Organisations are constantly looking for solutions and concepts that can empower employees, enable teamwork, and transform how their organisation competes, complies with regulations, and deliver the best customer experiences. Keeping employees engaged is just one of the challenges for any organisation, but with further adoption of technology through mobile access, multi-device policies and cloud services consumption, security and protection of data has become a very complex and a daunting reality for many organisations.
This article explores how the workplace is evolving, the security requirement that comes with it, and how embracing Microsoft’s Cloud Solutions such as M365 and Azure suites provide modern solutions to help combat these very real issues.
The Ever-Evolving Workplace
Digital technologies are fundamentally reshaping user demand, how they operate every day and the competitive dynamics across all industry sectors. At the same time, these digital innovations are restructuring the end-to-end user journey and the experience they expect. Winning organisations are adapting quickly to digital challenges by redefining the user experience and employee empowerment strategies, rethinking their operating models, and reimagining existing business models to exceed expectations. The UK industry landscape will be disrupted further by new user and employee expectations, rising operational costs, threats of new market disruptors/entrants, and an evolving cybersecurity landscape.
Success requires delivering a modern workplace designed to meet evolving employee expectations, connect and empower all employees, and manage an increasingly complex digital landscape. A truly modern workplace provides solutions that allow all employees to work better together to confidently achieve results, delight their customers, and make more valuable contributions to the bottom line.
The workplace and the way people work are changing:
Employees must be agile and innovative in delivering superior business experiences, so they can increase customer loyalty, market share and revenue.
Attracting and retaining the right talent requires a modern workplace that equips teams with a clear purpose, supports teamwork, and enables productivity.
Intelligent processes help improve business management for greater efficiency, agility, and customer satisfaction.
Employees need new tools and quicker access to data to make decisions quickly, capture emerging markets, and unlock new opportunities.
Microsoft 365 – The World’s Productivity Cloud
Within Microsoft 365, there are three core scenarios that illustrate how the underlying technology comes to life in valuable ways:
Connected experiences enable the ability to flexibly work and collaborate with colleagues, and help us be more productive with intelligence.
Integrated workflow transforms business processes with modern tools that bring line of business systems together and accelerate the flow of information.
And intelligent security, which harnesses the power of AI to protect assets compliantly and to guard against modern threats – all without hindering productivity.
The intelligent, connected cloud introduces both opportunity and risk
Technology has changed how we do business. As organisations embrace the opportunities presented by cloud, connecting with customers, and optimising operations, they take on new risks:
Almost all companies have embraced the cloud at some level.
Traditional IT boundaries are disappearing. Users are increasingly mobile, making it harder to secure user credentials.
Businesses are leveraging applications and cloud storage to work smarter, but that causes challenges for IT security, because hackers are increasingly attacking through shadow IT.
Adding to this pressure, the quantity of data is growing exponentially and shared broadly. CISOs are challenged keep data safe and compliant with privacy regulations across hybrid cloud and on-premises networks, cloud apps and personal mobile devices.
One of the biggest challenges in digital transformation is ensuring security across the entire digital landscape, without reducing end-user productivity. Today, protecting company assets requires a new approach.
The best of breed model is broken
The realities of digital transformation, the increased sophistication and motivation of hackers, and the shortage of qualified security talent have put organisations now in the middle of a perfect storm.
Given these pressures, how do organisations respond today?
They typically layer point-solution after point-solution onto their security. This is complicated, and can get messy.
In fact, continually layering ‘best of breed’ point solutions to address emerging security needs has caused enterprise security to breakdown:
Tools are not integrated because it’s too expensive and complex. This creates gaps in visibility.
There are more alerts to triage than a typical sized team can handle.
Retraining the SecOps team on new tools is a constant challenge.
Lastly, this complexity, across both end user experience and IT management, significantly impedes productivity.
Cloud-native capabilities provide simplicity
While no single security solution will solve your problems, we recommend, fundamentally, that you simplify your approach to complex security challenges by using cloud-native security capabilities that are built into your platform, devices, and productivity tools.
Microsoft 365 Security will help:
Reduce your IT complexity & risk
Improve your agility in responding to threats
Lower your TCO
Deliver uncompromised productivity
Microsoft 365 Security also appears in the leader category of several analyst reports across our security offerings, highlighting the fact that “best of breed” tools are becoming a thing of the past.
