Fujitsu’s consulting and roadmap approach to security solutions in Thailand
In the digital era, more information is being generated, shared and stored in digital formats than ever before. As quickly as data is being generated, new and increasingly sophisticated forms of cybercrime are proliferating. In parallel, additional compliance, governance and regulatory requirements are being introduced all over the world with the intent of protecting data. Thailand is no exception with the recent introduction of the Personal Data Protection Act (PDPA) and the new Cybersecurity Act of 2019.
No organization wants to be put in the position of responding to data breaches, cybercrime or other security threats. The impact from information falling into the wrong hands can have damaging and expensive implications for a company’s intellectual property, finances, competitive advantage, brand equity and more.
Yet, according to the 2019 Mid-Year Data Breach Quick View Report, 2019 is shaping up to be one of the worst years on record for breach activity. By June 2019, 3,813 breaches were reported globally, with an estimated exposure of over 4.1 billion records. And these are just the breaches that were detected and reported.
An uncomfortable reality is that the organizations reporting breaches aren’t small businesses. They are almost all companies with security teams, infrastructure, strategies, process, training and budgets in place to drive proactive protection practices.
It is no surprise, then, that many Thai companies feel the security posture of their organization is not strong enough to prevent leaks. And at the forefront of thinking across Thai businesses is compliance with the Personal Data Protection Act (PDPA) and the new Cybersecurity Act of 2019, both passed into law by the Thai government earlier this year.
Among a range of requirements, the PDPA expects companies who work with individuals in Thailand to:
• have a legal basis to collect and use personal information (in some cases requiring consent)• respect heightened requirements for sensitive personal data
• implement appropriate security measures and notify data breaches
• facilitate the exercise of rights of individuals relating to their personal data.
The Cybersecurity Act allows the Thai government to track, monitor and access digital data if it deems cyberthreats are damaging to the critical digital infrastructure of the Kingdom1. Private organizations that use or provide computer systems for work across national security, financial services, and services targeted towards the public are required to:
• provide the names and contact details of key stakeholders who own, use, or possess computer systems• conform to code of conduct and cybersecurity standards as prescribed by lawms
• conduct thorough risk assessment
• notify stakeholders of instances of cyberthreats.
The security landscape in Thailand is changing. Now is the time for organizations to take action to ensure their infrastructure and operations are strong and ready to meet compliance requirements.
Fujitsu’s five-pillar approach to planning security solutions
At Fujitsu, our philosophy is that successful security measures mean mitigating breaches before they happen and capturing learnings to prevent future incidents, while ensuring business continuity across an organization.
We have long experience as a security service provider globally, both for our own operations and for those of our customers. Our full range of professional security services and managed security services are based on best-of-breed security technologies, and we develop and provide our own security products and solutions.
Fujitsu's local and global security operations centers (SOC) provide a 24x7 secure service tailored to customer’s requirements, drawing on more than 40 years of experience in highly secure environments. Our next SOC will be opening soon in Thailand.
We appreciate that, to create a truly effective cybersecurity solution, it's important to understand the unique demands of each organization and the related risks. To achieve that, we use a consultative approach focused on co-creating a roadmap for each customer around their specific needs. Our approach is built around consideration for five core pillars, including:
1. Endpoint security
Endpoint management and endpoint security is a fact of life for every organization. We specialize in devising solutions on endpoint devices to prevent file-based malware, to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts.
Our comprehensive approach to planning endpoint security delivers our customers ultimate endpoint protection including detection and response mechanisms, data loss prevention, encryption and unified management. We also plan for advanced malware protection, management of clients, servers and assets, and overall file integrity and asset management.
2. Data center security
As a major primary resource for companies, the data center merits dedicated security assessment and focus. Fujitsu’s approach to data center security planning emphasizes practices that make a data center more secure from a range of threats and attacks.
We conduct vulnerability assessment and penetration testing, compliance audits, network and application performance monitoring and secure source code analysis.
We review privileged access management, multi-factor authentication, security orchestration and automated response (SOAR), security information and event management, and DNS, DHCP and IP management, managed security services and virtualized system security models.
3. Network security
The network is the backbone enabling every organization’s daily operations. Effective network security manages access to the network, making it a critical focus for any security strategy. Fujitsu has a clear focus on protecting the usability and integrity of your network and data, across all hardware and software technologies.
Our approach to network security targets a variety of threats and stops them from entering or spreading on your network. We take into account next-generation firewalls, secure web and email gateways, intrusion detection and prevention plans, and data loss prevention for networks and email. We plan for advanced malware protection across email and networks, network access controls and load balancers, SSL VPN, web isolation and incident response plans for denial of service threats.
4. Cloud security
The many benefits of cloud computing are motivating more Thai companies to shift part, or all, of their business to the cloud. Our approach to cloud security is complete. We have long experience designing strategies to monitor and protect data stored online from theft, leakage and deletion. We take into account multiple methods of security including firewalls, penetration testing, obfuscation, tokenization, virtual private networks (VPN), and avoiding public internet connections.
Our security solutions address email security, SaaS security, network security and web security. We design security plans to monitor and manage data loss prevention, advanced malware protection, endpoint detection and response and multiple vulnerabilities. Our solutions include proactive plans to guard against distributed denial of service attacks. And we conduct audits to assess compliance gaps.
5. Security services
Fujitsu security services are intended to help design practices for preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information to reduce risk and ensure compliance. We analyze security and operations by conducting vulnerability assessments, penetration testing, and cybersecurity forensics, among other actions. We also assess the strengths and weaknesses of training plans and techniques and monitor and evaluate managed security services.
Fujitsu’s consulting-led approach to tailoring security solutions
The reality is that most organizations are already aware of their security vulnerabilities, they just always don’t know what to do about them. Fujitsu has the experience, expertise and combination of technologies and services to quickly assess what’s happening inside an organization and design reliable security solutions. Once we understand the security risk to an organization, or the desired security state, we begin our consulting-led approach to tailor the most effective security solution for that organization’s particular circumstances.
We offer three levels of consulting support, designed to provide flexibility to organizations for wherever they may be in their security journey:
1. Foundation. This level of support focus on prevention. Most organizations at the foundation level already have antivirus protection in place and understand the need for prevention measures.
2. Adaptation. At this level of support, we assess how much an organization may need to invest for comprehensive detection.
3. Innovation. This is the most comprehensive level of support where organizations want an end-to-end security service which includes investigation of, and response to, any detected breaches. At the innovation level, organizations need to provide resources to monitor end-to-end, investigate, analyse and respond.
Getting started
For more information about how Fujitsu’s enterprise and cybersecurity services can protect your business please contact us.
1http://bakerxchange.com/cv/a3d5bbb4daa5db21765f44d1ccd97b10b844dbb4
Explore our latest Security Insights
See how our customers solved their challenges
Events
Meet our Security expert
Pornchai Ponganekkul
Director of Digital Infrastructure and Business Alliance
Fujitsu (Thailand) Co., Ltd.
