{"id":450145,"date":"2021-03-01T15:00:03","date_gmt":"2021-03-01T14:00:03","guid":{"rendered":"https:\/\/pulse.microsoft.com\/?p=450145"},"modified":"2021-02-26T18:01:00","modified_gmt":"2021-02-26T17:01:00","slug":"fa2-five-things-we-learnt-from-the-security-and-compliance-summit","status":"publish","type":"post","link":"https:\/\/pulse.microsoft.com\/en\/work-productivity-en\/na\/fa2-five-things-we-learnt-from-the-security-and-compliance-summit\/","title":{"rendered":"Five things we learnt from the Security and Compliance Summit"},"content":{"rendered":"<h2>On November 4<sup>th<\/sup> 2020, Microsoft Western Europe hosted its first <strong>Security and Compliance Summit<\/strong>.<\/h2>\n<p>Experts and Security Blackbelts from across Microsoft, including the Detection and Response Team and the Digital Crimes Unit, came together virtually to share perspectives on the latest security, compliance and privacy challenges that seek to compromise the modern workplace \u2013 a topic of growing importance as organizations across the world recover from disruption and adjust to a new normal.<\/p>\n<p>Hosted by Sian John MBE, Microsoft\u2019s EMEA Director of Cybersecurity Strategy, the Security Summit explored the crucial issues organizations and security professionals face today, looking at emerging trends in cybersecurity, securing a workforce in a remote working world, insider risks and how to manage them, and so much more.<\/p>\n<p>Below are just some of the key takeaways from the event. And you can watch all the sessions from the summit <a href=\"https:\/\/info.microsoft.com\/WE-SCRTY-WBNR-FY21-11Nov-04-VirtualSecurityandComplianceSummit-SRDEM43541_LP02OnDemandRegistration-ForminBody.html\"><strong>on demand here<\/strong>.<\/a><\/p>\n<h2>1. Security and compliance are a shared responsibility<\/h2>\n<p>As a business and an employer, there is a responsibility to know\u00a0exactly\u00a0what happens to your data \u2013 where it is, why you have it, and who can access it, as well as the potential consequences if there is a breach.<\/p>\n<p>Remote work adds a level of complexity \u2013 employees may be using personal devices and unsecure applications beyond the trusted network perimeters. That\u2019s why knowledge is key, to understand the risk, the potential impact of a compromise, and how to avoid it.<\/p>\n<p>Technology can ensure controls are in place and make the necessary risk assessments, but it\u2019s a joint responsibility to make sure your organization remains compliant.<\/p>\n<h2>2. Security starts with identity<\/h2>\n<p>Over recent years there has been a shift in the security mindset, from a network mentality (assuming an individual is secure because they\u2019re in the four walls of a trusted network) to identity \u2013 securing organizations and controlling access based on the individual.<\/p>\n<p>It\u2019s important this is done in a way that doesn\u2019t limit an employee\u2019s usability or productivity. Multi-Factor Authentication is a good place to start \u2013 the single, most impactful tool to protect against account compromise, while still giving employees seamless access to all apps with single sign-on, from any location or device.<\/p>\n<h2>3. Automation can help to minimize \u2018alert fatigue\u2019<\/h2>\n<p>At the Summit, Simon Gardiner from Microsoft\u2019s Detection and Response Team (DART) encouraged security professionals to be honest about their capacity, and to say when they\u2019re feeling stressed. In reality, monitoring and protecting an organization from security incidents is not an easy task; it takes unparalleled attention, commitment and sometimes availability around the clock.<\/p>\n<p>Technology and automation can play a significant role in reducing this pressure on security teams. If you\u2019ve noticed something abnormal once or twice, leverage automation so that the third time it happens it\u2019s reported, instead of hunted for.\u00a0Automation frees humans up to do what technology cannot \u2013 act with intuition.<\/p>\n<h2>4. A new security mindset demands a culture change<\/h2>\n<p>Security and compliance doesn\u2019t just impact the team who put the controls in place, it impacts every employee and every output. Security should be viewed as a power shift for a business, and this requires dedicated change management.<\/p>\n<p>Roger Halbheer, Chief Security Advisor at Microsoft, highlighted an interesting perspective about breaking down silos: \u2018When you start to align to the business, you start to judge success of the security consultants by business project success\u2019.<\/p>\n<h2>5. Complexity is the biggest barrier to security<\/h2>\n<p>Before going into deploying advanced measures, it\u2019s crucially important to master the basics. As outlined by Simon Gardiner, enable Multi-Factor Authentication, make sure your VPN solutions are protected, look at when your back-up was last online and tested.<\/p>\n<p>Sandra Elvin and Jim Eckart, recent executive hires and previous CSOs at H&amp;M and Coca-Cola respectively, agreed simplification can strengthen an organization\u2019s security posture. The more security solutions implemented, the harder they become to orchestrate, and a fully-integrated technology stack can ensure that nothing falls through the gaps.<\/p>\n<p>Watch the full summit <a href=\"https:\/\/info.microsoft.com\/WE-SCRTY-WBNR-FY21-11Nov-04-VirtualSecurityandComplianceSummit-SRDEM43541_LP02OnDemandRegistration-ForminBody.html\"><strong>on demand here<\/strong>.<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On November 4th 2020, Microsoft Western Europe hosted its first Security and Compliance Summit. Experts and Security Blackbelts from across Microsoft, including the Detection and Response Team and the Digital Crimes Unit, came together virtually to share perspectives on the latest security, compliance and privacy challenges that seek to compromise the modern workplace \u2013 a [&hellip;]<\/p>\n","protected":false},"author":730,"featured_media":373838,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1829],"class_list":["post-450145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-privacy-en","specials-work-productivity-en","stories-how-can-i-work-secure","stories-working-secure-en","businessPriorities-modern-workplace"],"_links":{"self":[{"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/posts\/450145"}],"collection":[{"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/users\/730"}],"replies":[{"embeddable":true,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/comments?post=450145"}],"version-history":[{"count":7,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/posts\/450145\/revisions"}],"predecessor-version":[{"id":452443,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/posts\/450145\/revisions\/452443"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/media\/373838"}],"wp:attachment":[{"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/media?parent=450145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pulse.microsoft.com\/en\/wp-json\/wp\/v2\/categories?post=450145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}