Complimentary Microsoft Security Assessment
Security is number 2 on every executive board agenda – Get a handle on your security posture with a complimentary Microsoft security Assessment. If you are a “managed” Microsoft customer and want to get a handle on your current security posture within O/M365 and Azure, then this is for you. The assessment covers four days and is structured into three themes.
1. Information Management and Protection
- This theme covers methods to protect your most critical information including, Windows Information Protection, Azure Information Protection, and O365 Data Loss Preventio
i. Information is your most valuable asset and is without doubt a target for theft or misuse
ii. Visibility into individual behavior and interaction with business critical information is without a doubt one of the most positive steps you can take to reduce the attack surface in your business.
iii. The average business impact and cost of a breach is $17m – don’t think that I cannot happen to you. It can, and most likely will to some degree
2. Identity Access and Management
- This theme covers Identity access & management, including credential management, conditional access, Azure AD Identity protection & privileged identity protection.
- Knowing who has access to your environment, from where, and when will significantly reduce the risk of credential theft, unauthorised access, and ultimately data loss, IP theft and/or reputational damage when a breach has to be disclosed. Visibility into the Microsoft One Security capability and how you can rationalise vendors, products, and 3rd party subscriptions, Leverage the built in capabilities of Windows will also help you realise costs savings.
i. Do you have concerns about how passwords are managed, shared, written down
ii. Are your users who they say they are and can you be sure that any given user should have access, and be able to do just what they need to do?
iii. Do you have a large number of global administrators that have the power to do what they want, whenever they want?
3. Advanced Threat protection
- This theme covers going beyond typical end point protection and exploring how you can significantly reduce the attack surface by integrating O365 Advanced Threat Protection, Windows Defender Advanced Threat Protection (WDATP), Cloud App Security and O365 Advanced security management
- Do you have a mixed fleet of devices to protect, are devices registered or managed, do you have a mix of Windows and MacOS devices, do you suspect that individuals are using non sanctioned or private cloud sharing applications, or are you simply making assumptions that your current end point protection strategy has you covered? Simply – do you feel out of your depth or out of control to some extent?
- See how mail in O365 is protected with advanced threat protection, attachments scanned by ATP prior to arriving in your inbox. See how the Azure Windows defender ATP portal can give you visibility of advanced threat protection across windows and MacOS devices. See how Cloud App Security can protect what is entering and existing your business
Upon completion of the themed focus days, we work together with the security teams to present a “roadmap for success” starting with the current risk position and then moving into the short, medium, and long term recommendations.
Concerned about governance and compliance? Adoption of microsoft cloud services can move at a staggering pace, yet governance and compliance can be left in the jet stream and represents both significant risk, and fear of the unknown, after all, you cannot manage what you cannot see and cannot secure what you cannot manage. So visibility and a known good baseline is an essential launch pad.
Known good – So what should we do? Establishing a “known good” baseline is taking the opportunity to understand how your tenancies look right now by leveraging the security assessment to determine define a security score and subsequent baseline. This approach provides the ability to make informed and strategic decisions based on how the baseline security score changes over time together with suggested and continuous risk reduction recommendations on how to improve the security posture whilst maintaining or improving governance and compliance.
Where to from here?
Join the Insentra Community with the Insentragram Newsletter
Hungry for more?
Service Trust Portal – Part 2
By [Dan Snape]
In my last blog I provided some insights into the Microsoft Service Trust Portal and Compliance Manager. In this blog I want to dig a bit deeper into the Compliance Manager Assessments. As we know, Assessments apply to one of the Microsoft cloud services and either a standard (for example ISO-27001-2013) or a regulation (for example GDPR).
Veritas Risk Advisor & How Insentra can help you
With Veritas Risk Advisor, Insentra can perform an IT Risk Assurance assessment for one or more of your critical business services that are configured in a highly available manner with replication to a secondary datacenter.
Are you Smart Enough to Protect your Data?
Australians take heed! 69% of Americans think having their personal information stolen in their lifetime is inevitable.