Claranet | Why you need a Microsoft 365 Secure Health Check

June 15, 2021 Claranet Limited

The switch to distributed working has resulted in Microsoft Teams growing by 145 million users since April 2020. Whether your business was part of this wave of accelerated change, or already an established user of Microsoft 365, there is one overriding priority: to make sure your business-critical application is secure and your data is 100% protected. 

As businesses rapidly accelerate to digitise and move to cloud;  their quest is to increase agility, productivity, and competitiveness. But, as employees are enabled to work in new ways, from anywhere, these changes also pose significant security risks. This might not have been front of mind when organisations started their experience with Microsoft 365, but it is something that should be high on their list of priorities now.   

The security landscape has changed and keeps changing

As we’ve shifted from office to remote working, we’ve seen an increase in cyberthreats and threat actors looking to capitalise on the disruption, change, and uncertainty affecting staff and businesses during this time. The digital and security landscape has changed. The new security perimeters are not restricted by the physical location(s) of an organisation – they now extend to every access point that hosts, stores, or allows access to corporate resources and services. Interactions through these access points will often bypass on-premises, perimeter-based security models that rely on network firewalls and VPNs. Organisations which rely solely on physical security on site lack the visibility, solution integration, and agility to deliver timely end-to-end security coverage.

Introducing Zero Trust  

The Zero Trust framework is not a new concept; it has been around for years. It is based on the principle: never trust, always verify. This sounds like an obvious approach, however, those traditional IT security solutions were designed to trust anyone and anything inside the network, and block anyone and anything trying to get in from the outside.

As we change the way we’re working, accessing more cloud applications, and using more mobile devices, the security perimeter is disappearing and no longer defined by a physical location. This means that these traditional types of security solutions alone are no longer sufficient. Instead, Zero Trust is about trusting no-one and nothing, whether inside or outside the network.       

There’s no single solution that can be implemented to achieve Zero Trust. Instead it’s more a philosophy in the way that technology is being developed, implemented, and adopted. It’s essential to ensure you have the right level of protection and decide what would work best for your organisation.

Consider what's at stake

  • Your company’s bottom line: The average cost of a security breach in 2019 was $3.92 million 
  • Your company’s reputation: After a breach, customer retention and winning new logo business is likely to drop dramatically.
  • Your continued revenue: Will your customers leave for a competitor they perceive to be safer or more responsible? 
  • Your information: The median time from compromise to discovery in 2016 was 99 days leaving plenty of time for attackers to damage or steal your assets 
  • Your job: A breach could cost you and your team their jobs 

What next? Microsoft 365 and Zero Trust

Microsoft have developed Microsoft 365 with Zero Trust principles at its heart, so the first place to start is ensuring your environment is configured in the best way. When deciding which features to utilise within Microsoft 365 you must consider a number of issues like how much freedom you want to give your employees; how to account for industry security regulations and  compliance;  and the continued maintenance of any security features implemented.

Here are a few considerations to get you started…

Identity 

  • Are all accounts restricted and using two forms of authentication? 
  • Has a minimum password length and complexity been set up? 
  • How often should passwords expire? 
  • Do you want to give your users the ability to do their own password reset?
  • Do you work with any other countries? Have you locked down the Microsoft 365 environment so only employees in approved countries can log into your 365 tenants?  
  • Do you want to combine this with MFA (Multi Factor Authentication) also?  

Data Leakage Prevention (DLP) 

Do you want to allow users to Share Data to external users or even copy the data to personal files?  

Devices 

  • Do your devices meet the minimum requirements?   
  • Where are you with your update policy? Do you always force out the latest updates or take your time? 
  • What office suite are your users using? Do you want to block legacy authentications?  

We can help! Microsoft 365 Secure Health Check 

We recognise that this can all sound a little daunting, but we’re here to help. Claranet are offering  a review of your Microsoft Office 365 tenant to produce the following: 

A simple report, produced by one of our Office 365 Consultants, looking into your configuration to highlight if there are any areas of concern and to give you peace of mind that you have good security posture. ​During our assessment we’ll cover;

  • Identity
  • Admins configuration 
  • Sharing policies – SharePoint, OneDrive, and Teams 
  • Email configuration 
  • Microsoft Teams configuration 

We’ll then jump on a call to talk you through any critical, urgent, or high-risk issues with recommendations.  We will guide you, or implement for you, the changes required, and help you understand the impact so you  can communicate these changes to your users.

Within Microsoft Office 365 there is a Secure Score reporting page that you have access to now and you can compare yourself between industry standard across Microsoft Office 365. With this report and the Secure Score you get a clear indication of where to tighten up your security and where to potentially ease restrictions as well.  

Licensing and Adoption 

You might want to consider reviewing your subscription options. Do you have the best subscription type for your users? Could you pay less? Are your users really getting the best out of Microsoft Office 365 and adopting all the cool features they have access to? Are you using 3rd party products that are already included as part of your Microsoft Office 365 subscription, or might be cheaper if migrated to Microsoft Office 365? 

What we ask for in return 

If you have specific areas of advanced security that drill deeper than the above, we can put together a simple proposal to deliver these for you. Some of these items take time and a collaborative effort between us and you to hit the right mark balancing security with usability.



Further reading  

https://www.ncsc.gov.uk/news/rise-microsoft-office-365-compromise 

https://home.kpmg/xx/en/home/insights/2020/09/microsoft-365-getting-ahead-of-threats.html

 

Previous Flipbook
Claranet | REaD Group Case Study
Claranet | REaD Group Case Study

REaD Group provides winning data security for clients with Claranet Continuous Security Testing

Next Flipbook
Claranet | PageGroup Case Study
Claranet | PageGroup Case Study

Technology is the lifeblood of PageGroup, and it had already undertaken its own Azure cloud migration proje...