Written by Rob Quickenden, Cisilion’s Chief Technology Officer,
with quotes from Rowland Hills, Leithwaite’s Chief Operating Officer, Jas Bassi, Gately’s Head of Solutions Delivery, Paul Clark, L&Q’s Director of Enterprise Services and Security, José Lázaro Pinos, Microsoft’s Security Architect, Alex Taylor, Awin’s Group IT Director, Lee Phipps, East Riding of Yorkshire Council’s Strategic Enterprise Architect & Mudassar Ulhaq, Waverton Investment Management’s CIO.
Microsoft claims to handle, process and act upon more than forty-three trillion daily threat signals.
This blog, however, does not go into the specific features and security across Microsoft 365 and Azure but instead explores the fact that despite the extensive array of security services, tools, and products that Microsoft offer, Microsoft report that only about a quarter of their customers are actively using the core security products they’ve invested in.
Only about a quarter of our customers are actively using the core Microsoft security products that they have invested in.
Microsoft (& Forrester)
This of course can mean that organisations might:
- Have unnecessary security gaps, protection weaknesses and risk exposure
- Be wasting money (through Microsoft protection services bought but not enabled)
- Be buying twice (or more) through duplicate tools and services.
- Have a more complex protection strategy than is necessary
- Not be aware of Microsoft’s comprehensive multi-cloud security offerings
This blog shares some of the collective thoughts, and discussions I had with my customer advisory panel in our September Fireside Chat which focussed on the pros, cons, questions, and concerns around embracing the end-to-end protection across Microsoft 365 and beyond vs using point products and third-party security add-ons.
I’ve also included some (hopefully) valuable links and content at the end of this blog.
If you’d rather watch/listen to the show, you can find the VOD here.
Here’s a summary of the discussion points from my recent Fireside Chat.
1. Microsoft Security – What is in the SKU?
Speaking to the panel on my recent Fireside Chat, I believe that most organisations don’t know enough about the breadth and depth of the Microsoft 365 Security Stack they have bought and invested in.
We use a variety of Microsoft 365 licenses but need a better understanding of what is included, and what we might be missing by not investing and adopting the wider Microsoft 365 E5.
Rowland Hills | COO | Leathwaite Human Capital Limited
This is due, in part, to the constant change, enhancements and investment [$4b a year in R&D] concerning the changing threat landscape and the depth and breadth of tools available within Microsoft 365 E5. Add to this the renaming of Microsoft products (they do far too much IMO).
There’s a plethora of tools within the Microsoft 365 E5 licence. Understanding what those tools do, what is included, what they can replace and how they fit together is the biggest challenge for us. The stack is constantly changing, and new products are added or renamed so it is hard to keep up.
Jas Bassi | Head of Solutions Delivery | Gately Legal
2. Does having too many different security vendors lead to unnecessary complexity?
The Cyber Security market is huge. In a recent KPMG survey of 500 CEOs, 18% said that cyber security When I was first an IT consultant in the early noughties, security was always about having strong passwords and the best “black box device” to protect on-premises stuff! Be it, firewalls, mail security, web filters, VPN, IPS etc that protect aspects of an organisation’s internal network or Data Centre environment.
The average organisation has over seventy security products from thirty-five different vendors.
Gartner | 2021
As the world has, and continues to shift to a perimeter-less, multi-cloud and distributed workforce (with home working creating thousands of “offices of one”), many organisations now struggle with not only the ever-expanding threat landscape and increasing talent shortage, but the growing number of vendor solutions, their associated mounting costs, cross over of product, and features.
In a world of highly distributed data and disappearing perimeters, today’s enterprises are struggling not only with the expanding threat landscape but the growing solutions landscape and their associated complexity and mounting costs.
Complexity is the new enemy, meaning that silos and multi-vendor point products are the banes of Security Operations. Not only are they costly, but their features also overlap, they don’t necessarily integrate and in most cases, there is no single pane of glass or “intelligence” across the platforms.
This not only causes complexity and cost but above all do not provide a holistic view of security and threats across their organisation without the use of yet more expensive tools and connectors into a SEIM platform.