Microsoft 365 Security
Microsoft recognises that an organisation's data is their most valuable asset. We also recognise that most enterprises lack the ability to understand what data is sensitive and control access to that data. This includes your emails and documents, but also includes things like employee passwords and customer credit card numbers.
Once an external threat has compromised a user identity, they can log into the device as you and they have the device. Then, they can log into your apps as you and then they get your data.
You need identity and threat protection that keep users, devices, and applications safe by correlating threat information across your entire digital footprint and automating incident response.
Surrounding all of this, security insights recommend ways to optimise the configuration of your security tools and provide a quantifiable measurement of your security posture.
Microsoft 365 provides holistic security across these four aspects of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Management
Secure identities to reach zero trust
Threat Protection
Help stop damaging attacks with integrated and automated security
Information Protection
Protect sensitive information anywhere it lives
Security Management
Strengthen your security posture with insights and guidance
The most trusted platform
In just a few short years, we’ve heard customers go from saying “I do not want to move to the cloud because of security” to firmly (and correctly) stating “I need to go to the cloud because of security.”
Which means that the work cloud providers do to keep their platforms safe – as well as compliant – become increasingly critical.
By choosing Microsoft, customers gain the benefits of one of the largest and most secure cloud platforms on the planet.
It starts with operational excellence in the cloud (clock-wise on the globe)
Physical security
Operational security
Global cloud fabric that runs our clouds (Office365, Azure) and our security services
The first side is the secure foundation of our cloud services. This is about how Microsoft operate their own cloud services, Azure, Office 365 and so forth. They have some of the world's best physical security, with fences and barbed wire and so on to provide secured building environments and within those buildings, secure server environments.
To enter a server environment, for example, a person would have to pass through multiple physical layers and provide multiple forms of identification. They would also be scanned for metal in their pockets to make sure that they are not bringing devices in to steal information. So, there's a great deal of physical security in place that we do on behalf of all of our customers in our cloud services and that make it possible for behaviour customers to really leverage the investment that we've made in that respect.
Another example of Microsoft’s operational excellence is around restricted access. When Microsoft employees need elevated access so that they can do maintenance on a service, or so they can investigate a customer support issue, they only have access to exactly the resources they need to access and for only exactly the amount of time that they need it. So, they have just in time and just enough access to do their work, and then they get out. They don't have any standing elevated access that allows them to view customer data.
And this is something, again, where an investment at Microsoft gets heavily leveraged because all customers benefit.
Lastly, customer controls are an important part of this. This is something that we get asked about a lot when we talk to customers about cloud services. “What are the things that I have at my control so that I can decide how I want to manage my data and access to it?” Access controls, of course, are the very foundation of it, with multi-factor authentication for admins at customer sites who are in charge of operating Azure for that customer or operating Office 365. Having multi-factor authentication is a basic that we think is fundamental.
And lastly, network and distributed denial of service protection is in place for all of these services. Microsoft operate a level of protection to ensure our services work reliably, and Azure customers can take advantage of additional protection at the network layer to suit their needs.
Cross-cloud intelligence
The centre piece of Microsoft’s investment in intelligence is the Microsoft Intelligent Security Graph. This is how they describe the way that they synthesize a vast amount of data from a huge variety of sources available to Microsoft across both its commercial and consumer clouds.
For example:
400 billion emails get analysed by Outlook.com and Office 365 email services every month.
1.2 billion devices get scanned every month by Windows Defender. That gives us a great deal of signal into what's happening on endpoints, and where are the attacks, and what do they look like these days?
Microsoft operate 200-plus global cloud, consumer, and commercial services. Everything from outlook.com to Xbox Live to Office 365 to Azure, and so on. And with all of those services, they have a tremendous amount of surface area that they defend. Enterprise Security from Microsoft is employed by 90% of the Fortune 500.
And so, they see more attacks than most other companies on any given day. They gain invaluable insights and information from defending against those attacks.
750 million plus Azure user accounts give Microsoft tremendous insight into how people authenticate to Azure. And that, combined with the 450 billion monthly authentications that they do with Azure Active Directory and Microsoft Accounts, really gives some tremendous insight into what is normal behavior when it comes to sign-ins and authentications, and what is abnormal behaviour, and how often is it that someone has the right password, but they're not the person they say they are. A lot is learned about defending that really important control point, the identity, by looking across that set of data.
