An event organised by ARP & Bechtle
Security & Compliance with Microsoft
The Security & Compliance with Microsoft event took place on 19 and 26 March. The topic is more relevant than ever, as digital threats are constantly evolving and cybersecurity laws and regulations are forever being revised. Zero trust, data governance and NIS2 are the topics on everyone’s lips and this event gave those taking part the tools they need to take their security policies, compliance and information security to the next level.
Here, we take a look back on two days of valuable insights and inspiration supported by Microsoft and Bechtle experts. The spotlight was on the functional and strategic aspects of cybersecurity as well as modern workplace strategies. Interactive panel discussions provided an excellent opportunity for participants to ask their specific questions to the experts, while the focus sessions were received with great enthusiasm and interest.
The amount of interest shown saw us add a second date and both were very well attended.
“I had heard the term ‘zero trust’ before, but didn’t know what it meant. Now I understand how it can help mitigate cyber threats. I’m sure I’ll take a closer look a the topic to discover how we can use it in our business.” Participating IT coordinator from the retail sector.
Were you there? If you were, you have answers to questions including....
- What is a Zero Trust Framework and how does it differ from traditional security approaches?
- Why is it important to adopt an ‘assume breach’ mindset and how does translate into directives such as the NIS2?
- How does Copilot integrate with AI within Microsoft applications? How does it impact business processes? And how do you lay the right information security foundation to get started with Copilot?
- What steps can you take to strengthen cloud and endpoint security?
- How do you best prepare for GDPR, information security baseline standards, NIS2 and other future regulations?
“People say ‘prevention is better than cure’. ‘Assume breach’ presumes that prevention is practically impossible. It takes a zero trust approach to security and encourages organisations to think about the worst case before it happens.”
Nicholas Baker, Solution Consultant Security at Bechtle
Key takeaways from Security & Compliance with Microsoft
Best-of-Suite approach.
Working with an integrated suite of security solutions rather than individual tools (best or broad) helps organisations cut costs and work more efficiently.
Zero trust strategy.
Organisations profit greatly from a zero trust strategy that is based on the motto ‘Never trust. Always verify’. This can be done by applying multiple authentication methods and minimum access rights. This way, threats from inside and outside the network are recognised quickly and damage is minimised.
AI-ready data.
The first step in deploying AI applications like Copilot for Microsoft is data governance. Rights are granted depending on a person’s role within the company To keep you GDPR compliant and prevent Copilot from sharing sensitive or confidential information with unauthorised parties.
Integrated security solutions.
Modern cybersecurity requires an integrated approach with a focus on two key aspects—data governance and cyber hygiene. By investing in both of these, organisations are laying a solid foundation for effective data management.
Zero Trust Framework
The morning began with a presentation held by Jelle Niemantsverdriet of Microsoft, in which he introduced us to the Zero Trust Framework. His enthusiasm and in-depth knowledge of cybersecurity were contagious. Jelle took us through the different steps of a Zero Trust Framework and how they can be applied in practice and we also discussed how the traditional firewall is being abandoned and why we need to constantly check that everything is secure. This set the stage for a lively debate on how companies can deal with increasingly complex cyberthreats and how they can prepare for future standards and regulations.
Zero Trust Framework
The morning began with a presentation held by Jelle Niemantsverdriet of Microsoft, in which he introduced us to the Zero Trust Framework. His enthusiasm and in-depth knowledge of cybersecurity were contagious. Jelle took us through the different steps of a Zero Trust Framework and how they can be applied in practice and we also discussed how the traditional firewall is being abandoned and why we need to constantly check that everything is secure. This set the stage for a lively debate on how companies can deal with increasingly complex cyberthreats and how they can prepare for future standards and regulations.
Cloud and endpoint security
After a quick break, Nicholas Baker took the stage to talk about the importance of XDR platforms for cloud and endpoint security. His presentation provided valuable insights into Microsoft’s integrated approach and how organisations can take advantage of these technologies to bolster their security. The session was filled with some challenging questions from the participants resulting in lively discussions about the implementation of XDR platforms in different business environments.
Cloud and endpoint security
After a quick break, Nicholas Baker took the stage to talk about the importance of XDR platforms for cloud and endpoint security. His presentation provided valuable insights into Microsoft’s integrated approach and how organisations can take advantage of these technologies to bolster their security. The session was filled with some challenging questions from the participants resulting in lively discussions about the implementation of XDR platforms in different business environments.
Data governance and AI integration.
