Medieval kings protected themselves from attackers with curtain walls. These were wide, high, stone walls that circled their castle – and many are still standing today.
In the 1000 years since, businesses have tended to follow this model when it comes to protecting their organization and employees.
But things have changed.
The move to the cloud had already made it difficult for you to ensure your business was operating within the high stone wall. But the almost overnight switch to large-scale remote working that followed the emergence of Covid-19 meant that it became impossible. A new approach to security and compliance is needed; one which protects the modern business and your most crucial asset: your employees.
This was the thinking behind the security features of Microsoft 365.
Organizations needed a solution that could cover the majority of security functionality in one fell swoop.
The M365 portfolio does this by grouping security functionality into four key areas that can be integrated with each other. These are:
- identity and access management
- threat protection
- data protection
- security management
The use of M365 security controls puts businesses in a position where they can be proactive rather than reactive when it comes to security management. The integrated components improve security posture visualization, clarity of information, and enable automation.
The M365 portfolio can also be tailored to meet specific requirements with additional overlay security controls. This makes it adaptable to any business in any sector.
Safety drives productivity
A huge productivity drain when it comes to cyber security is time. Updates to security traditionally mean downtime to your system, and multiple passwords can mean it takes considerable time for users to log in. Added to this is the time needed to digest all the security and compliance information necessary to ensure your organization remains safe.
Thankfully, Microsoft has designed the M365 portfolio to have minimal impact on end-users’ working practices.
M365 can issue prompts and warnings to users when their activities might result in a security incident, for example when attempting to send a sensitive internal document to an external recipient.
It’s these improvements to the user experience that significantly reduce the chances of a security incident impacting on productivity.
Resilience in hard times
As mentioned previously, the pandemic has led to unprecedented numbers working remotely virtually overnight. Accessing systems outside the office can be a risk. So, security systems need to be able to react as quickly as possible to unplanned threats. As well as protecting the business, it is also crucial that employees feel shielded from any threat when using equipment in their homes.
Dealing with this can be challenging and time consuming for everyone. But there are three practices that can help businesses using M365 to transition their operations to remote locations while retaining productivity:
Firstly, conduct ongoing risk management assessments. This means you’ll be able to deal with potential future security loopholes which will help you to decide which M365 controls you should focus on.
Secondly, audit and follow the appropriate processes. By knowing exactly what processes you have and how they should be carried out, you’re leaving no room for risky interpretations.
Finally, rehearse your businesses response to a security breach. You’ll never know how strong your curtain wall is until you test it, and the pandemic has shown that you can never be too prepared.
By having these practices in place, your business can tackle security concerns or breaches from the onset. This reduces the amount of time you would have spent dealing with the issue, had the problem been left to grow.
Microsoft 365 best practice
At Fujitsu, we’ve been working with Microsoft to support customers in using M365 effectively.
Of course, some actions within M365 security will take longer to conduct, like the auditing and assessments discussed above. But there are also smaller practices that can make significant improvements and also reduce the time spent on security in the long-term.
- Base your M365 security on business requirements, not technical capabilities: as your requirements change, ensure your policies continue to align.
- Take action: auditing and assessments is a great way of gaining insight, but it will be worthless if you don’t act upon it.
- Have processes in place to manage incidents: M365 provides significant security information, don’t let identified security incidents slip under the radar.
- Understand the functionalities available to you: this is often overlooked, so make sure you’re getting the most from your investment.
Ultimately, the M365 portfolio has been designed for quality protection and user-experience. However, the risks cyber attackers pose are constantly evolving, and to ensure your M365 portfolio can withstand this it’s important use it in the most efficient way possible.
Spending time on what may feel like non-essential security warnings from your M365 may feel frustrating or a waste of time. But by acting as soon as possible, you can nip potential threats in the bud.
Because ultimately, it takes a lot longer to re-build a wall than it does to bolster it.
We need to reimagine the employee experience in the post-pandemic world. Learn more about securely driving productivity on our New Ways of Working page.