Cogito Group: Safeguarding Organisations with Cloud Security Services
Cyber security is a critical component in protecting an entity’s infrastructure and its key asset, data. If that entity is a Government body, the significance of protecting that data through cyber security solutions intensifies. This is the reason why when the New Zealand Government moved to a cloud-first strategy to drive digital transformation and agreed to new measures to accelerate the adoption of cloud services by their agencies, cyber security remained a major concern. To augment security and remove it as a barrier to change, the Government initiated an association with an Australian firm, Cogito Group. Richard Brown, MD, Cogito Group says, “Cogito Group specializes in niche cyber security solutions. Currently we provide Authentication as a Service, such as Public Key Infrastructure and Identity Brokerage as a service to New Zealand Government agencies.” The firm also developed the backend product, Jellyfish, that supports the service.
Jellyfish, Cogito Group’s flagship product, has been the driving force for the company to stay at the forefront in the cyber security space. Richard Brown explains, “Jellyfish has been developed to solve the problems that we see customers have with managing and protecting data. Increasingly we are seeing workers that are mobile; applications are in the ‘cloud’ and access to networks through a much broader range of devices. We also need to access this data in more sophisticated ways. Many organisations however, still rely heavily in what we refer to as ‘legacy’ systems. Often these critical systems were never designed to integrate with other systems and applications. Security tools that don’t talk to one another can create huge security gaps. A lot of organisations apply the band-aid solution of writing ad hoc custom code that partially addresses these issues, but this is costly to maintain and manage.
Cogito Group protects data not only from unauthorized access and disclosure, but also from it being altered by an unauthorized third party wherever that data may be and however it gets there
Jellyfish has been designed to tackle all these issues through integrating disparate systems and can actually make the whole more than the sum of its parts.”
“Jellyfish protects data not only from unauthorized access and disclosure, but also from being altered by an unauthorized third party or a trusted insider with malicious intent. This assists in the detection and prevention of fraud or other malicious activities by third parties or your trusted insiders. It’s your one stop shop to manage your security tools and requirements”, details Richard.
To address the authentication related challenges, Cogito Group provides Jellyfish as part of its Authentication as a Service offering, which covers a number of managed security solutions including full Identity and Access Management, Credential Management (such as Public Key Infrastructure and One Time Passwords), cloud access security brokerage, and other security services. Cogito provides a framework to manage the full lifecycle of users, credentials, roles, systems, and devices. Jellyfish provides a foundation for automation, confidentiality, data integrity, authentication, non-repudiation, and threat detection. Cogito’s Jellyfish solution is a multi-tenanted solution that can even allow customers to consume services from one another and from multiple cloud vendors, all with one rather than hundreds of separate connections. It can even ease the burden of multiple logons to services providing a secure, but seamless experience for users consuming cloud and internal services.
Cogito Group has relationships with a number of government agencies across Australia and New Zealand. Jellyfish, as its flagship product, will continue to evolve to ensure that it provides the most holistic view of the organisations’ security posture and fills the emerging gaps in the security landscape. Richard is of the view that as organisations adapt to technological changes, utmost security must also be ensured. He makes a valid point by adding, “Security must ensure strong authentication and encryption are essential components in a layered approach to data protection. That’s what we’re focused on.”