Client: Global Insurance Company
Cloud Essentials was challenged to answer three critical questions as part of the Microsoft Compliance Assessment:
What was the client’s current risk profile and exposure based on their existing data?
What opportunities were there to tap into unused functionality to derive greater value from existing Microsoft licences?
Where and how should the client begin to address any identified risks and opportunities?
The Discovery phase of the Microsoft Compliance Assessment covered the two topics of business and data. By engaging with stakeholders across the business, Cloud Essentials were able to build up an understanding of our client’s environment, goals, challenges and vulnerabilities. From a data perspective, Cloud Essentials used Microsoft risk discovery tools to identify stale and/or sensitive data residing within onsite and cloud locations.
The Cloud Essentials team includes Compliance/Risk professionals as well as IT/Technical experts. Our multidisciplinary team were able to engage with a wide range of business stakeholders to benchmark current compliance maturity (active controls) against relevant regulations.
Within the ‘exploration’ theme, the Cloud Essentials team used their in-depth knowledge of the Microsoft Purview toolset to explore opportunities to improve compliance with quick wins from existing unused (or underused) functionality.
Cloud Essentials created a practical roadmap of achievable steps to expedite results. The client was then able to use the roadmap to build a business case for investment.
The client was surprised by the breadth and depth of our assessment, which revealed more unprotected sensitive data in their environment than they had expected. Our detailed report summarised our findings and provided a practical roadmap of achievable steps towards a more mature compliance posture.
Key recommendations included:
Sensitive data: Creating a data classification taxonomy to enable more nuanced control over sensitive data with varying security/protection requirements.
Data retention: Introducing automated deletion and retention policies to enable more granular retention management to balance regulatory compliance and storage growth.
ROI optimisation: Maximising value from Microsoft licencing by deploying Microsoft Compliance Centre, Microsoft Purview and Microsoft Purview Advanced eDiscovery. This would enable centralised data management and incident response, with improved security, and the ability to perform in-house forensic investigation and DSAR requests – no expensive third-party services necessary.
Compliance maturity: Taking the next step towards compliance maturity with a managed deployment of Microsoft Purview’s Information Protection, Data Loss Protection, Retention and Data Governance solutions.
Read our expert insights into data compliance