We see this quite often with our customers too – particularly in the case where Microsoft 365 has been organically deployed. We often see that customers, whilst heavily invested in Microsoft 365 continue to invest and use a plethora of third-party tools and thus are not realising the true value and protection of the extensive and integrated Microsoft 365 Security Suite.
This is not just about cost either. Having too many tools addressing point solutions, combined with no holistic view of security can cause too much “noise” and alerts meaning real potential threats are ignored or get lost. This is the primary reason Microsoft cite why “only one-quarter of their customers are actively using the core security products they’ve purchased“.
As well as the advantages of a joined-up and integrated security portfolio, any organisation that has, or is embracing the Microsoft Cloud, can recognise cost savings of over 52% and see an ROI of 92% (according to Microsoft & Gartner) by adopting the vast array of security services within their Microsoft 365 subscription and/or by displacing legacy point products.
Organisations can typically save 52% on their security by using Microsoft 365 E5 Security compared to point products and solutions.
2021 Microsoft Zero Trust Solutions – Total Economic Value Report
“In my opinion” Microsoft Security is world-class, it doesn’t have to be this way though, and once there is joint awareness, understanding and trust in the Microsoft security portfolio – this complexity and silo approach to security can be a thing of the past.
Microsoft (as an end-to-end security provider) would say that Microsoft can secure and protect the entire digital footprint for every enterprise customer, however, the reality is for any organisation that has, or is embracing Microsoft Cloud, significant cost advantages (>52% according to Microsoft & Gartner) can be achieved in security alone by enabling the services they have bought and displacing all or most of their legacy point security products.
Joining us on the Fireside chat this month was Jose Lazaro Pinos, a Security Architect at Microsoft. He said:
Our solutions deliver comprehensive protection across your entire digital estate – Identity, Data, Apps, Endpoints, and Infrastructure Network. Where we differentiate is that security is built into our products rather than bolted on. We have a building block approach to security and compliance and provide protection in over fifty security categories. We are investing $20b in security over the next 5 years.
Jose Lazaro Pinos | Security Architect | Microsoft
Many of the clients we work with are onboard and committed to leveraging Microsoft Cloud and Microsoft Security across the board. This extends beyond basic hygiene services such as Azure AD, Conditional Access, Identity Protection and Privilege Identity Management, into the more advanced compliance and protection services such as Defender for Office 365, Identity and Endpoint, DLP and Purview (formerly Microsoft Information Protection) for compliance and data protection and Sentinel for SEIM and XDR.
We use Microsoft Security for most things. We also use Microsoft Information Protection and DLP and were an early adopter of Azure Sentinel.
Paul Clark | Director Security & Services | London & Quadrant Housing
L&Q, like many organisations, have a hugely diverse workforce and the tight integration of Microsoft Security products has enabled them to have confidence that their employees, devices, and data are well protected wherever they are. Paul also said in the chat, that the Exec board are on-top of Security and it’s very much front and centre so Paul and his team need to top of their game and try to ensure they continue to get value from the new things coming to Microsoft Security is top of mind and again enforces what we hear about point one above.
The Microsoft ecosystem is our primary security stack, but if the business is not educated and engaged, it can be easy to be sold multiple products that overlap or do the same thing. We have the drive to consolidate where we can with Microsoft 365.
Alex Taylor | Group IT Director | AWIN
3. What are the downsides of a single-vendor approach?
In short, the consensus from the panel was “probably none” – not anymore.
Go back just 5 years and I’d say most IT and security teams had a negative (or empty) view of Microsoft as a “security company”. Even as their reputation improved, it was still commonplace to see many organisations, that were accepting of just how extensive Microsoft’s security offering has become, still question “what if one vendor gets compromised, you need protection from the other vendor that hadn’t been compromised“.
Our security team used to preference a multi-vendor approach, but the benefits of a single vendor approach are recognised – a single pane of glass, consolidated reporting, and joined-up protection across the digital estate.
Lee Phipps | Strategic Enterprise Architect | East Riding of Yorkshire Council
More recently, this view is changing, as my customer panel confirmed. Zero Trust is all about defence in depth and having multiple layers of protection. The key principle is not necessarily about a single or multi-vendor, but more important is the need for seamless join-up and integration between the service layers – whether this is a mix of vendor products connected via API-driven integration into a SEIM, or the integration and consistency (which is key) through using a joined-up suite of products which provides multi-layer protection.
