Compliance Accelerator-Programme

People, process, technology: the tripod of modern cloud security and compliance

As cloud security and compliance experts, we’re always on the lookout for the latest reports on cyber security trends and challenges affecting IT and compliance teams. This month’s standout read was the Thales Cloud Security Study, bursting with fascinating statistics and commentary on the latest risks and challenges.
We were particularly interested to read their theories on the root causes of data breaches. Spoiler alert: it all boils down to our favourite trio – people, process and technology – and the need for a holistic cloud security approach that addresses all three.

“In this study, 44% of all respondents reported having experienced a cloud data breach, and 14% had experienced such an incident in the past 12 months. Among all those who reported a cloud data breach, 31% identified misconfiguration or human error as the root cause, ahead of vulnerability exploits or failure to implement controls on highly privileged access such as multi-factor authentication.”

Thales 2024 Cloud Security Study

People are often the weakest link in any security chain. Despite best efforts with ongoing training, they make mistakes, ignore policies, take shortcuts and fall victim to phishing attacks.

Process is critical in ensuring business requirements are effectively translated into security best practices, and are followed consistently and comprehensively – particularly in complex and dynamic cloud environments.

Technology enables organisations to automate, monitor and enforce security controls, but must be correctly configured to work properly.

Our own experience lies in Microsoft Purview deployment, where we handle everything from the foundations of data discovery and classification through to Data Loss Protection (DLP), Information Protection and Insider Risk Protection. In our interactions with clients, we’ve seen first-hand how common it is for organisations to have made attempts at Purview deployment only to hit roadblocks that derail their efforts or make it impossible to address one or more of the people, process and technology triumvirate.

A common example is deploying sensitivity labels, but failing to engage stakeholders to make sure users understand what they are and why they are important. Translating classifications and policies into technological configurations is also a frequent stumbling block, with project teams paralysed by questions like: What are the potential pitfalls? How will decisions impact user productivity? Are there unintended consequences that will only become apparent with experience?

The unfortunate truth (explored in more detail in the Thales report) is that misconfiguration is one of the biggest issues affecting cloud security, today. It’s complex, it’s nuanced, and the repercussions of getting it wrong can be monumental.

So, how do you confidently deploy Microsoft Purview? 

In our experience, it’s the combination of business/risk guidance paired with technical expertise that makes all the difference. Together, they make it possible to engage stakeholders from across the business by meeting them where they’re at and ensuring that their decisions are made from an informed perspective with full awareness of any risks and consequences. 

We find this clarity in decision-making allows for more clarity in process and policy development which, in turn, leads to a more accurate alignment between technical configurations and business needs.

The impact of this approach has been so significant that we’ve developed a programme specifically to help organisations capitalise on its benefits. Known as our Compliance Accelerator Programme, it offers subscription-based access to our managed services and multi-disciplined team, and covers all three facets of cloud compliance and security: people, process and technology.

We work as an extension of your own team to facilitate decision-making via a monthly compliance panel. We then assist in the design and deployment of scoped workstreams to meet the agreed objectives using Microsoft Purview capabilities. This is further supported by proactive management and reporting to provide insight into the health and usage of your Microsoft Purview solutions, enabling you to consistently drive compliance maturity in alignment with your business goals and responsibilities.

It is, without a doubt, the most effective method we’ve found to help organisations avoid joining the data breach statistics in a report like Thales. Get in touch to find out more.

The only way to really know if we’re a good fit is to get in touch, so let’s have a chat! One of our friendly experts will get straight back to you. You never know, this could be the beginning of a great partnership.
Bristol
Cape Town
Johannesburg
Email