On a regular basis we are helping organisations, which may even already have ISO27001 accreditation, to identify and mitigate considerable security risk. A badge isn’t enough if you want to protect your organisation – through this review you will receive expert, frank feedback and practical advice on the steps you can take to reduce risk and, very often, considerable cost all at the same time.
There is no one-size-fits-all for security, nor is there a single-fix product you can buy that solves it all. It is easy to think you are protected when you are not – and it is easy to pay too much for unsuitable products and tools. We will help you determine what is the most appropriate set of tools and approaches for you and we will help you implement them.
Through this process, we will use the below matrix to build your plan from:
| External Actors | Internal Actors | |
|---|---|---|
| Prevent | How do we keep relevant external actors out of the system? | How do we prevent internal actors from accidentally or maliciously leaking data? |
| Detect | How do we know if an external actor is attacking the system right now? | How do we know if internal actors access data they shouldn’t be? |
| Mitigate | How do we reduce the impact of a successful attack? | How do we reduce the impact of a successful attack? |
What do you need the product to do, by when, and what budget are you working with?
Risk exposure
Assess current setup
Plan your response
Implement the plan
- Determine your risk exposure.
- Understand your current setup.
- Plan a suitable response based on your specific situation, taking into account your risk level and where you are today
- Help you to implement the plan.
Each step is outlined in more detail below, with example questions. We will ask you many more questions during the consultation. Do bear in mind that many of the questions are over the top for many scenarios; we will evaluate the appropriateness with you based on your specific context.
ExposureRisk exposure
Assess current setup
Plan your response
Implement the plan
What obligations are on you? What is the real risk to you and your customers?
| Data Breach | Denial of service | |
|---|---|---|
| Contractual | What do you have in your customer contract or terms of service? | What is your SLA? |
| Legal (inc. GDPR) | What types of data do you store on how many people? | Would the system being down have an impact on your GDPR obligations? |
| How interesting a target are you? | Is your data valuable in itself? To whom? Could it have ransom value? | Do people have reason to want to hurt you? Is there a ransom scenario? |
| What kind of actors are likely to want to attack you?(from drive-by up to state actor). | Similar questions to above. | Similar questions to above. |
| What would the real-world consequence of one of these types of attacks be for... | ||
| Your customers | ||
| You | ||
| Users and/or subjects of the system | ||
Risk exposure
Assess current setup
Plan your response
Implement the plan
| Area | Example questions |
|---|---|
| What is your application architecture? |
|
| What does your infrastructure look like? |
|
| What is your code like? |
|
| What monitoring do you have in place? |
|
| What processes do you have in place? |
|
We will fill this in with the specific initiatives that are appropriate to your scenario.
Risk exposure
Assess current setup
Plan your response
Implement the plan
| External Actors | Internal Actors | |
|---|---|---|
| Prevent | ||
| Detect | ||
| Mitigate |
Risk exposure
Assess current setup
Plan your response
Implement the plan
NewOrbit can help you to implement part or all of the plan:
- Help you deploy and configure a range of Azure tools, monitoring and alerts.
- Advice on the kind of internal processes you may need to implement and how they can be supported by Azure tools.
- Ongoing service to monitor your logs and respond to alerts in order to detect attacks.
- Potentially even become your Azure Cloud Services Provider, as an ongoing partner, to help you monitor your systems and infrastructure, advise on contractual security requirements, on an ongoing basis, and help you stay current.
- Having reviewed the market over the last 10 years, we have also selected partners to assist with both manual and automated pen-testing if needed.
Discover how our Azure services have helped clients across industries tackle challenges and innovate faster:
Unlocking Integration Testing With a Fake OIDC Identity Service
by Kelvin Stott, Jamie Round | 27/10/2025Integration testing with tools like Playwright helps cut costs and reduce risk — but third-party authentication (e.g. Microsoft Entra) often makes it fragile. Using a Mock OIDC service can remove that barrier, making tests simpler, faster and more reliable.
Using AI to write API documentation
by Maciej Kołodziej | 20/10/2025Writing API documentation is hard, but AI can make it collaborative. Maciej Kołodziej shows how using AI as a writing partner improves clarity, structure, and speed — turning technical docs into a smarter, iterative process.
AI Providers Comparison – Why Microsoft Azure Leads for Fintech and Healthcare
by Maciek Fil | 16/10/2025Comparing leading AI providers, this blog shows why Microsoft Azure is the most enterprise-ready choice for fintech and healthcare. From compliance and governance to integration and partner networks, discover how Naitive helps organisations deploy AI safely and at scale.
