OSP - Assignment 1 Task 1
Executive Summary
This report reviews the essential cybersecurity tools that an SME needs to protect its systems, data, and users. It focuses on three core areas: password managers, firewalls, and file‑encryption tools. Each tool was assessed for its security benefits, ease of use, cost, and suitability for a growing organisation.
For password managers, cloud‑based and enterprise solutions were found to be the most effective for SMEs because they offer central management, secure sharing, and strong protection against weak or reused passwords. After comparing options, NordPass Business is recommended due to its strong security features, ease of use, and positive feedback from business users.
The report also compares different types of firewalls, including hardware, software, and cloud‑based options. Software‑only firewalls were identified as the least suitable for SMEs because they are harder to manage and offer weaker protection. Cloudflare WAF is recommended as the best overall choice because it provides strong security, automatic updates, and simple deployment without the need for specialist skills. Cisco ASA remains a good alternative for organisations with in‑house IT expertise and more complex network needs.
Finally, the report explains the importance of file‑encryption tools for protecting sensitive data. It outlines the main types of encryption and highlights how encryption helps organisations meet legal requirements such as GDPR and the Data Protection Act 2018.
Overall, the recommended tools provide strong security, support compliance, and are suitable for SMEs that need reliable protection without unnecessary complexity.
Introduction
Cybersecurity is essential for every modern organisation, and choosing the right protection tools is key to keeping systems, data, and users safe. Firewalls, Password Manager software, and File encryption tool each play a crucial role in defending against cyber threats, but their effectiveness depends on selecting the right type and understanding their strengths and limitations. This report will provide a concise overview of different firewall types, compare hardware, software, and cloud-based solutions, and evaluate leading file encryption tool and password manager products based on required security capabilities. The aim is to identify the most suitable options for the organisation and ensure a secure, reliable, and compliant digital environment.
Password Manager Types
Based upon delivery method, there are 3 different categories of password managers available for SMEs:
Local Password Managers
Cloud-Based Password Managers
Enterprise/Federated Password Managers
Local Password Managers
Local password managers are applications that keep all your saved passwords, notes, and keys in an encrypted file, which is stored on your device. Nothing is uploaded to the company’s servers unless you choose to sync manually using your own method. They are often open source, which allows independent security audits and long-term transparency. They use a single strong master password to unlock your local encrypted database.
Benefits | Drawbacks |
|
|
Cloud-Based Password Manager
A cloud-based password manager is a service that keeps your passwords, secure notes, and other credentials in an encrypted vault stored on the provider's cloud infrastructure. You unlock the vault with a master password, and the service syncs your data automatically across your devices, such as phones, laptops, browsers, and tablets.
Most modern services use a zero-knowledge design, meaning the provider cannot decrypt your vault because the key is derived from your master password on your device.
Benefits | Drawbacks |
|
|
Enterprise/Federated Password Managers
Enterprise password managers are systems that store and manage passwords and access credentials for teams, departments, or even entire organisations. They work by encrypting data locally using a master password, syncs across devices, and enables IT to enforce security policies.
Benefits | Drawbacks |
|
|
Password Manager Recommendation
A password manager in an SME needs to be secure, centrally managed, scalable, and easy for staff to use. When comparing local, cloud-based, and enterprise password managers, the least suitable option is a local password manager due to several factors, such as:
No central administration – IT cannot enforce policies, reset passwords, or remove access when staff leave
High risk of data loss – If the device fails, is stolen, or corrupted, passwords may be unrecoverable unless backups are manually maintained, which would require more resources
Poor scalability – Adding new users, syncing across devices, or supporting remote workers becomes more complicated
Weak collaboration – SMEs often need shared credentials; local tools make sharing insecure or inconvenient
Security depends on each device – Malware, outdated software, or user mistakes can compromise the entire password store
No audit trails – SMEs cannot track who accessed what, which is essential for compliance and accountability
This is why I recommend between cloud-based and enterprise password managers as they are better options for an SME because they solve the core problems SMEs face. Local password managers fail in these areas, while cloud and enterprise solutions directly support how SMEs operate today.
