Security Foundations Data: Assessment and Implementation

Is your confidential business data well protected? Similar to how you protect your physical assets, email security measures are like putting a gate around your property, identity security measures are like placing a smart lock at the front door of your house, and data security is like placing a geotag on your valuables.

This engagement will focus on your data security, one of the foundations of cybersecurity in any organization. In today's ever-evolving landscape of cyber threats, strengthening data security practices is paramount for organizations to safeguard their assets and sensitive information.

By applying the appropriate controls, we can help you to evaluate your data security framework using industry best practices and streamlined security controls. The goal is to mitigate common security risks related to data security within Microsoft 365 and to apply security controls to safeguard data that lives in your Microsoft tenant.

The engagement will include a discovery phase and an implementation phase.

With our expertise and guidance, we will discover the sensitive data in your environment including data at rest and data in transit.

For data at rest, we will:

• Scan existing data that contain sensitive information types such as Financial, Medical and Health, Privacy, and custom sensitive information that relate to the organization.
• Discover data that is stored in the Microsoft 365 tenant and analyze it for the presence of artifacts that may impose data security risks to the organization.

For data in transit, we will:

• Create Data Loss Prevention (DLP) policies in audit mode to report on data containing sensitive items while in transit (e.g. shared via Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams).
• Run the DLP audit for up to 2 weeks to capture what sensitive information is being shared.

After the scans and audits are completed, we will identify and document the recommended security controls for your review. Once you approve the security controls, we will move to the implementation phase.

The implementation phase will include deploying the data security controls based on the findings and discussions from the discovery phase.

To configure SharePoint Online and OneDrive for Business sharing settings, we will:

• Disable Anonymous link usage.
• Change default sharing permissions from allowing editing to view only.
• Disable allowing guests to share items they don’t own.

We will configure Data Lifecycle\Retention Policies for Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams to store data within the Microsoft tenant for a specific period in an event of accidental or malicious data deletion or modification.

We will configure Data Loss Prevention policies for Exchange Online, SharePoint Online, and OneDrive for Business to monitor and prevent the unauthorized transmission or sharing of sensitive information, ensuring compliance with regulatory requirements and safeguarding critical data assets from inadvertent or malicious exposure.

In addition, we will disable 'third-party storage services' in 'Microsoft 365 on the web' and disable additional storage providers are restricted in Outlook on the web.

Price may vary depending on the complexity and scope of your engagement.