Recognising the importance of securing their cloud environments, our client was looking to secure their Microsoft 365 environments and services to the highest possible standard, aligning them with best working practices.
The Challenge
Our client required specialist expertise to manage and regularly assess their cloud security posture. Specifically, they were looking for a long-term engagement, with assessments carried out every six months as this would provide them with a repeatable baseline from which they could measure improvements or changes in environment that have led to any security degradation.
The Solution
As part of a long-standing standing Cloud Security Posture Management (CSPM) engagement, our client has been working with Bridewell since 2022. To deliver the CPSM, we provide our client with Cloud Security Posture Assessments (CSPA) every 12 months. These assessments inform them of any potential risks in their cloud platforms, provide a remediation plan to rectify any emergent concerns, and benchmark how their cloud security posture has improved over time.
These assessments also consider the Microsoft licences available to our client as well as the features that are offered within the licences. For both our client’s internal IT team and Bridewell, these assessments have been the foundation of our planning and strategy.
Throughout each assessment period, our consultants access our client’s various administrative portals to check controls and technical security measures are in place. Where controls are not in place, our consultants recommend a suitable mitigation or remediation. The technical controls being assessed are formed from three key areas including: CIS 1 benchmarks, Microsoft Secure Score, and our own curated technical checks aligned to current industry best practice and internal knowledge and experience.
Every six months, at the start of each CSPA, we hold a scoping meeting with our client to define any prerequisites for the assessment. This ensures that we have access to all the required people and systems to conduct the assessment with minimal disruption.
Using these CSPAs, our client has driven, and continues to drive, improvements in the following areas:
Identity and Access Management (IAM) Assessment
Our consultants assess how secure our client’s environment is in terms of users accessing data. The assessment framework we use covers many aspects that also align to Microsoft Secure Score. Therefore, our consultants considered various areas including Privileged Identity Management for administrative users. This assessment extended to assessing how administrators enter the environment as well as checking for a robust Breakglass/ Emergency access process.
Endpoint and Device Security Assessment
We review our client’s use of Microsoft Intune to check that required policies are in place, with emphasis placed on mobile device management.
Email and Phishing Protection Assessment
To ensure that email communication is protected, we assess several features and configurations within the environment including how Conditional Access applies to cloud applications and whether third party integrations are in place.
Data Security and Data Protection Assessment
As part of our CSPM engagement, we assess Data Loss Prevention (DLP) measures. This involves identifying gaps in existing configurations and advising our client accordingly.
Security Monitoring and SIEM Assessment
Our consultants check that logging is appropriate for our client’s budget, and ensure that security benefit is at the forefront of ingestion considerations. Leveraging Microsoft Sentinel’s native data connectors, we provide them with enhanced visibility into their environment. Any misconfigurations or missing configurations are identified and highlighted, with necessary implementations carried out.
Zero Trust and Network Security Assessment
Reflecting our client’s ways of working, our consultants have considered how their employees consume organisational data and services, introducing Conditional Access reviews and an Intune Bring Your Own Policy configuration. Through rigorous scoping, testing and implementation, we’ve ensured that data is accessed securely without hampering the user experience.
The Results
Since 2022, our client’s overall security posture has been significantly strengthened, and they now benefit from the successful implementation and enhancement of key security measures. They now meet best practice with their technical controls and have retooled security policies that reduce administrative overhead.
These improvements to the security of their environment have been reflected in their Microsoft Secure Score.
A UK-based organisation in the hospitality sector.