Password Manager
NordPass Password Manager
Price: £3.59 per user/month (14-day NordPass Business Trial included)
Pros | Cons |
|
|
Pricing and Plans:
I recommend the Premium version of the app because it offers affordable pricing and includes high-quality features and settings for SMEs. NordPass offers a free plan, but it limits you to one account and doesn’t sync passwords across all your devices.
Platforms:
NordPass offers browser extensions for:
Chrome, Edge, Firefox, Opera, and Safari
Mobile apps for Android and iOS and desktop applications for Linux, macOS, and Windows.
User Reviews: Source: ( NordPass Business Reviews & Ratings 2026 )
NordPass Business has been awarded a 9.1 out of 10 from a trusted source “Trust Radius”. It has been reported that the password manager helps SMBs and Enterprises optimise the company’s workflow and boost productivity.
The review strengthens NordPass’s reputation by coming from a verified, experienced business user who gives it a full 5‑star rating. The reviewer highlights that they manage many logins and that NordPass Business has been “incredible” for maintaining security, suggesting it performs reliably under heavy and professional use. The fact that the review is vetted and tied to real user credentials adds credibility, making it a strong recommendation due to NordPass’s effectiveness and trustworthiness.
Tech Specifications:
Actionable Password Strength Report |
|
Digital Legacy |
|
Fill Web Forms |
|
Import from Browsers |
|
Multiple Form-Filling Identities |
|
Product Category | Password Managers |
Product Price Type | Direct |
Secure Password Sharing |
|
Two-Factor Authentication |
|
RoboForm for Business
Price: £9.45 for the first year (£23.88/year)
Pros | Cons |
|
|
Pricing and Features:
RoboForm Business costs £23.88 per user per year. In addition to the primary password management features, the plan includes an Admin Centre where you assign roles for access control and view detailed activity logs, audit reports, a dedicated account manager, dark web monitoring, secure sharing, SCIM provisioning, and SSO integration.
Supported Platforms:
RoboForm offers desktop clients for both Mac and Windows, as well as apps for Android and iOS, and browser extensions for Chrome, Edge and Firefox.
User Reviews: Source: (RoboForm Reviews & Ratings 2026 )
RoboForm has been awarded a 9.2 out of 10 by a trusted source “Trust Radius”. It’s been reported that the software helps companies to organise logins and passwords, making password generation, storing and sharing easier and much more secure optimal for SMEs.
RoboForm stands out as a strong choice for anyone seeking a reliable password manager, and this review reinforces that. A verified executive with over a decade of experience gives the product a full five‑star rating, praising how effectively it eliminates the need to remember countless passwords and provides quick, effortless access to them. With the added credibility of a vetted, transparent review, it’s clear that RoboForm delivers meaningful value in a business environment where security and convenience matter.
Tech Specifications:
Actionable Password Strength Report |
|
Digital Legacy |
|
Fill Web Forms |
|
Import from Browsers |
|
Multiple Form-Filling Identities |
|
Product Category | Password Managers |
Product Price Type | Direct |
Secure Password Sharing |
|
Two-Factor Authentication |
|
Password Manager’s Choice and Rationale
For a small or medium‑sized enterprise, NordPass Business emerges as the stronger recommendation because it offers a more comprehensive balance of security, usability, and long‑term value compared with RoboForm.
When comparing both tools, NordPass provides a richer set of advanced security features, such as password health reports, breach scans, email masking, and emergency access, which are especially valuable for SMEs that may not have a dedicated cybersecurity team but still need enterprise‑grade protection. Its business‑focused tools, including individual employee vaults, Google Workspace SSO, and a clean, intuitive admin dashboard, make it easier for managers to oversee access without adding complexity to daily operations. Although RoboForm is slightly cheaper and offers solid essentials like an Admin Centre, audit logs, and dark web monitoring, its more restrictive free plan and limited sharing options make it less flexible for growing teams.
Both products score highly on Trust Radius, but NordPass’s reviews emphasise improved workflow and productivity, key priorities for SMEs aiming to streamline processes without sacrificing security. Taking all these factors together, feature depth, ease of adoption, strong user feedback, and suitability for small business environments.
