impact on the Security Marketplace  Big Tech companies are creating platforms for managing access control data, integrating with other security systems Increasingly, Big Tech companies are creating platforms for managing access control data, integrating with other security systems, and offering analytics for optimising security and building operations. Big Tech is also actively researching and developing new technologies for access control, such as facial recognition, voice authentication, and AI-powered anomaly detection.  Access control communication and integration As their involvement in physical access control grows, Big Tech companies could potentially gain more influence in setting industry standards for access control communication and integration, similar to how they have become dominant in other areas such as mobile platforms. Given their expertise in user interface design and data analysis, Big Tech companies could help to direct how future access control systems are managed and how users interact with them, including more intuitive and user-friendly operations. Future of physical access control Existing concerns about privacy, security, and potential dominance by a few Big Tech companies could spill over into physical access control. However, traditional security companies, startups, and industry consortiums are also actively developing innovative solutions. Ultimately, the future of physical access control will likely be shaped by a combination of many different players and technologies – large and small. 

Enterprise security directors often count on an integration firm to handle jobs ranging from day-to-day activities to long-term, technology-laden projects. However, before entering a relationship, you must know what's reasonable to expect from an integrator – as not all are created equal. Here are some tips that might make the selection process easier. Completing comprehensive classwork An integrator's experience working in an enterprise environment is an obvious consideration. Ideally, that experience fits well with your business. Any enterprise experience is a plus, but local, state, and federal regulations create precise yet very different rules for securing a utility instead of a hospital. That's also true for university campuses, manufacturing facilities, and many other operations. Many manufacturers offer certifications awarded after completing comprehensive classwork and testing Look for certifications indicative of an integrator's commitment to staying on top of industry changes. Organisations such as ASIS International and the Security Industry Association offer certifications showing an integrator's team members have mastered security principles and skills. Many manufacturers offer certifications awarded after completing comprehensive classwork and testing. Also, ensure an integrator sells and services equipment that integrates with your current security systems. Using multiple systems for the same function is less efficient. Project update meetings Go beyond an integrator's slick brochures and websites to ask tough questions about previous experience. How would the integrator handle a hypothetical situation in one of your facilities? Ask the integrator if there will be one project manager for all jobs. And ensure that person handles all interactions with security subcontractors. Ask if the integrator provides regularly scheduled project update meetings. It's frustrating to wonder how your project is progressing. Ask if the integrator's team can work during the hours and days that result in the least interference to your daily operations. Ask for onsite system training to save time and eliminate travel costs. Gathering sensitive data Look for an integrator with proven experience working with an enterprise IT department A malfunctioning component may be more than an inconvenience – it may be a severe security threat. You need to know how quickly your integrator can respond when things go wrong. Ask about available service plans. And consider the embedded staff approach in which the integrator places employees on your site full time to handle day-to-day and emergency activities. Much of the security equipment – video, access control, intercoms, visitor management, and more – is wireless and dependent upon networks operated by your IT department. Network-based devices provide more opportunities for hackers to gather sensitive data or cause critical equipment to malfunction. Don't trust your security operations with an Integrator unfamiliar with at least basic cybersecurity principles. Look for an integrator with proven experience working with an enterprise IT department. At a minimum, ensure the integrator can set and change security device IP addresses and port locations. Certifications from providers such as Cisco, Microsoft, and IBM indicate an understanding of various IT technologies. Potential security partners Knowledgeable integrators work with the well-encrypted Open Supervised Data Protocol (OSDP), now an internationally recognised standard. Run from any integrator who suggests operating an access control system with used Wiegand technology offering no encryption between cards and readers. It's easy for hackers to capture data and clone a working credential. Technology moves at a rapid pace. Your modern system of a few years ago may be long-of-tooth. You need an integrator capable of bringing new and innovative ideas to the table. You want an integrator who conducts in-house testing of new products, not relying solely on a manufacturer's claims. You want an integrator capable of thinking outside the box to solve a complex security problem. These ideas are just a start in assessing an integrator's value to your enterprise operation. However, they will help you sort through potential security partners to find one that best meets your needs.

