Embracing Zero-Trust

Deeper Dive 5/9: Stephen Gallagher on Zero-Trust Security

A 2024 report found that it takes an eye-watering 258 days* for security teams to identify and contain a breach, on average. That’s 258 days where data is at risk and highlights the importance of robust information security measures.

Microsoft’s Zero Trust model treats every access request, regardless of origin, as potentially hostile and should be considered table stakes for any organisation serious about safeguarding its data. Implementing this model helps reduce the risk of data breaches, enhance compliance, and deliver cost savings.

In this article, I’ll share insights into our approach to zero-trust in iWorkplace along with other ways we are working to continuously improve our security practices, thereby keeping our customers’ data safe.

Our approach to zero-trust in iWorkplace includes:

1. Access control with MFA enforced for all user accounts

2. Comprehensive endpoint management using Microsoft Intune

3. Secure development practices following the OWASP principles

4. Regular internal audits of our security posture

5. Security and awareness training for all staff

These practices ensure we remain responsive to the ever-evolving landscape of information security and provide us with the foundations for a robust defence against internal and external threats.

In addition to practicing zero-trust, we only keep data for as long as necessary, securely disposing of it when it is no-longer needed. We do this by:

• Identifying and classifying data based on its sensitivity and regulatory requirements

• Defining how long the data should be retained based on legal, regulatory and business needs

• Implementing secure methods for data deletion, ensuring the data is irrecoverable.

iWorkplace Compliance, comprising Smart Records, Smart Labels and OneDrive Manager tools automate these processes for us, ensuring we are compliant across SharePoint, Teams and OneDrive.

Smart Records allows us to set up retention and disposal rules that span entire document libraries. Smart Labels simplifies the process of mapping and applying retention labels, making them easy to manage at scale. Together these tools enable us to monitor user adoption, file deletions, perform bulk actions like moving files and help us stay informed and in control of our data.

OneDrive Manager takes monitoring a step further, giving us actionable insights into user OneDrives, supporting us to mitigate potential information silos before they become information hazards. Just last year we removed over 150GB of content from our OneDrives, moving it to managed workspaces or deleting it if it no-longer held value.

Culminating in our Information Protection (IPx) dashboard, our team can monitor how we’re doing at a glance; understanding where our information risks lie as well as delivering cost savings and efficiencies across our organisation by ensuring the right information is stored in the right place, at the right time.

Zero Trust is not just a security model; it is a strategic imperative. By embracing Zero Trust, organisations can ensure that their data remains secure, their operations remain compliant, and their reputation remains intact. We’re a big believer in drinking our own champagne and I am proud to show how we use iWorkplace to protect both yours and our data.

*“Cost of a Data Breach Report” IBM and Ponemon Institute