I concluded that NordPass Business provides the most future‑proof and operationally supportive solution for an SME, while still recognising RoboForm as a reliable alternative for organisations prioritising simplicity and lower upfront cost.
Firewall Types
Types of Firewalls | Descriptions |
Packet Filtering Firewalls | Inspect the headers of data packets, the IP addresses and port numbers, to block or allow traffic based on predefined rules. This offers cost-effective, high-performance, security and ease of use, making them an affordable first line of defence for simple security needs and small networks, perfect for a small organisation as its cost friendly and easy to set up. |
Circuit-Level Gateways | Monitor network sessions for legitimate, established connections, preventing unauthorised access. Greater network performance, security, and cost-effective solution by operating at the session layer of the network model, which allows for faster and less resource-intensive security checks. They act as a proxy, enhancing privacy by masking internal IP addresses, providing simplicity in configuration and implementation, and can be a cost-efficient security solution compared to deep-packet inspection firewalls. |
Stateful Inspection Firewalls | Track the status of network flows and connections, enabling more intelligent decisions on which packets are appropriate within a session. Key advantages include enhanced security through contextual understanding, improved threat detection of complex, multi-packet attacks, and dynamic logging for network security audits and improvement. This allows them track active network connections to analyse packet behaviour. |
Proxy Firewall | Act as a single point of connection, mediating requests between internal and external networks to conceal internal identities. Proxy firewalls provide advanced security by acting as a central gateway that inspects all network traffic at the application level. This ensures security, defence and regulations are being followed. |
Next- Generation Firewalls | A modern, comprehensive firewall that combines various security functions, including intrusion prevention, application awareness, and deep packet inspection, into one session. They provide cost efficiency by consolidating multiple security functions into one device, offer scalability to adapt to growing network needs, and help ensure regulatory compliance. |
Web Application Firewalls | Specifically designed to protect web applications by inspecting and filtering HTTP traffic to prevent web-based attacks. It provides critical advantages for businesses by protecting against cyberattacks like SQL injection and Cross- Site Scripting (XSS), safeguarding sensitive data, enhancing compliance and boosting uptime. |
Based upon the delivery method, there are 3 different categories of firewalls available:
Hardware-Based Firewalls
Software-Based Firewalls
Cloud-Based Firewalls
Hardware-Based Firewalls
A hardware firewall is a dedicated physical device that sits between your internal network and the outside world, filtering traffic based on security rules. It acts as a gatekeeper, inspecting data packets and blocking anything that doesn’t meet the defined policies. This makes it a core layer of network protection for businesses.
Benefits | Drawbacks |
|
|
Software-Based Firewalls
A security software that runs on a computer, server, VM, or cloud instance. It filters incoming and outgoing traffic, blocking suspicious traffic and preventing any unauthorised access. It also monitors outbound traffic to detect any malware attempting to communicate externally.
Benefits | Drawbacks |
|
|
Cloud-Based Firewall
A cloud firewall is a software-driven firewall deployed on a cloud platform rather than physical hardware. It creates a virtual security perimeter around cloud resources such as VMs, databases, SaaS applications, and remote endpoints. It performs the same core functions as a traditional firewall, such as traffic filtering, access control, and threat detection, but is delivered as a cloud service.
Benefits | Drawbacks |
|
|
Firewall Recommendation
A software-based firewall is the least suitable firewall for SME when it's used as the primary line of defence.
This consists of several reasons, such as:
Being hard to manage consistently across many devices, as all devices need their own configuration, updates, and monitoring, which can be limited for SME organisations due to their limited IT staff, this becomes unmanageable and leads to threats going undetected.
There is no strong perimeter protection as it protects individual endpoints, not the network, which means there is no central control point, no unified threat detection, and no protection for unmanaged devices which join the network.
It's also highly reliant on user behaviour; if employees disable the firewall, the organisation will lose protection, making the software-only setups fragile and inconsistent.
That’s why I recommend looking at different Cloud-Based and Hardware-Based solutions, as they are far more suitable for an SME than relying on software-only protection because they provide centralised control, stronger security boundaries, and far less dependence on individual devices or user behaviour.
