Technical Roadmap
This document describes the process for upgrading from Legacy to Modern.
Baseline
-
Tech Lead identified.
-
Zoho Vault for secrets management.
-
Security domains identified and stored with AWS.
-
All administration to be authenticated via FIDO2 + biometric or pin.
-
All in-scope devices identified for the organisation.
-
All in-scope devices brought under Endpoint Management.
-
Compliance Policy defined and applied to each device.
-
Configuration Policies defined to enforce compliance.
-
Users identified and MFA enabled.
-
Access to devices via Windows Hello for Business (biometric or pin).
-
Known Folder Move to OneDrive.
-
Shared data identified and moved to SharePoint Document Libraries.
-
Decomission on-premise AD (where possible).
-
Cyber Essentials certification.
Continued support for legacy services
Where it is not possible to remove legacy services:
​
-
Perimeter 81 installed and configured to provide network direct line of sight.
-
Legacy services moved to data centre (where bandwidth requirements allow).
Enhanced Security
For organisations with enhanced security requirements:
​
-
Data Protection Officer identified.
-
Data identified and classified.
-
Staff to authenticate using FIDO2 key + biometric or pin on any device processing classified data.
-
Perimeter 81 installed and configured and all traffic routed through Perimeter 81 firewall.
-
Azure Analytics Workspace configured and receiving device telemetry.
-
Data Loss Prevention applied to classified data.
-
Mimecast email gateway installed and Litigation Hold applied to email.
-
Defender for Endpoint deployed for threat analysis.
-
MiFID II call recording enabled.
-
Organisation specific configuration stored in GitHub with SSO.