About customer
This project has begun as a test of Microsoft’s security services. The results of the pilot project underscored to the client the critical importance of adopting modern digital workplace solutions and emphasized the necessity of training employees to manage sensitive information responsibly. This case illustrates how the acquisition of knowledge fosters a sense of responsibility.
Due to a non-disclosure agreement, we can’t name the client, but the situation will be familiar to many. A leading mining company in Central Asia asked Awara IT for help with protecting its infrastructure. After reviewing their request, we suggested testing a Data Loss Prevention (DLP) solution. As the pilot progressed, we expanded the project to include Microsoft Defender for Endpoint, Microsoft Purview, and integrating Microsoft 365 with ArcSight. Leveraging multiple solutions from a single vendor provides the advantage of reduced operational costs through greater system unification, while also enhancing information security both internally and with external partners. This approach helps to minimize risks and potential data leaks.
About the Client
The client is a diversified mining company. Security is a core value for them, and they constantly seek to improve the safety of their processes and IT infrastructure. They have high standards for their contractors. With over 500 employees at the headquarters, the company decided to conduct pilot tests for at least 170 users (endpoints) to make informed decisions.
Key Project Tasks
After preliminary discussions, the company wanted to test two specific tools:
- Microsoft Defender for Endpoint (MDE) – A comprehensive solution for threat detection and software vulnerability management of endpoints, including response tools (this class of systems is called Endpoint Detection and Response or EDR).
- Microsoft Purview – A comprehensive set of solutions that help the organization analyze data flows, manage data, and protect it, regardless of location. Microsoft Purview includes Data Loss Prevention (DLP) policies - a flexible tool for preventing information leaks.
The first project, centered around Microsoft Defender for Endpoint (MDE), was relatively straightforward, primarily involving the configuration of rules aligned with client requirements. In contrast, the second project, which focused on Microsoft Purview, was more intricate, necessitating greater staff involvement and a comprehensive analysis of data and workflows.
The key task of the project was to develop a flexible and user-friendly approach to protecting the following IT infrastructure components:
A) Corporate devices,
B) Corporate data,
C) Local infrastructure,
D) Mobile users.
Therefore, the pilot boundaries were expanded to include training on the principles of collaboration and the possibilities of organizing a modern workplace based on Microsoft 365 technologies.
The entire case can be described as a transition to organizing a modern digital workplace, where the employee is not tied to the office and can work safely from anywhere, exchange corporate information, and communicate in the Microsoft Teams space.
Challenges and solutions
Information Protection
Microsoft’s approach to ensuring security without limiting employee capabilities fully met the client’s requirements. Previously, data security meant keeping all devices and information within a secure perimeter and limiting employee actions.
In the modern world, the workspace is not limited to the office or corporate infrastructure, the number of mobile workers is increasing, and security approaches are also changing. Based on the principles of Zero Trust, Microsoft’s approach ensures that information is protected both in storage and during transmission. Confidentiality labels assigned to documents can be configured so that the information is securely encrypted at the file level, and in this case, there is no need to worry that the file will fall into third-party hands – only authorized users will have access to the content.
The use of unified tools for both device protection and data loss prevention fits Microsoft’s "better together" concept. This synergy makes the tools more effective when used together.
Stages: Preparation and Implementation
IT Infrastructure: Entra ID, Microsoft Defender for Endpoint Plan 2, Microsoft Purview, ArcSight
The project progressed as follows:
1. The MDE pilot took 2 months, alongside Microsoft 365 training for employees.
2. The Microsoft Purview pilot lasted 3 months.
3. The full rollout is expected to take 9-12 months, depending on internal factors and employee involvement.
MDE implementation challenges included minor issues with Linux servers, which were resolved by switching to supported Linux distributions.
Testing Microsoft Purview involved deploying and testing 2-3 information labeling policies, but the client wanted to simulate a real-world environment, causing some organizational delays.
When testing Microsoft Purview, the recommended practice is to deploy and test several basic capabilities within a month, including setting up and testing 2-3 information labeling policies, followed by scaling to the entire organization.
In this case, the client wanted to bring the pilot as close as possible to the real usage situation. This led to difficulties of an organizational rather than technical nature and caused an increase of project timelines. Full implementation of DLP in a similar organization takes 9-12 months. Most of this time is spent on classification of corporate data and setting up appropriate policies. If only 10% of the company’s information is critical, the system is configured faster than if half of all corporate information needs to be protected. Full coverage of information is guaranteed to take more than a year.