Legal/Security Requirements
A password manager helps organisation host crucial confidential data and helps SMEs meet legal requirements around protecting personal data, securing access to systems, and preventing unauthorised access. Legislations such as UK GDPR requires organisations to meet certain criteria in order to make sure that data is protected at all times. Strong authentication is a core tool that supports the law. Password manager enforces strong, unique passwords for every system and reduces any risk of data theft and account compromise. Alongside UK GDPR legislations like Data Protection Act 2018 reinforces the requirements to secure personal data. As password manager support DPA 2018 criteria by helping organisation reduce the likelihood of any data breach and unauthorised access to sensitive information and support secure authentication for systems handling personal data. It is important for organisations (particularly SMEs) to avoid breaching these legislations as it involves consequences such as fines, lawsuits, and reputational damage which can impact their brand image and delay or cancel any organisations future goals or plans of expansion.
Firewall
Cloudflare WAF
Price: $200/month (£149.02/month)
Pros | Cons |
|
|
Price and Features
This common plan used by UK businesses offers key features such as:
Advanced WAF
PCI compliance support
100% uptime SLA
Prioritised support
Custom SSL certificates
Enhanced performance and caching controls
User Reviews: Source (Cloudflare Reviews & Ratings 2026 )
Cloudflare is often a strong recommendation for an SME because it gives smaller organisations enterprise‑grade protection and performance without the enterprise‑grade complexity or cost.
Cloudflare’s review clearly shows it’s a strong fit for SMEs because it highlights features that smaller businesses rely on, like bot protection, web optimisation, and reliable DNS, while also emphasising that the platform is well‑priced and built on a solid, scalable tech stack. Even the listed drawbacks relate to enterprise‑level partner processes, not day‑to‑day product use, which further suggests that SMEs benefit from a straightforward, powerful, and cost‑effective solution.
Tech Specifications
Core Security Capabilities | Advanced WAF with OSWAP rules, custom rules, bot mitigation, threat intelligence from millions of sites, and built-in IDS/IPS style behaviour through Layer 7 inspection |
Network Protection and Control | Unmetered L3-L7 DDoS protection, firewall rules, rate limiting, geo-blocking, IP reputation filtering, DNSSEC, and Zero Trust access points |
Performance and Reliability Features | Global CDN, caching, image optimisation, load balancing, anycast routing, and a 100% uptime SLA on the Business plan |
Encryption and Certificate Support | Automatic SSL/TLS, TLS 1.3 Support, custom SSL certificate upload, and secure key management |
Monitoring, Logging and Management | Real-time analytics dashboard, security event insights, API access, and log export to SIEMs like Splunk or Datadog |
Scalability and Integration | Seamless integration with Shopify, WordPress, Salesforce Commerce Cloud, AWS, Azure, and more; automatic rule updates; globally scalable edge network |
Cisco ASA / Cisco Firepower
Price: Cisco Firepower 1010 (£500-£900)
Pros | Cons |
|
|
Key Features
Next-Generation Firewall (NGFW) with deep packet inspection
Intrusion Prevention System (IPS) via Firepower services
URL and content filtering
Malware and threat intelligence (Cisco Talos)
High-Availability options
Centralised management via FMC
User Reviews (Source: Cisco Adaptive Security Appliance (ASA) Software Reviews & Ratings 2026 )
Cisco ASA is a strong recommendation for an SME because it delivers enterprise‑grade security in a way that smaller organisations can manage. This shows that ASA performs well in real business environments, supports hybrid working, and offers dependable protection without overwhelming SMEs with complexity.
The review strengthens Cisco ASA as a solid choice for SMEs because it comes from a verified, experienced director with over a decade of hands‑on use, which gives the feedback strong credibility. The reviewer highlights that Cisco ASA provides a “great and easy way to manage” secure remote access to the office network, a critical requirement for SMEs with hybrid or remote staff. This shows that ASA is not only robust but also practical and manageable in real‑world environments. Combined with the positive tone and vetted status, the review shows that Cisco ASA is trusted, effective, and user‑friendly enough to support SME security needs without unnecessary complexity.
