Cloud Security & Compliance
Analysis & Reviews
To be able to manage and develop your security and compliance, you must start from the current situation and environment. We help you create an overview of your situation and what you’re exposed to.
Identity & Access Management
We help you assess gaps in your identity and access management, to plan a successful IAM platform based on Azure Active Directory.
Endpoint Security
We help you develop a strategy for securing your devices and the devices that have access to the company’s data. An important component is the Zero Trust principle that we go through with you.
Compliance & Information Protection
We help you create a strategy and ability to discover, manage and protect information in your digital platform using Microsoft services available in Microsoft 365.
Cloud Security Lifecycle Management
We help you to continuously keep your level of protection where it needs to be. In addition, we provide an advisory service that captures needs and requirements and performs external monitoring.
Security Strategy: Zero trust
In order to achieve Zero Trust – identities, devices, data and applications need to be protected. With our security specialists and Subject Matter Experts, we help you secure all these areas.
Security
Today, all organisations need to be proactive about security and compliance on their IT platforms. Unfortunately, sooner or later, everyone is affected by attempted breaches. Even if your current security protection does not show it, you may have been affected. This means attackers will eventually also be able to access information and create problems. The first step to minimising the damage is to accept right now that there will be breaches. Take these words to heart in your security work: “Assume Breach”. This means you are prepared and reduces the damage once an attacker has entered your platform.
Security work must include the following capabilities:
- Identify
- Protect
- Detect
- Respond
- Recover
Coligo’s security specialists will help you no matter where you are on your security journey or what capabilities you need to develop. In helping you with your security work, we make sure your people come first. We specialise in all technical matters spanning the entire Microsoft security services portfolio, including Azure AD, Microsoft Defender, and Sentinel.
Analysis & Reviews
In order to manage and develop security and compliance, the starting point has to be the current position and environment. We help you to create an overview of your situation and vulnerabilities.
It’s also essential to take account of the entire business platform, and not simply work on securing silos. Everything is interconnected and must function as a single whole. Currently, we base our work on international standards such as CIS (Center for Internet Security) and NIST (National Institute of Standards and Technology) Cybersecurity Framework. We develop a comprehensive and clear picture of the situation and a clear action plan based on your capabilities and needs.
We also demonstrate Microsoft security capabilities for you to show what they could do for you. Together, we discuss and develop a picture of how things could look for you and what capabilities you could achieve in terms of security. We analyse your Microsoft Cloud environment, but also linked to your on-premises platform in a hybrid configuration.
We review your security configuration in relation to:
- Your existing security features
- Your Microsoft 365 configuration
Threat Check
Threat check work includes a workshop format and collection of data. This is to obtain a result that shows how to boost your organisation’s security using Microsoft security services. While we are collecting information, we analyse the threats and attempted attacks to which you are exposed. We then create an activity plan with recommendations to mitigate the identified threats and attempted attacks.
Working with you, we review the various initiatives that you have planned with your IT platform, and your priorities in order to give you more information and advice on how to coordinate future security work. You’ll also gain a holistic view of how Microsoft security initiatives could help your organisation.
We give demos and show you what integrated security could do for you, showcasing the latest tools and methods. In addition, we offer expert advice on long-term recommendations for security strategy and tactical development steps.
Risk assessment
To complement the security work, it is also important to identify and manage “insider risk”, as there are major risks in all organisations. This needs to be managed in order to create trust and a secure platform for users.
We help you identify, detect, and manage “insider risk” and then document relevant objectives and strategy. To accelerate your risk management and compliance, we give demos of the latest from Microsoft. We then create an action plan tailored to you and your objectives.
Microsoft 365 Security Posture
We analyse how your Microsoft 365 platform is configured from a security point of view. Among other things, we use Microsoft Secure Score to identify gaps and generate recommendations from our leading Microsoft Security experts.
We start with the Zero Trust concept, which includes devices, Office 365, data, and the security features that you can access via your licences. In addition, we evaluate your current level of protection based on your ability to protect, detect, and mitigate security incidents.
Identity & Access Management
We provide consultancy services to help you assess gaps in your identity and access management and to plan a successful IAM platform based on Azure Active Directory (AAD). This is a key to creating a successful working partnership throughout your supply chain. All employees must be able to collaborate with partners outside your organisation in a simple but robust way.
We help you to integrate Microsoft IAM solutions into your business applications. We train and support you to run your Microsoft Azure Active Directory platform yourself so you can assess, plan, build, integrate, support, and maintain your Identity and Access Management requirements.
Endpoint Security
Our experts will help you develop a strategy for securing your devices, and work with you to implement this. A key component for creating a Zero Trust strategy is securing the devices that access your data. Key scenarios to cover are:
- Hybrid and remote work
- Frontline workers
- Reimagining the endpoint ecosystem
- Progressing towards Zero Trust
In many cases, organisations already have access to a variety of security features available in Microsoft 365. Microsoft Endpoint Manager provides effective application and device protection that enables users to work efficiently, and your business is able to apply controls and rules by using Conditional Access. Be sure to maximise your investment by using available features.
Compliance & Information Protection
Does your organisation have a strategy and the capability to detect, manage and protect information in your digital platform? Vast quantities of information are produced every day, including by you! Much of this information is public. This information needs to be made more visible and controlled.
Protection of information is often seen as being necessary only to ensure the required compliance with specific regulatory security controls. Correct configuration of technical tools also enhances your people’s productivity. For the best possible results, this is something every business needs to work with continuously – not just once – to enable fine-tuning and follow-up.
Four pillars of information protection:
- Understand your data
- Protect your data
- Prevent data loss
- Monitor and manage your data
Information protection and classification is a journey. A journey that needs to be undertaken in several steps, and which also needs to be continuously assessed in terms of results and effects. Steps in the Information Protection process:
- Define your data classification
- Define the rules for this classification
- Create, test, and implement labels and the regulatory environment configuration
- Continuously monitor and manage the data produced and used
Coligo does this using Microsoft services that are available in Microsoft 365, with Microsoft Information Protection (MIP) as the main service. We are experts in these technical tools and how to configure and adapt them to suit your requirements. In addition, we also have key expertise in change management, which we apply alongside our technical competencies to maximise value for you, our customer. This is particularly important in these types of implementations, since it is not an IT project – it is a business project.
Cloud Security Lifecycle Management
We help you to continuously maintain your level of protection where you need to be. In addition, we provide an advisory service that captures needs and requirements and monitors the security landscape. We also keep you up-to-date with best practice and new functionality, as the security work is not a “one-time” matter but something that needs to be updated continuously.
Security Strategy: Zero Trust
Adopt the policy of not trusting anyone or anything to access your business-critical services and applications. The principle is called “Zero Trust” and means that, unlike a traditional VPN solution where you become part of your internal enterprise network, your access is evaluated every time you try to access a service or item of information. Embracing this policy is about ensuring that you have the right conditions in place to access information and services.
Three key principles of Zero Trust:
- Verify explicitly
- Use least privilege access
- Assume breach
To achieve Zero Trust, identities, devices, data and applications need to be protected. Our security specialists and Subject Matter Experts help you to secure all these areas. All components must work as one in order to achieve a secure platform.