Staying productive and secure when using Microsoft 365
Co-authored by Andy Baines and John Ellis
Ensuring access to a secure digital workplace
Medieval kings protected themselves from attackers with walls that were wide, high, stone and wrapped around their castle – and many are still standing today. More than a thousand years later, businesses have been following this model when it comes to protecting their business and employees. However, with the move to cloud and the digital workplace, it‘s no longer possible to ensure your business is operating within the high stone wall, and as such you need a new approach to security and compliance for your modern workplace to enable your business and employees alike.
This was the thinking behind the security features of Microsoft 365.
Organizations needed a solution that could cover the majority of security functionality in one fell swoop. The M365 portfolio does this by grouping security functionality into four key areas that can be integrated. These are identity and access management, threat protection, data protection, and security management.
The use of M365 security controls puts businesses in a position where they can be proactive rather than reactive when it comes to cybersecurity management. The integrated components improve security posture visualization, clarity of information, and enable automation.
The M365 portfolio can also be tailored to meet specific requirements with additional overlay security controls. This makes it adaptable to any business in any sector.
Safety drives productivity
A huge productivity drain, when it comes to cybersecurity, is time. Updates to security traditionally mean downtime to your system, and countless passwords can mean it takes considerable time for users to log in. Added to this is the time needed to digest all the security and compliance information necessary to ensure your organization remains safe.
Thankfully, Microsoft has designed the M365 portfolio to have minimal impact on end users’ working practices.
M365 can issue prompts and warnings to users when their activities may result in a security incident, for example as a result of them sending a sensitive internal document to an external recipient.
It’s these improvements to the user’s employee experience that significantly reduces the chances of a security incident impacting productivity.
Secure remote working – ensuring resilience in hard times
A lot of people have had to take up remote working quickly. Accessing systems outside the office can be a risk. So, security systems need to be able to react as quickly as possible to unplanned threats.
Dealing with this can be challenging and time consuming for everyone. But there are three practices that can help businesses using M365 to transition their operations to remote locations while retaining productivity:
Firstly, conduct ongoing risk management assessments. This means you’ll be able to deal with potential future security loopholes which will help you to decide which M365 controls you need to focus on.
Secondly, audit and follow the appropriate processes. By knowing exactly what processes you have and how they should be carried out, you’re leaving no room for risky interpretations.
Lastly, rehearse your businesses response to a security breach. You’ll never know how strong your curtain wall is until you test it.
By having these practices in place, your business can tackle security concerns or breaches from the onset. This reduces the amount of time you would have spent dealing with the issue, had the problem been left to grow.
Microsoft 365 best practice
At Fujitsu, we’ve been working with Microsoft to support customers in using M365 effectively.
Of course, some actions within M365 security will take longer to conduct, like the auditing and assessments discussed above. But there are also smaller practices that can make a huge amount of difference and also reduce time spent on security long-term.
- Base your M365 security on business requirements, not technical capabilities: as your requirements change, ensure your policies continue to align.
- Take action: auditing and assessments are a great way of gaining insight but it’ll be worthless if you don’t act upon what you learn.
- Have processes in place to manage incidents: M365 provides significant amounts of security information, don’t let identified security incidents slip under the radar.
- Understand the functionalities available to you: this is often overlooked, so make sure you’re making the most out of your investment.
Ultimately, the M365 portfolio has been designed for quality protection and user experience. However, the risks cyber attackers pose are constantly changing, and to ensure your M365 portfolio can stand up to this it’s important to use it in the most efficient way possible.
Spending time on what may feel like non-essential security warnings from your M365 may feel frustrating or a waste of time. But by acting as soon as possible, you can nip potential threats in the bud.
Because ultimately, it takes a lot longer to rebuild a wall than it does to bolster it.