Case Study
Microsoft compliance assessment reveals compelling business case for data governance improvements
The Microsoft Compliance Assessment delivered evidence of sensitive-information-related vulnerabilities, a list of ROI-improving opportunities, and a clear picture of the actions and costs associated with making changes. The client is now equipped to build a compelling business case to secure funding and move forward.
Client: Global Insurance Company
Complexities
- UK and international operations
- Highly regulated environment
- Multiple ongoing migrations into Microsoft environment
Results
- Completed a Microsoft Compliance Assessment and scan of the environment to identify our client’s risk profile and current exposure
- Delivered a detailed report summarising our findings relating to unprotected sensitive data in their environment
- Provided a practical roadmap of steps to achieve a more mature compliance posture including Return-On-Investment (ROI) optimisation opportunities
The challenge
Cloud Essentials was challenged to answer three critical questions as part of the Microsoft Compliance Assessment:
What was the client’s current risk profile and exposure based on their existing data?
What opportunities were there to tap into unused functionality to derive greater value from existing Microsoft licences?
Where and how should the client begin to address any identified risks and opportunities?
"The Microsoft Compliance Assessment was an eye-opener for the client and has left them fully equipped to build a compelling business case to secure the budget to move forward"
Our solution
Discovery
The Discovery phase of the Microsoft Compliance Assessment covered the two topics of business and data. By engaging with stakeholders across the business, Cloud Essentials were able to build up an understanding of our client’s environment, goals, challenges and vulnerabilities. From a data perspective, Cloud Essentials used Microsoft risk discovery tools to identify stale and/or sensitive data residing within onsite and cloud locations.
Assessment
The Cloud Essentials team includes Compliance/Risk professionals as well as IT/Technical experts. Our multidisciplinary team were able to engage with a wide range of business stakeholders to benchmark current compliance maturity (active controls) against relevant regulations.
Exploration
Within the ‘exploration’ theme, the Cloud Essentials team used their in-depth knowledge of the Microsoft Purview toolset to explore opportunities to improve compliance with quick wins from existing unused (or underused) functionality.
Next steps
Cloud Essentials created a practical roadmap of achievable steps to expedite results. The client was then able to use the roadmap to build a business case for investment.
Results
The client was surprised by the breadth and depth of our assessment, which revealed more unprotected sensitive data in their environment than they had expected. Our detailed report summarised our findings and provided a practical roadmap of achievable steps towards a more mature compliance posture.
Key recommendations included:
Sensitive data: Creating a data classification taxonomy to enable more nuanced control over sensitive data with varying security/protection requirements.
Data retention: Introducing automated deletion and retention policies to enable more granular retention management to balance regulatory compliance and storage growth.
ROI optimisation: Maximising value from Microsoft licencing by deploying Microsoft Compliance Centre, Microsoft Purview and Microsoft Purview Advanced eDiscovery. This would enable centralised data management and incident response, with improved security, and the ability to perform in-house forensic investigation and DSAR requests – no expensive third-party services necessary.
Compliance maturity: Taking the next step towards compliance maturity with a managed deployment of Microsoft Purview’s Information Protection, Data Loss Protection, Retention and Data Governance solutions.
Compliance is a journey. Let us help you set off in the right direction.
Expert insights
Read our expert insights into data compliance
