a close up of a logo

Five things we learnt from the Security and Compliance Summit

Sian  John

Sian John

Chief Security Advisor

Read Time, 3 min.

On November 4th 2020, Microsoft Western Europe hosted its first Security and Compliance Summit.

Experts and Security Blackbelts from across Microsoft, including the Detection and Response Team and the Digital Crimes Unit, came together virtually to share perspectives on the latest security, compliance and privacy challenges that seek to compromise the modern workplace – a topic of growing importance as organizations across the world recover from disruption and adjust to a new normal.

Hosted by Sian John MBE, Microsoft’s EMEA Director of Cybersecurity Strategy, the Security Summit explored the crucial issues organizations and security professionals face today, looking at emerging trends in cybersecurity, securing a workforce in a remote working world, insider risks and how to manage them, and so much more.

Below are just some of the key takeaways from the event. And you can watch all the sessions from the summit on demand here.

1. Security and compliance are a shared responsibility

As a business and an employer, there is a responsibility to know exactly what happens to your data – where it is, why you have it, and who can access it, as well as the potential consequences if there is a breach.

Remote work adds a level of complexity – employees may be using personal devices and unsecure applications beyond the trusted network perimeters. That’s why knowledge is key, to understand the risk, the potential impact of a compromise, and how to avoid it.

Technology can ensure controls are in place and make the necessary risk assessments, but it’s a joint responsibility to make sure your organization remains compliant.

2. Security starts with identity

Over recent years there has been a shift in the security mindset, from a network mentality (assuming an individual is secure because they’re in the four walls of a trusted network) to identity – securing organizations and controlling access based on the individual.

It’s important this is done in a way that doesn’t limit an employee’s usability or productivity. Multi-Factor Authentication is a good place to start – the single, most impactful tool to protect against account compromise, while still giving employees seamless access to all apps with single sign-on, from any location or device.

3. Automation can help to minimize ‘alert fatigue’

At the Summit, Simon Gardiner from Microsoft’s Detection and Response Team (DART) encouraged security professionals to be honest about their capacity, and to say when they’re feeling stressed. In reality, monitoring and protecting an organization from security incidents is not an easy task; it takes unparalleled attention, commitment and sometimes availability around the clock.

Technology and automation can play a significant role in reducing this pressure on security teams. If you’ve noticed something abnormal once or twice, leverage automation so that the third time it happens it’s reported, instead of hunted for. Automation frees humans up to do what technology cannot – act with intuition.

4. A new security mindset demands a culture change

Security and compliance doesn’t just impact the team who put the controls in place, it impacts every employee and every output. Security should be viewed as a power shift for a business, and this requires dedicated change management.

Roger Halbheer, Chief Security Advisor at Microsoft, highlighted an interesting perspective about breaking down silos: ‘When you start to align to the business, you start to judge success of the security consultants by business project success’.

5. Complexity is the biggest barrier to security

Before going into deploying advanced measures, it’s crucially important to master the basics. As outlined by Simon Gardiner, enable Multi-Factor Authentication, make sure your VPN solutions are protected, look at when your back-up was last online and tested.

Sandra Elvin and Jim Eckart, recent executive hires and previous CSOs at H&M and Coca-Cola respectively, agreed simplification can strengthen an organization’s security posture. The more security solutions implemented, the harder they become to orchestrate, and a fully-integrated technology stack can ensure that nothing falls through the gaps.

Watch the full summit on demand here.

 

Safeguarding digital privacy

Discover the 5 ways to increase trust and empower people in our latest eBook, Safeguarding digital privacy

Discover more related articles per industry:

Education

Government

Healthcare

Manufacturing

  • Etex

    Etex uses modern tools to unite its business and better focus on customers

    When it comes to construction, all components must come together in a timely manner in order to produce the optimum product. While Etex, a Belgian building solution manufacturing company, helps make this a reality on a day-to-day basis, it wanted to find a way to enhance productivity and collaboration internally. With locations across more than […]

  • Mais on a sunny day

    COFCO International: How cloud technologies ensured business continuity during challenging times

    “I have worked at COFCO for 12 years, always in an office. But I have spent the last 63 days working from home.” Marcus Seelbach, Chief HR Officer at global agribusiness COFCO International, is talking from his home via video call about the transition he and all his colleagues have undergone since COVID-19 led to the closure of the company’s offices worldwide. “But thanks to the preparation and […]

Retail

  • HeadBrands is ready for the future with Microsoft 365 Business

    HeadBrands is ready for the future with Microsoft 365 Business

    Since its creation in 2010, HeadBrands has continued to grow, rapidly becoming the leading retailer of hairdressing products in Scandinavia. HeadBrands needed a modern IT solution to increase its business productivity and improve collaboration, both within the company and externally. Its response to this challenge was to replace most of its previous services with Microsoft […]

  • GDPR and Retail: Four GDPR requirements and how Microsoft can help

    GDPR and Retail: Four GDPR requirements and how Microsoft can help

    Learn how we can help you meet GDPR requirements with solutions available today: Assessing your current risk profile “How do I understand where I am already compliant and where I need to focus next?” This is one of the most common questions from retailers in regard to the GDPR. It’s also one of the hardest to […]

Discover more related articles per dossier:

Customer Stories

  • a group of people performing on stage in front of a crowd

    City of Liège: Facilitating decision making in difficult times

    For many organizations, social-distancing measures brought about by COVID-19 have drastically slowed day-to-day operations – and for some, even stopped them altogether. But for local governments across Europe, like the Belgian city of Liège, slowing down hasn’t been an option.  From supporting citizens and businesses to protecting frontline workers, Liège city had to quickly provide stability during this crisis and ensure important decisions could still be made in a democratic […]

Digital Transformation

Security & Privacy

  • 2 women working on a Microsoft Surface

    Why data governance matters in going beyond GDPR compliance

    For organisations that are impacted by the General Data Protection Regulation (GDPR), protecting the privacy of individuals is no longer just good business practice; it’s a legal obligation. So, how do you implement an effective data governance program that is proactive, reactive and future-proofs data security? Data governance is not only about GDPR Data is […]

Tips

  • a group of people sitting at a table

    A single collaboration hub to help sales soar

    Do you know Microsoft’s secret to sales success? Collaboration. It’s at the heart of its culture and solutions. Today, companies investing in teamwork are five times more likely to be high-performing, so collaboration could be the difference between profit and loss. When compared to five years ago, an average information worker spends 50% more time […]