Menu
Cybersecurity Package
Intervy can help you learn about cybersecurity in a fun way.
Prepared by cybersecurity professionals, this package contains quizzes to help sustain employee awareness. It can be implemented together with other cybersecurity campaigns in your organization (formal training, social engineering campaigns, etc.) Regular updates based on real-world threat environments will effectively provide an endless supply of unique content on the per-employee level. Not only will it be a constant reminder highlighting the importance of cybersecurity to your employees, but you will also be able to use data from Intervy to assess the performance of other cybersecurity initiatives and adjust them based on detected changes in response patterns.
Practice what you preach – we strongly believe in this idiom. We are providing the cybersecurity thematic package for Intervy users, but what is more important – we have also built it in line with the Zero Trust Architecture principles. There is no state of absolute security, it is a journey rather than an end goal. A journey you absolutely must take to survive in the current world climate. Please feel free to review our findings, architectural choices and adapt them to your solutions when creating and modernizing.
Some key Zero Trust principles are applied on Intervy
1. Architectural awareness
When designing Intervy, we are aware of each architectural component. This helps us to identify all the resources used and prevent potential risks in the architecture.
2.Identify every event
We ensure that every identity representing a user, service, or device is uniquely identified. This helps us monitor user behavior, the device, and service health. We use a centralized SIEM (Security and Information Event Management) solution to track, hunt, and respond to security events. Just like Intervy, SIEM is cloud-native but architecturally separated to ensure data preservation and response capabilities in case of disruption to the application itself.
3.Use of policies
Each request for data or services is authorized by a policy. For every authorization request, there are specific Just-in-Time and Just-Enough-Access (JIT/JEA) policies in use.4. Authenticate & authorize everywhere
Since Intervy works as a Microsoft Teams app, all users are authenticated by Microsoft 365 Single Sign-on (SSO) without requiring them to enter additional login credentials, reducing the risk associated with additional passwords to access Intervy. We recommend that you enforce Multi-Factor Authentication through Microsoft to increase the security of your credentials and in turn the security of the data you store on Intervy.
5.Don’t trust any network
All Intervy data is encrypted both in transit (using TLS 1.2+) and at rest when stored in databases. In addition to the physical layer of protection provided by the Microsoft Azure platform, access to Intervy production environments is fully logged, audited, and restricted to a limited number of technical personnel during an incident investigation or limited set of maintenance works. Intervy development is performed in entirely separate environments without use or access to customer data.