After the panel discussion and lunch break, the event continued with an in-depth look at data governance and AI integration. Tim Ter Haar introduced us to new kid on the block Copilot for Microsoft 365 and generative AI. With his colleague Nicholas, he offered an enlightening perspective on how organisations can deal with the challenges of data governance and how they can leverage AI to improve processes without compromising security. The two also touched on Microsoft Purview tools, Which make it easy to classify and label data, optimise data governance and compliance processes, and much more. This session was also very interactive with several questions being asked about the practical applications of AI and its potential risks.
Data governance and AI integration.
After the panel discussion and lunch break, the event continued with an in-depth look at data governance and AI integration. Tim Ter Haar introduced us to new kid on the block Copilot for Microsoft 365 and generative AI. With his colleague Nicholas, he offered an enlightening perspective on how organisations can deal with the challenges of data governance and how they can leverage AI to improve processes without compromising security. The two also touched on Microsoft Purview tools, Which make it easy to classify and label data, optimise data governance and compliance processes, and much more. This session was also very interactive with several questions being asked about the practical applications of AI and its potential risks.
“Zero trust is one approach to how to deal with security. It redefines everything we used to know.We used to be behind a firewall, with the evil internet on the outside and the trusted corporate network on the inside. It was like an M&M. Hard on the outside and soft on the inside. Once you broke through, there was nothing to stop you. These days, we don’t have this wall to protect us. Instead we are evolving towards an approach in which we constantly evaluate and verify every interaction, both inside and outside the network, to minimise potential threats.” – Jelle Niemantsverdriet, National Security Officer at Microsoft
New insights from the panel discussion
An important part of the event was the panel discussion, during which Jelle and Patrick, security experts at Microsoft and Bechtle respectively, took to the stage. Many important issues were raised such as the risks of single manufacturer strategy for IT security and the struggles of complying with the NIS2 Directive. The discussion provided useful perspectives from both panel members as well as the participants and here we’d like to highlight two discussions.
Discussion one – Windows 11 is actually Windows 10.1 with a new menu.
This statement certainly divided opinions. We all need to switch to Windows 11 because it won’t be long before support for Windows 10 ends, but it was argued that it is not as easy for administrators to use. “I don’t see it as progress, because there are so many more steps.” It is true that more work is required and the extra time that takes up isn’t ideal, but the redesigned menu offers a much better user experience. However, Windows 11 has so much more to offer than a revamped menu and redesigned taskbar. There have also been some major steps taken to bolster security. In fact, Patrick says it’s the most secure version ever made. Most of the changes made are, therefore, under the hood. As soon as you boot up, Windows 11 is actively protecting your notebook and continuously scanning for security risks, which it was agreed are valuable additions. One disadvantage that was mentioned is that not every device meets the minimum system requirements for Windows 11 meaning some need to be replaced with more up-to-date models.
Discussion two – The NIS2 Directive is a good, but the guidelines are too complex to comply with
the room was also divided on the question of whether compliance with the requirements of NIS2 is realistic. Several opinions were discussed, some stressing that it is necessary for an effective cybersecurity strategy, while others felt that the guidelines are indeed too complex and vague. ”The complexity arises partly because the Dutch government is lagging behind with publishing concrete guidelines. Legislation has been delayed, but will finally come into force in October. It’s a challenge that we all have to meet head on together, taking it step-by-step, starting with cybersecurity governance and then splitting the rest into manageable chunks in order to makes progress,” explained Patrick on how to deal with the issues at hand. By working on data governance and cyber hygiene, you are already well on your way to meeting NIS2’s future requirements and improving your overall cybersecurity.
”The NIS2 Directive regulations seem complex because there isn’t anything specifically written down on paper. My advice is to start data governance and cyber hygiene. With those in the bag, you can start building your security strategy.” – Patrick Voss, Solution Advisor Security at Bechtle
In recent years, Microsoft has invested heavily in security solutions, a fact reflected in Gartner and Forrester reports. Microsoft’s philosophy is also different from that of other companies.
It adapts a Best-of-Suite strategy which means a single suite of integrated security solutions across multiple applications. This is in contrast to a Best-of-Breed strategy, which is about discrete solutions, for example one solution for e-mail security, one for endpoint security and another for network security. With Microsoft, you choose a complete set of solutions that communicate and integrate with each other. Best of all, you benefit from cost savings and efficiency.
Want to find out more about Copilot for Microsoft 365?
You can discover more on this page andsign up for a workshop with one of our experts.
The 3 principles of Microsoft's zero trust approach
Want to know more about zero trust, the XDR platform and data governance? Take a look at this page and request an appointment with one of our security advisors.
