Illuminating Dark Data: Microsoft Compliance Workshop

Jeremy Wittkop, CTO

01.26.2021

In recent years, cybersecurity professionals have become increasingly overwhelmed by the challenges of keeping up with compliance. High-profile regulatory requirements modeled on data security standards such as GDPR and CCPA have increased the stakes. The complexity of information security risk management has also increased. And organizations have accelerated digital transformation and cloud-based operations. Information security leaders have come face to face with a stark reality:

They don’t know where all their data is. And that means they can’t protect it.

Across your business landscape, your organization accumulates, uses, stores, and shares enormous volumes of data. That datamay or may not be tracked and protected. The challenge is compounded by a range of factors such as:

To establish and maintain data security and compliance, you must first know what data you have, where it is, how it’s being used, and where it might be at risk.

Fortunately, we can help you illuminate that dark data—and bring it under your information security compliance umbrella. If, like many organizations, you have a Microsoft enterprise license, you can gain a solid understanding of all this information from a consultative engagement called the Microsoft Compliance Workshop: Data Risk Management.

Security Risk Management Starts with Your Dark Data

If you have Microsoft E5 license—or are considering one—you may be aware of the tools in the Microsoft data loss prevention (DLP) and Microsoft Compliance Center portfolio. Microsoft has invested significantly in these tools, providing increasingly robust and useful solutions. However, it’s not always easy to map out how they are interrelated and where you might have overlap—or gaps—in your data security compliance efforts.

To gain that understanding, you need to take a step back.

The Microsoft-created and approved Compliance Workshop: Data Risk Management provides the vital first step of uncovering hidden compliance risks. This workshop is a focused engagement that provides a deep analysis of your current data—where it is, how it’s used, what data is not used, and the state of your data risk.

It’s hard to overstate the value of this level of understanding. According to an IBM study, in 2018 more than 80% of all data was dark. That level rose to 93% in 2020. The investment your company might make in a consultative upfront risk analysis is modest. And for some organizations, it may be something that can be funded through Microsoft’s End Customer Investment Funds (ECIF) program, if those funds are available to them.

Because Microsoft strongly encourages its customers to take advantage of this workshop, they provide a great deal of assistance to help you utilize it. That includes connecting you with a certified, qualified data security partner like InteliSecure.

Because InteliSecure specializes in data security, we are uniquely positioned to provide this workshop regardless of whether your organization is currently invested in using Microsoft Compliance solutions.

Let’s take a look at what the workshop will do for you.

A Targeted Framework for Understanding Information Security Risk

The Microsoft Compliance Workshop: Data Risk Management is a highly practical and focused engagement. The scope of work takes place over a 3-4-week period, with 2-3 days devoted to deep dives with your information security team.

Discovery

We understand that each organization has different goals and objectives for leveraging the products included in the Microsoft Compliance portfolio. Understanding your goals helps us tailor the engagement to your business requirements.

We conduct a session with your team to learn about your organization’s strategic objectives, influences, and priorities for compliance. InteliSecure has a rich history with a variety of solutions in the disciplines that make up the Microsoft Compliance suite. Unlike most Microsoft partners, we can help you understand where Microsoft fits with your existing investments and help you evaluate consolidation opportunities from a vendor-neutral perspective. We will also share the Microsoft Rapid Compliance Evaluation and Roadmap tool with your team.

As we engage with your team, we also conduct a Microsoft Compliance Overview. This helpful introduction to Microsoft’s approach to compliance consists of:

  • A review of the Microsoft Compliance vision and strategy
  • An introduction to Microsoft 365 Compliance products and services
  • Discussion of the benefits of integrated compliance

If you have any questions about your current licensing, we can discuss what entitlements you have and how they relate to the discussions we have had in the workshop.

Data Risk Check

At the outset of our discovery phase, we set up and run a Data Risk Check. This is a two-week automated discovery exercise that illuminates dark data and finds compliance risks in your organizational data. We also enable services for automated discovery and configure the policies and settings to ensure the search is relevant to your business.

During this phase, as we discover and categorize risks, we work closely with your team to help them learn how to use the tools that you have access to. At the conclusion of the Data Risk Check, we analyze the findings and report on the discovery process.

Customer Immersion Experience

To help your team dive deeper into Microsoft’s compliance approach, we create an experience that demonstrates how Microsoft solutions work together to bring unique capabilities to bear for your organization. We discuss the end user experience, walk through core compliance scenarios together, and show how technologies complement each other.

New and updated scenarios are published and added regularly, so you can be sure you are experiencing the best and latest of what Microsoft has to offer.

Guidance for Implementation

Finally, we provide next steps. We review the outcomes of each of the previous steps and provide a recommended plan for data protection, compliance, and data security risk management.

Immediate Benefits to Jump Start Information Security Risk Management

If you already have a Microsoft E5 license, your company leadership may be eager for you to make better use of the Microsoft Compliance tools at your disposal. As a qualified Microsoft Partner, InteliSecure can help you reach that goal.

Some organizations may want to conduct this workshop before purchasing a Microsoft Compliance package. In that case, InteliSecure can also offer similar workshops on a vendor-neutral, independent basis to allow you to compare the Microsoft Compliance portfolio with offerings from other leading information security technology providers.

Regardless of where you’re starting, this workshop engagement offers targeted, practical benefits:

  • Understand your dark data risks—You’ll learn the risks associated with dark data, where your existing data resides and is used, and how to help mitigate those risks using Microsoft technologies.
  • Illuminate your data environment—You’ll see the results of our data risk check and the associated compliance risks that we identified.
  • Mitigation education: Your team will learn about tools in the Microsoft suite that can help mitigate your risks—and meet your compliance objectives.
  • A clear path forward—Through specific recommendations and actionable next steps, you’ll have a roadmap to effective data protection program.

The best part is you’re not on your own from there. As part of our plan, we’ll detail how InteliSecure and Microsoft can work with you to maximize your investment in the tools you have—and simplify your data protection program.

Evaluating Your Data Protection Options?

Are you a long-time Microsoft security customer, a new Microsoft security customer, or a simply trying to evaluate the security and compliance landscape? InteliSecure should be your trusted partner. As a vendor-neutral provider, we work for you, not the technology vendors we represent. With our unparalleled expertise in the space, you can be sure you are receiving expert advice and insight you can’t get anywhere else.

Contact us to start the conversation.