It’s critical of course that whatever you use can see and protect all your applications, services and infrastructure including services which sit outside the Microsoft Cloud.
Zero Trust Security Architecture
Previously we used to use third-party multi-vendor products for monitoring and DLP, but we took the decision to remove these and move them to Microsoft and configure the ruleset in Azure Sentinel to give us a seamless view and dashboard.
Mudassar Ulhaq | CIO| Waverton Investment Management
The panel also agreed that managing multiple security tools creates an unnecessary workload for their IT and SecOps team as they have multiple product dashboards to check and consolidate and the terminology signals don’t always align.
Rowland Hills said that the reality here is that for any smaller business, where you are struggling to have a couple of people in IT and in which case have one or sometimes no dedicated security person. The impact of attack of course is no different no matter how big or small you are, but one of the things about leveraging the cloud for security means that the smallest or largest organisations benefit from the power of Microsoft Cloud which has some impressive threat protection stats (which they asked me to share).
(c) Microsoft -43Trillion daily threat signals include data seen through Risk IQ acquisition
4. Microsoft Security On-Ramp – where to start
Firstly, you don’t have to spend loads of money to get some increased awareness – you can work with your Microsoft Cloud Security partner and/or leverage some of the free tools, assessments, workshops, and training available to you as a Microsoft 365 customer.
Collaborate to Share Best Practices
We also find more recently that organisations are starting to form security alliances where they share best practice methodologies, observations and even training and workshops with their peers in similar organisations.
We work with other housing associations in a collective intelligence forum where we share information about cyber awareness and best practices and if any of us have an issue, we have others to lean in and help each other out.
Paul Clark | London & Quadrant Housing
This can be a great way to reduce the burden on stretched IT resources as well as reduce costs when they are paying for or attending security assessments and workshops, much in the same way we do with our customer panel on our monthly Fireside Chats.
Do it yourself with Microsoft Secure Score
Microsoft Secure Score enables your IT or Security Operations team to review, score and benchmark your organisation’s security posture. Secure Score works by representing your security metric across the entire digital estate irrespective of whether you’re using Microsoft or third-party tools.
Secure Score does four things:
- Provides a tool to help you assess the state of your security posture across identity, devices, information, apps, and infrastructure. You can also benchmark your organisation’s status over time and compare it to other organisations.
- Evaluate each recommendation using embedded guidance to determine which vectors of attack are a priority and how they can be mitigated. Can also be used to help identify and add improvement actions to your posture improvement plan.
- Help determine potential user impact using integrated workflow capabilities and identify the procedures necessary to implement each recommendation in your environment.
- Use historical reports to track and maintain progress, identify regressions, and report to leadership teams. Using measurable data, clearly demonstrate the progress you’re making to better secure your environment.
Microsoft Secure Score(r)
Leverage Free* Cloud Security Workshops
Cisilion are one of a handful of trusted Microsoft Cloud Security partners that can deliver free (*funded – subject to approval by Microsoft) workshops, threat assessments and awareness workshops to help organisations understand, test drive, and prove the value of Microsoft Security whether they have already invested int he product suites or not.
These provide an overview, deep dive, and hands-on exposure to help you understand key areas and aspects of key areas of threat protection including:
- Securing corporate identities and access
- Defending against threats with SEIM plus XDR
- Securing Azure and multi-cloud environments
- Mitigating compliance and privacy risks including “insider risk”
- Protect and govern sensitive data
- Defence and visibility in depth with Azure Sentinel
- Securing the endpoint
We have created a short guide to the funded workshops. To register for one of these, speak to us, contact us, or get a referral to Cisilion from your friendly Microsoft Account Team.
Microsoft Fast Track Services
All paying Microsoft 365 commercial and public sector organisations will have entitlement to Microsoft Fast Track Services. This is a free consultative and guidance service delivered by Microsoft or their trusted Fast Track partners and provides free guidance and assistance for the enablement and adoption of Microsoft Cloud Technology.