Tech Specifications
Deployment Type | On-premises hardware firewall |
Throughput | 650 Mbps to 2Gbps depending on model |
VPN Throughput | 100-300 Mbps |
Management | Firepower Management Centre |
Security Services | IPS, AMP, URL filtering, threat intelligence |
High Availability | Active/standby supported |
Form Factor | Desktop or rackmount depending on model |
Firewall Choice and Rationale
For an SME, Cloudflare WAF is the stronger overall choice, with Cisco ASA remaining a good option only in specific scenarios.
Cloudflare WAF provides SMEs with enterprise‑grade protection, simple deployment, and predictable costs, all without requiring specialist networking skills. This makes it ideal for SMEs that need strong security but lack the resources to manage complex firewall appliances. Its ease of use, automatic updates, and strong user reviews make it a practical, scalable, and cost‑efficient solution.
Cisco ASA, while powerful, is better suited to SMEs with dedicated IT staff and a need for secure remote access or internal network segmentation. It offers strong VPN capabilities and robust perimeter protection, but it requires more configuration, higher upfront cost, and ongoing technical management. For many SMEs, this level of complexity is unnecessary unless they have hybrid networks or compliance requirements that demand on‑premises control.
Legal/Security requirements
A firewall is a core security control that helps organisations meet legal obligations such as GDPR as they prevent unauthorised access to systems holding personal data and reduce any chance of data breaches. Alongside legislations like Data Protection Act 2018 reinforce the security requirements to secure personal data. It is important for organisations (particularly SMEs) to avoid breaching these legislations as it involves consequences such as fines, lawsuits, and reputational damage which can impact their brand image and delay or cancel any organisations future goals or plans of expansion.
File Encryption Tool Types
File encryption tools are software applications that protect digital data by converting readable information (plaintext) into unreadable, scrambled code (ciphertext) using cryptographic algorithms and keys.
There are two primary types of encryption methods:
| Symmetric | Asymmetric |
How it works | Symmetric encryption works by using one shared secret key to both encrypt and decrypt data. Everything resolves around that single key: if you have it, you can read the data; if you don’t, the ciphertext is useless. | Asymmetric encryption works by using 2 linked keys, a public key and a private key, to decrypt, sign, and verify data. Unlike symmetric encryption, the keys are not interchangeable, and only one of them can reverse the operation performed by the other. |
Key Types | Single shared key | Keypair: Public + Private Key |
Speed/Performance | Very fast, efficient, for large data | Slower, computationally heavy |
Best Use | Encrypting large files or streams | Securely exchanging keys and authentication |
Drawbacks | Encrypting large files or streams | Securely exchanging keys and authentication |
Based upon the delivery method, there are 3 different categories of file encryption tools available:
Full-Disk Encryption (FDE) Tools
File-Level & Folder Encryption tools
Cloud-Based Encryption
Full-Disk Encryption (FDE) Tools
Full-disk encryption is a security method that encrypts 100% of a storage device. The encryption is applied automatically and continuously. When the device is powered off, the entire disk is unreadable. When you authenticate at boot, the disk decrypts in real time.
Benefits | Drawbacks |
|
|
File-Level & Folder Encryption Tool
File-Level encryption applies cryptographic protection to individual files or specific folders, rather than the whole drive. Each encrypted item becomes unreadable without the correct password, key or certificate.
Benefits | Drawbacks |
|
|
Cloud-Based Encryption
Cloud-Based encryption refers to any system where files are encrypted locally or encrypted by the cloud services before being stored on remote servers. The goal is to ensure that even if the cloud provider is compromised, your data remains unreadable.
Benefits | Drawbacks |
|
|
File Encryption Recommendation
The least suitable file-encryption option for an SME is folder-level or file-level encryption used on its own. It offers useful protection in specific areas, but it lacks the scalability, consistency, and central control that SMEs typically need. Several factors influence my decision:
No central management – Each user must manually encrypt files or folders, leading to inconsistent protection
High risks of human error – Staff may forget to encrypt sensitive files, store unencrypted copies, or misconfigure settings
Poor scalability – As the SME grows, managing hundreds of encrypted files becomes chaotic and challenging
Difficult access control – Sharing encrypted files securely between employees is cumbersome and often insecure
No device-wide protection – If a laptop is stolen, unencrypted files or cached data may still be exposed
Limited auditing – SMEs cannot easily track who encrypted, accessed, or modified files.
