Microsoft’s security story has dramatically changed over the last 5 years. From focusing on providing insights on the periphery of your environment, to becoming a corner stone of a customers security strategy, Microsoft has transformed into a powerful force in the security industry.
It makes sense. Similar to their previous approach with surface tablet development, in seeing OEM partners that were not delivering on Microsoft’s vision, Microsoft rolled up their sleeves and decided “well we’ll do it ourselves then”. And, in a similar manner, Microsoft built upon their foundation of Windows, MDM and authentication which, at the heart of every organisation, is a great place to build out a security offering.
It should also come as no surprise that within an increasingly complicated ecosystem, we find customers frequently asking where to start and when to use Microsoft cloud. Our answer to them is simple; if you’re a Microsoft shop, the question shouldn’t be if you use Cloud, but how much and in what order should you roll their products out.
Thankfully, through M365, Microsoft offers an opportunity to standardise offerings (read, simplify) and eliminate the presence of information and system silo’s: systems that are useful on their own but fail to grasp the bigger picture in order to adequately address the cyber kill chain. This approach maximises savings and increases security in a single leap, so then the next problem to address becomes “where should I start?”
We often address this concern by having the customer fire a flare into the air that helps us understand exactly where their needs fall as it relates to security. Conversations are often started over MDM then quickly shift into securing information assets within their environment. This often happens due to the close relationship that exists between security and management products.
Customers want to first exert some measure of control over an environment before dictating how information assets should behave within it. As whilst securing information assets is important, not having control over systems that access your environment is perceived as a larger and more immediate problem.
Ultimately, one needs to recognise there isn’t a single system that can address all your security needs. Microsoft has provided a pathway for customers to consolidate their systems, save money and enhance their security in a meaningful way. It’s useful to remember that when it comes to security, it’s not about making yourself impenetrable, rather making yourself look less appealing than your less secure (and more tasty) neighbour.
Attacks are economic decisions: does the target justify the investment of effort to achieve the predicted return? Your job is not necessarily to be the leader of the pack, but to absolutely not be in the bottom. And as a company gains more and more success and notoriety, it also attracts increased unwanted attention.
But the good news is this – M365 has a little bit of something for everyone in that regard. Logical entry and exit points for companies in all stages of development. So the only question left is – “where are we and what should I do from here?”