Bing scans about 18 billion web pages every month, giving really great insight into what people are doing with web scripting technologies when it comes to attacks and phishing campaigns. And Microsoft have a great way to look at that and understand how they should help customers defend based on that information.
On top of all of that Microsoft layer shared threat data that they get from partners, from the researchers at Microsoft who are part of a 3,500-plus team that are full time on security, and law enforcement agencies that they partner with worldwide through the digital crimes unit, as well as botnet data collected through the digital crimes unit. All of that intelligence makes up the Intelligent Security Graph.
Comprehensive enterprise class technology
Microsoft invest in built-in controls across the many platform layers.
We want to highlight the second component of Azure security-enabling defence in depth and simplifying security management with built-in controls and services as well as integrating partner solutions. These are the solutions that you can use to get enhanced protection for your Azure workloads quickly.
Identity: With the industry leading solution for Identity and access management with Azure Active Directory, you can get greater control over protecting against identity threats.
Capabilities like Role Based Access Control, MFA or Identity protection will ensure the right users are getting the appropriate level of access and will help you minimise risks associated with identity thefts or misuse of admin privileges.
Data protection: Ensure confidentiality and integrity of data by leveraging multiple encryption options for data at rest in virtual machines, databases and storage. Data encryption controls are built-in to services from virtual machines to storage, SQL, CosmosDB and Azure Data Lake. Azure Key Vault enables you to safeguard and control cryptographic keys and other highly confidential information used by cloud apps and services.
Network security: You can establish secure connections to and within Azure using virtual networks, network security groups, VPN, and ExpressRoute. Protect and ensure availability of your apps, protect against network layer threats with services like Web Application Firewall, Azure Firewall and Azure DDoS Protection
Threat Protection and Security Management: Finally, it is equally important to assess your security state continuously, especially as cloud workloads change dynamically. Azure Security Center will help you monitor security state of Azure resources and hybrid workloads. It will provide a dynamic security scorecard and recommendations to improve your security in a centralised console making security management easier across different resources. And you get advanced threat protection across many services like virtual machines, servers, apps, Azure SQL, Storage, containers on VMs – backed by Microsoft Intelligent Security Graph you are able to detect and respond to threats quickly across these services. Azure also offers a robust log management system and you can get a lot more insights from Log Analytics.
Lastly, you can extend the security capabilities of Azure with a rich array of products built specifically for the Azure platform. The Azure Marketplace includes solutions for antimalware, networking security, encryption, monitoring and alerting, application security, authentication, and more. These all help to protect resources across hybrid environments.
Microsoft 365 security suite advantages
While no single security provider will cover your entire digital footprint, through Microsoft’s investments and scale within enterprise organisations, customers have an advantage in creating a comprehensive, adaptive security program.
END-TO-END SECURITY
A set of holistic security capabilities that can reduce the number of security vendors you manage.
Individual components that are purpose-built to integrate together, which decreases the total cost of ownership.
Because security is natively built-in, deployment and on-going security management is simplified for security administrators.
Security capabilities extend beyond Microsoft products to secure 3rd party platforms, apps and services (Windows, Mac, iOS, Android, Dropbox, Box, salesforce.com, etc.)
Includes standard integration capabilities, so you can connect your other security tools (3rd party or homegrown).
Intelligent, adaptive security gives users more freedom and autonomy in how they work and collaborate, from anywhere on any device.
Threat protection gains insight from the 6.5 trillion signals/ day compiled by the Intelligent Security Graph from across the global Microsoft ecosystem.
Building Trust
Business and users are going to embrace technology only if they can trust it.
Security is one piece of most organisation's approach to creating broader trust in technology.
HybrIT shares values with Microsoft, with trust being a central part of our mission. Also, our shared innovation principles help to provide clarity to our customers as we work together to deliver new technology, without over-engineering solutions that are costly to implement and support.
We believe great organisations are powered by great people, and giving them purpose-built solutions from innovators like Microsoft will strengthen their ability to do their best work. The modern workplace demands a modern workforce, but also a secure one. Align all of these components successfully and you will experience an injection of productivity gains and positive growth.
As you can probably tell by this article, HybrIT is both experienced and incandescent when it comes to unlocking solutions from Microsoft. We spend a lot of our time consulting with customers through enablement workshops and jump-start engagements, only taking a consultative approach and providing the very best industry advice.
Interested? Get in touch: partnerships@hybrit.co.uk
Comments