It’s important to involve staff from various departments (legal, finance, HR, etc.) in this process to speed up classification.
It’s recommended to form a working group for a project like this, including a responsible manager and representatives from all key departments on the client’s side. On the integrator’s side, the team should include a project manager, an architect, technical specialists for the implementation, and analysts for classifying information.
The analysts, along with the client’s representative, review documents, classify them, and set key parameters. Based on these parameters, the DLP system will identify and categorize confidential, restricted, and public information.
During the pilot, 10-15 employees from different departments participated in the information classification process, but without the involvement of key stakeholders. For many employees, this task wasn’t a priority and added to their workload, which led to the classification process stopping entirely. As a result, the pilot project shifted back to the recommended approach, focusing on setting up 10 policies for the test phase.
This experience showed the client that when scaling the service, it’s crucial to plan for changes and manage them in advance. For DLP implementation, a broader group of employees needs to be involved, along with administrative support, communication, and training. The introduction of new data protection measures is part of the company’s digital transformation, and this needs to be clearly communicated internally.
Additionally, large projects like this often lead to more initiatives, possibly smaller in scope, as the business evolves, new staff join, and subsidiaries are added. These also need to be included in the security system, as the volume of data grows and new types of information emerge that need to be classified.
Results
Project Outcomes
At the start of 2024, two pilots were successfully completed:
- Microsoft Defender for Endpoint (MDE) successfully demonstrated its effectiveness in detecting and responding to threats, including zero-day vulnerabilities, across 170 workstations. MDE was also integrated with ArcSight, improving the return on the client’s SIEM investment.
- Microsoft Purview was tested for preventing information leaks. Ten DLP policies were set up, proving the tool’s performance and adaptability.
Microsoft Teams was also tested, and the company’s readiness for Microsoft 365 E5 Information Protection and Governance was assessed. These steps indicate a proactive approach to ensuring the readiness of the client’s IT infrastructure to meet modern business requirements.
Next Steps
Scaling the solution across the company will take 9-12 months. No significant challenges are expected for MDE, aside from replacing unsupported distributions. In terms of DLP, the most important and time-consuming task will be the classification of information and the creation of regular expressions (RegEx) due to the diversity of corporate data and the specifics of Microsoft’s syntax.
Awara IT has the expertise to ensure smooth implementation and will continue to support the client throughout this process. Benefits will include:
- Reduced operational costs due to native integration. The unification of processes and tools leads to increased efficiency and profitability. The flexibility and elasticity of the cloud infrastructure of the piloted solutions eliminate the need for reserving computing resources.
- Maximum protection: The solution provides the highest degree of information protection both within and outside the corporate network. The risk of potential data leaks is significantly reduced, which contributes to increased business resilience.
Users gain maximum freedom, and the company’s information security specialists gain maximum control over the data. Unlike the classic infrastructure, where the staff of administrators performs a significant amount of work on monitoring and maintaining the system in working condition, a large volume of tasks is given to the cloud provider, who guarantees SLA. This allows optimizing costs and reducing the load on IT personnel. The obvious advantage of Microsoft solutions is that yesterday’s internal network administrator can quite easily upgrade their skills and start working with a more advanced system.
As already mentioned, at the implementation stage, the client will need additional internal work with the staff.
The implementation of such solutions also makes it easier for the company to certify processes for compliance with ISO/IEC 27017, ISO/IEC 27018 standards. Using Microsoft services allows sharing responsibility with the service provider, who ensures proper security in the cloud.
Awara IT Expertise
Awara IT specializes in Modern Work and Microsoft Security solutions. Over the past year, we’ve completed several major security projects worldwide. In Kazakhstan, we’re working on two projects in the banking sector, plus a Microsoft 365 Business Premium deployment for a consulting firm in the UAE. We conduct seminars for a wide audience to introduce business customers in Kazakhstan to Microsoft information security solutions, showing the advantages of hybrid infrastructure, information, and device protection.
Awara IT’s involvement in the Microsoft AI Cloud Partner Program and the ISV Success program, along with our certified team, expands our capabilities. Our solutions are available on Microsoft AppSource, meeting strict vendor standards.
- Teams Phone System: 2-Wk Pilot – Microsoft AppSource
- Microsoft 365 Rapid Security Assessment: 1-Wk Assessment – Microsoft AppSource
- Copilot for Microsoft 365: 1-Day Data and Security Workshop – Microsoft AppSource
- Copilot for Microsoft 365 Data and Security Readiness Assessment – Microsoft AppSource