Full-Disk encryption (FDE) and cloud-based encryption are more suitable for an SME because they provide consistent protection, centralised control, and scalability, which are the core requirements for a small and medium-sized organisation.
File-Encryption Tools
NordLocker
Price: $6.99/month ($83.88 for the first 12 months) - £5.21/month (£62.50/ year)
Pros | Cons |
|
|
Pricing and Features:
You use it to create lockers, encrypted storage containers that provide full access to files when open but make them completely inaccessible when locked. Subscribing raises your storage to 2TB cloud storage with further features like unlimited end-to-end encryption and secure file sharing.
Supported Platforms:
You can access your cloud locker from the NordLocker app for Windows, macOS, Android, or iOS, or log in directly to the online cloud console.
User Reviews: (Source: NordLocker Reviews & Ratings 2026 )
NordLocker has been awarded an 8.1 out of 10 by a trusted source “Trust Radius”. It can sync files from endpoints running Windows, macOS, Android, and iOS and user can access the cloud storage via a web browser.
The review strongly backs NordLocker as a reliable and effective solution because it comes from a verified administrator with real organisational experience, giving it immediate credibility. The reviewer highlights a practical, security‑sensitive use case handling government and DoD documents for new hires, which shows that NordLocker performs well in environments where confidentiality and compliance are essential. Describing the product as “inexpensive and scalable” reinforces that it offers good value for SMEs that need secure file‑sharing without high costs or complex setup. The emphasis on end‑to‑end encryption demonstrates that NordLocker meets strict security expectations, while the 5‑star rating and vetted status further validate its reliability. Altogether, the review shows that NordLocker is trusted, cost‑effective, and capable of handling sensitive workflows, making it a strong recommendation for organisations needing secure document management.
Tech Specifications
Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
Operating Systems | Unspecified |
Mobile Application | Apple iOS, Android |
Create Encrypted Storage |
|
Rate Password Strength |
|
Two-Factor Authentication |
|
BitLocker
Price: Free
Pros | Cons |
|
|
Pricing and Features
BitLocker does not have a standalone price because it is built into certain editions of Windows. This makes BitLocker one of the most affordable full-disk encryption solutions for SMEs, especially those already using Microsoft’s ecosystem.
User Reviews (Source: BitLocker Reviews & Ratings 2026 )
The review reinforces BitLocker as a reliable and highly manageable encryption solution because it comes from a verified IT professional working in a large‑scale, enterprise environment, giving the feedback strong credibility. A full 5‑star rating further strengthens the endorsement, showing that BitLocker performs effectively in demanding environments. Altogether, the review demonstrates that BitLocker is not only secure but also practical and scalable, makes it a strong recommendation for organisations that need efficiency and centrally managed full‑disk encryption.
Tech Specifications
Deployment Types | Installed locally as part of Windows Pro/Enterprise; managed through on‑prem tools (Group Policy, SCCM) or cloud tools (Intune). |
Operating Systems | Windows Pro, Windows Enterprise, Windows Education (BitLocker is not available on Windows Home). |
Mobile Application | Not Applicable |
Create Encrypted Storage |
|
Rate Password Strength |
|
Two-Factor Authentication |
|
File-Encryption Tool Choice and Rationale
After comparing NordLocker and BitLocker across pricing, features, platform support, user reviews, and legal/security requirements, the most suitable choice for an SME becomes clear. BitLocker stands out as the stronger overall recommendation for organisations that primarily use Windows devices and need cost‑effective, centrally managed full‑disk encryption. It is built directly into Windows Pro and Enterprise at no additional cost, integrates seamlessly with Intune and Group Policy for centralised control for SMEs. The user review you analysed reinforces this by highlighting BitLocker’s reliability and ease of deployment in large enterprise environments, demonstrating that it scales effectively and performs well under demanding conditions.
