Case Study: Microsoft IP & G

by

Key Drivers & Business Outcomes

Actively protecting data and information is a crucial activity for companies. Consolidating vendors and utilizing the tools you already have is a key step toward achieving this goal and one that many protection programs are lacking. This was the case for a Canadian Consumer Product Distributor with a desire to leverage a single vendor for design, deployment, and operations. Their existing solution was nearing the license renewal date, which created the urgency to act now. In addition, the distributor was soon approaching regulatory and audit requirements that put intense timing pressures on their team.

The company faced many challenges including, their lack of budget for security. Difenda was able to overcome this challenge by leveraging integration and automation processes that reduce internal efforts and eliminate the need to hire new members. Following deployment, the people, processes, and technologies were aligned with compliance requirements. Not only that, but these processes steam-lined their overall GRC operations. Along with this, new strategic and tactical KPI reporting capabilities for the CISO and compliance manager were added. All of these key implementations increased the ability to handle and control data-at-rest both inside and outside of the organization.

After the rollout was completed, the Product Distributor faced an insider risk attack. With their new capabilities, the company was able to leverage their tools for a forensic investigation, identify the attacker and make appropriate remediations.

Customer Situation

Following a security posture assessment, Difenda found that the customer had no internal team or systems dedicated to security. To address this, Difenda assisted in the design, deployment, and management of several Microsoft tools. The company had already invested in the Microsoft E5 licensing so Difenda also helped leverage and maximize this license in order to strengthen the foundation they laid.

Solution

The Canadian Product Distributor worked with Difenda for the design, deployment, and operationalization of Microsoft IP&G. To do this, they leveraged several Difenda C3 delivery teams, including GRC Advisory services for policy and standard refinement, Microsoft Advisory services for M365 Purview control design and deployment, and our Security Operations services for 24x7x365 monitoring of information protection alerts. Difenda worked closely with the company’s business units, including IT, IT Security and Privacy teams, to develop policies, procedures, and user training in advance of solution implementation. All of this was accomplished leveraging existing customer owned Microsoft licensing, resulting in a cost effective and operationally sustainable IP&G solution.

Our Microsoft Security Services