What are security assessments and what makes them such a powerful tool?

The threat landscape evolves too quickly for any single cybersecurity professional or team to track, and many organisations find it difficult to know where to begin. Kate McKay, Senior Security Consultant at UNIFY Solutions, discusses the role and power of security assessments and workshops, including Microsoft’s Threat Check and Secure Score offerings.

Before anything else, in order to strengthen your security you have to know what you’re dealing with. That’s where security assessments come in. Through a combination of different approaches, we work with businesses of every standing to first understand their current position and then improve their posture.

In my role as Senior Security Consultant, I focus primarily on Cloud Security – particularly the Microsoft suite. UNIFY has steadily introduced specific offerings using Microsoft’s Secure Score, Threat Check and customer workshops. These are designed to help businesses effectively maximise the use of their Microsoft solutions and achieve more robust and holistic security for their business.

In my job, I’m often the first point of contact with a customer. It is one of my key roles to understand their environment, the challenges they are facing, and what they consider to be their solutions. Through security assessments we are able to gain immediate insight into their different operations, any incidents or breaches they may have experienced, the various issues that may be coming up regularly, and areas they want to improve.

Security assessments: what they are and how they work

There are a few different ways in which we can run a security assessment. We may start very simply with a customer questionnaire and interview. This consists of working with the customer to look at details such as what solutions they are currently using, how they are used, and how they protect information. The goal is to get a broad understanding of the customer’s current posture. From here, we collect information on the Microsoft 365 tenancy, collate, run analysis and comparisons, and produce a report of recommendations and a roadmap of the actions they can take over the next six to 12 months.

If our customer is ready for a deeper look into their security and the services available to them from their Microsoft 365 or Azure subscriptions, we may run a security workshop. We will look at an organisation’s objectives and big-ticket priorities, and how that’s going to impact IT support. We will then link those objectives to the security pillars that they might want to improve or focus on. The workshop takes a deeper dive into the technology and services available within the Microsoft 365 and Enterprise Mobility and Security suites.

For qualifying customers, part of the security workshop is a Threat Check. The three main services utilised to perform the check are Azure Active Directory Identity Protection, Office 365 Advanced Threat Protection and Microsoft Cloud App Security. Using these, we analyse data with the customer over a couple of weeks, collect the information we need with no user impact, and prepare a recommendations report to show how the organisation can be better protected using these services. This is also chance to demonstrate the many features and services provided by Microsoft and how these can be utilised for specific use cases.

Our workshops are an excellent way to connect with a customer and understand, design and see how we can implement best practice security processes and services. We have the opportunity to engage teams in practical conversations backed by data, gain a view of the entire environment, analyse the data from key services, and produce a clear, detailed report.

These workshops are flexible. We may be looking at a specific aspect of security or at the entire environment – it depends on what the customer wants and needs. There may be some actions we can take straight away that cost nothing, for example if these actions simply utilise a feature set of an existing subscription, or we may identify areas where investment is required to develop or improve. We will look at the impact in terms of cost and effort, and consider different areas such as identity, data, applications or devices. For instance, rolling out multi-factor authentication is low cost, but it may impact the employee experience.

Microsoft’s Secure Score provides a rating of how well protected a solution is. Essentially, it’s a method of presenting technical, detailed or complex recommendations in an easily digestible way. Microsoft is starting to use this across many of their apps and services, including Microsoft Defender, Azure Security Center and more. You can look at the score as a kind of ‘cheat sheet’ or list of the ways in which your organisation can better secure its operations and prioritise implementation of controls.

UNIFY’s role: doing what we do best

Many of our customers won’t have expert security capabilities in-house, or the resources and time to run assessments or audits. This is where UNIFY Solutions comes in. Working with many customers across the board, we can quickly recognise common or recurring problems, and identify how they may best be resolved.

Regardless of Industry sector - whether it’s a financial services company or a large government enterprise - there are some standard, best practices and common problems. However we also understand that each customer environment is unique, so we have the structure and process in place to tailor our approach and get to the bottom of what a business really needs.

Working as a Microsoft Gold Security Partner, we deeply understand identity-driven security solutions and services and can leverage the functionality in a way that gives customers great ROI. We also help our customers to be heard amongst the noise of so many businesses globally leveraging the tools of such a large vendor – especially SMEs that may have a difficult question or requirement and are unsure how to resolve it.

In fact, we’ve come to see that many customers may be using a product such as Word, Teams or SharePoint Online, and don’t realise they have access to many more tools within their current subscription. Microsoft continues to develop and integrate its offerings, constantly rolling out new features and functionality, to stay ahead of the rapidly evolving threat landscape.

It wasn’t long ago that businesses would need five, 10 or even 20 different products to manage their security across a diverse environment. Now, you have everything you need in one package. Our job is to also stay up to date with both that evolving threat landscape as well as development of the tools to counter it. We ensure the businesses we’re working with understand what they need to be doing to mitigate risk, and know what solutions are available and how to make use of them.

Where do we go from here?

The current global situation, with employees from most businesses working from home, definitely reinforces Microsoft’s modern workplace model of enabling staff to work from wherever they are, whenever they want, using a range of different devices and products, and being able to do it securely. In the last five to 10 years, Microsoft has been developing their cloud-based offerings while also providing the security necessary for Cloud use.

At UNIFY, our focus is also on how we support customer productivity and keep people working as they need to – securely. We know that it’s no longer about the walls you put up around the office building or data centre, and that traditional firewalls or network perimeters alone just don’t cut it anymore.

In today’s world we must take a different approach, securing identities so people can work from disparate locations while still having access to the same resources they would if they were in the office. While this can seem overwhelming, we see it as an opportunity to empower employees with advanced technologies, while remaining confident that operations are secure.

If you’d like to know more or to talk to us about any aspect of our Security offerings, fill out the form below.

Looks good!
Please enter your e-mail address so we can contact you.
Looks good!
Please enter some details about your enquiry.
This form uses ReCaptcha to ensure interactions with our site are from legitimate users. Please accept the use of recommended storage before submitting the form. Find out more at the Privacy Center.

You may also be interested in:

Kate McKay
Kate McKay
Kate is a Senior Security Consultant at UNIFY Solutions.
Cybersecurity
Consulting Service
UNIFY Solutions offers our customers a team of industry leading experts and ensures the deepest level of knowledge across cybersecurity and risk.
Security Assessment Programs
Consulting Service
UNIFY assists our customers to assess their Security and IAM Maturity Level and/or assess their readiness to securely adopt Cloud solutions. This step is an important prerequisite for the development of an enterprise Identity and Access Management strategy.