However, NordLocker remains an excellent complementary tool for SMEs that need secure cloud‑based file storage and encrypted file‑sharing across multiple platforms. Its end‑to‑end encryption, zero‑knowledge architecture, and ease of use make it ideal for protecting sensitive documents, especially when sharing externally or working across Windows, macOS, iOS, and Android. The verified review praising its scalability and suitability for handling government‑level documents further supports its value.
Overall, BitLocker is the evident choice for device‑level protection and compliance, while NordLocker is best used alongside it for secure cloud storage and encrypted file‑sharing. Together, they provide a strong, layered security approach that aligns well with the needs, budget, and operational realities of small to medium‑sized organisations.
Legal/Security Requirements
A file-encryption tool is explicitly encouraged as a safeguard for protecting personal data. Common legislations like GDPR requires organisation to use appropriate technical measures to secure personal data. These measures involve tools like encryption, as encrypted data is unreadable for third-party users protecting end-users’ data from malicious users. Alongside GDPR, Data Protection Act 2018 reinforces the requirements to secure personal data as file encryption demonstrates that an organisation has taken reasonable steps to protect sensitive information. It is important for organisations (particularly SMEs) to avoid breaching these legislations as it involves consequences such as fines, lawsuits, and reputational damage which can impact their brand image and delay or cancel any organisations future goals or plans of expansion.
User Access Control
Effective user access control is essential for ensuring that only authorised individuals can access SME’s systems, data, and services. Strong access control reduces the risk of data breaches, credential theft, and unauthorised access, while also supporting compliance with standards such as Cyber Essentials and GDPR. The following controls are recommended to ensure secure access for all users, whether they are working on‑site or remotely.
Device-Level Access Control
User access must begin at the device level to ensure that only trusted, authenticated devices can connect to SME’s network.
Authentication Method | Inmpact |
Local Authentication Security | All devices should use a secure authentication method, such as "Windows Hello”, which supports biometric sign-in which reduces reliance on passwords and helps prevent unauthorised access if a device is lost or stolen. |
Multi-Factor Authentication (MFA) | Use of MFA adds an extra layer of security by requesting a second verification step. This prevents any unauthorised access, even if a password is compromised. |
Domain-Joined Devices | All devices should have joined the SME’s Active Directory domain. This allows central authentication and ensures users can access different services such as Office 365 and OneDrive. This also allows admins to enforce consistent security policies across all devices in the organisation. |
Server-Level Access Controls
Centralised access control is essential for managing user permissions, authentication methods, and security policies across the organisation.
Setting up a server as a domain controller allows SME to manage user accounts, organisational units, and permissions centrally. Group Policies can be used to enforce password rules, lockout policies, software restrictions, and security updates across all devices.
Access Control Models
Discretionary Access Control (DAC) | Permissions controlled by data owners |
Mandatory Access Control (MAC) | Strict, system-enforced access tends to be used in high-security environments |
Attribute-Based Access Control (ABAC) | Access based on attributes such as departments, location or device type |
Role-Based Access Control (RBAC) | Access is based on user's job role |
RBAC is the most suitable model for SME. It allows permissions to be assigned to roles (e.g., Administrator, Manager, Support Staff), and users are then assigned to those roles. This ensures consistent, least‑privilege access and simplifies management as the organisation grows. Role groups can also be created to streamline permission assignment across departments.
Centralised Management and Policy Enforcement
By joining all the devices to the domain and managing them centrally, the SME can;
Enforce security policies across all endpoints
Roll out Windows Updates and patches automatically
Apply consistent authentication requirements
Revoke access instantly after staff leaves
Monitor user activity and detect suspicious behaviour
Centralised control ensures that access policies are applied uniformly, reducing the risk of misconfiguration or security gaps.
Cloud Integration
If SME transitions to cloud-based models, these access control methods can be migrated to Microsoft Azure Active Directory.
The Directory supports:
Conditional access policies
Cloud-Based MFA
Identity protection and risk-based authentication
Seamless Integration with Office 365 and cloud applications
This ensures that access control remains consistent and secure across both on-premises and cloud environments.
References
Comments
Post a Comment