It has long been recognised that no one is safe from cyber-attacks, but some sectors face a much higher level of threat than others. Critical infrastructure sectors such as utilities, energy and industrial manufacturing are some of those that face an intense level of interest from cyber criminals and nation-state groups across the globe. The impacts of a successful attack can have detrimental consequences, for both the cyber and physical side of the business, in terms of business disruption, economic dips and other real-life consequences. Compromise of ICS and SCADA systems One of the greatest risks to these critical infrastructure sectors is the compromise of ICS and SCADA systems inside operational technology environments (OT environments). Attackers can move laterally from IT networks to OT environments, with the potential to cause even greater damage or disruption. But even those attackers, who solely focus on compromising IT environments, are still able to trigger major disruption, by disabling day-to-day processes that are involved in the production and roll-out of solutions and services. Rise in cyber-attacks on utility and energy sector Recent events have shown that attacks on the utility and energy sector are ramping up Recent events have shown that attacks on the utility and energy sector are ramping up. The attack on the US Colonial Pipeline, for example, was one of the most high-profile breaches in the industry’s history, particularly when considering the secondary, physical consequences. The decision to shut down the Colonial Pipeline, while considered necessary, triggered a wave of disruption, leading to gasoline shortages and inflated costs. This is just one example of the serious effects that a successful cyber breach can have on an organisation. Ransomware-based attacks Often financially motivated, one of the most common methods that cyber criminals increasingly opt for is ransomware-based attacks, as they are an effective way of blackmailing organisations into handing over valuable credentials or completing financial transactions. Once armed with the company credentials, threat actors can then post a sale of access to compromised networks on underground criminal forums. Armed with stolen credentials and therefore, access to the network, adversaries can then move laterally across the IT systems in OT environments. The ability to travel laterally is a sign of poor network segmentation on the business side between IT and OT networks. Malicious links in phishing emails If files are encrypted by criminals within both environments, businesses are faced with double the amount of disruption. This can lead to companies having to shut down operations, even if just as a precaution, just like in the case of the Colonial Pipeline. Malicious links included in phishing emails are another simple and highly effective method used by criminals to compromise company networks. While there are many security solutions that defend against common phishing attempts, criminal activity is becoming far more advanced, to the point where they are able to bypass standard security systems and gain access to the most sensitive of files. Why critical infrastructure is targeted Common forms of attack involve theft of personally identifiable information (PII) of customers and employees Businesses within the utilities and energy sectors often hold data deemed highly valuable by threat actors, including both basic criminal gangs and advanced nation-state operatives. Common forms of attack involve theft of personally identifiable information (PII) of customers and employees, either for further exploitation or to sell on the dark web. However, motivations can develop far beyond the usual common criminal. Nation-states have also taken great interest in these industries to steal competitive intelligence, in order to gain market advantages over foreign competitors. States including Russia, Iran and China, have all been suspected of targeting competitor countries in the critical infrastructure markets. Cyber threats posed by nation-states Aside from gaining a competitive edge, nations have also been known to engage in these cyber battles as forms of retaliation for previous attacks, or to get one-over on rivals. For example, it’s been recognised that motivations behind Iranian actions on the energy sector are due to the value of oil and gas in being central to the Iranian economy, and international efforts against their nuclear programme. Other Iranian actors have focused their efforts on water infrastructures and attempted to compromise chlorine levels in Israeli water supplies back in 2020. The chlorine levels would have been reset to toxic levels, which could have had devastating physical consequences. On the other hand, motivations in China have revolved around competitive intelligence and intellectual property for cyber espionage. The data is subsequently used to advance economic growth in different industries. Physical and digital disruptions Due to the nature of these industries, in addition to companies facing business disruption and loss of customer trust, consequences could span beyond the digital side of the business. As outlined above, these attacks on utilities and other industrial organisations can result in physical damage, as well as digital disruption. Unlike other markets, utilities are directly involved in people’s lives, and any attack on a company will impact individuals through a domino effect. The incident with an Iranian actor attempting to sabotage chlorine levels in an Israeli water supply is a prime example of this. While the attack was against the water provider itself, the consequences could have been harmful to the wider population, who rely on the water supply. Again, the Colonial Pipeline attack had consequences that expanded beyond the targeted company. Inflated prices and fuel shortages impacted all customers at the end of the supply chain. Attacks on any critical infrastructure could cause both short and long-term physical impacts, including blackouts, disrupted energy supply, and even physical harm to individuals. Need for a multi-layered defence solution The best way to deal with these forms of cyber-attacks is to bring everything right back to basics The best way to deal with these forms of cyber-attacks is to bring everything right back to basics. In most cases, criminals carry out their attacks by first gaining access to IT networks through the usual means of phishing emails and malicious links. Organisations should, therefore, ensure they have a multi-layered defence solution implemented, including advanced email security. There are a number of features that these solutions should deploy, including spam filters to prevent malicious emails from actually making it to the inbox. Sandbox analysis is also critical for scrutinising email attachments, especially for external senders and emails containing suspicious file formats. These solutions should feature rules that block the execution of macros in Microsoft Office attachments to emails from senders outside the organisation. Enhancing cyber security with encryption and authentication Additional features to help prevent lateral movement through the network are also worth considering. Demilitarised zones (DMZs) are also often used to divide IT and OT networks, as part of segmentation efforts and have proven to be highly effective. Further solutions such as encryption and authentication requirements will help restrict adversaries’ access to different areas of the network, should they be successful in breaching the defence line. Everyone should be involved in maintaining an organisation’s line of defence. Education and training are vital, as employers can arm workers with the tools to spot and remove malicious emails, should any make it through the line of defence. Educating employees on enterprise security Human workers are often considered the weak point in a company’s cyber security, often due to lack of understanding of the risks. Keeping employees informed and educated will prove beneficial to the security of an organisation in the long run.