SlideShare a Scribd company logo
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
#MWCP23 Modern Workplace Conference Paris 2023 27 & 28 Mars 2023
Diamond 💎
Platinum 🪩
Gold 🏅
Suivez-nous tout au long de l’année !
Follow us all year round!
https://ams.community
https://twitter.com/mwcparis
#MWCP23
https://modern-workplace.pro
https://twitter.com/aOSComm
https://www.linkedin.com/company/
ams-community
https://www.linkedin.com/company/
mwcp
https://www.facebook.com/
modernworkplaceconferenceparis
https://www.facebook.com/
aOSCommunity (FR)
https://www.facebook.com/
aosComm (EN)
Nikki Chapple
Principal Cloud Architect | MVP
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
Agenda
1. Why Governance Risk and
Compliance (GRC) is important
2. The consequence of poor GRC
maturity
3. Benefits of the GRC maturity model
4. Baseline your current GRC maturity
5. How to improve your GRC maturity
Why
Governance
Risk and
Compliance
(GRC) is
important
No matter the size of
your business, data
protection and
compliance is critical
Remember data is your responsibility
OS
OS
The landscape is fragmented, creating risks
~70%
of companies are subject
to compliance with more
than five compliance
standards
80%
>80% of corporate data is
“dark” – it’s not classified,
protected or governed
Ref: FoIBM. Future of Cognitive Computing. November 2015
88%
of organisations no longer
have confidence to detect
& prevent loss of sensitive
data
Ref: Forrester. Security Concerns, Approaches and Technology
Adoption. December 2018
83%
83% of companies
experience challenges in
ensuring regulatory &
industry compliance from
ineffective data
management
Ref: Vanson Bourne. Realizing the Power of Enterprise Data. 2019.
USD
4.35m
Average total cost of a
data breach
Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
USD 164
Average per record cost of a
data breach
Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
45%
of breaches occurred in the
cloud
Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
The
consequence
of poor (GRC)
maturity
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
Benefits of the
GRC maturity
model
What is a Maturity Model
100
Start-ups,
new teams &
rapidly
created
processes
• plus failing
functions etc
200
Maturing
organisations
and teams
• plus inefficient
and at-risk
functions
300
Established
organisations
• Stable but
not class
leading
functions
400
Successful/
efficient
organisations,
functions and
processes
• Especially
regulated
functions
500
Best of
breed
• Exemplars
Governance, Risk, and Compliance Maturity
Model
https://bit.ly/3gLLFsx
Microsoft 365 Maturity Model
Governance Risk and Compliance
GRC
What &
Why
GRC
stance
Benchmark
Current
vs.
Future
State
Who,
Where,
How &
When
Monitor
and
Enhance
1
Governance,
Risk and
Compliance is
not a project
2
Include the
right
stakeholders
Ref: Microsoft Digital Defense Report 2022 | Microsoft Security
3
Governance
in depth
Data
Containers
Applications
Endpoints
Cloud
4
Take a risk-
based
approach
5
This is a
journey so you
need to know
where you start
State of security maturity in the cloud
environment
Not started
17%
Early stages
26%
Midstage
34%
Mature stage
23%
Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
Baseline your
current GRC
maturity
Baseline: Microsoft Zero Trust Maturity
Assessment Quiz
Identities
Endpoints
Apps
Infrastructure
Data
Network
https://www.microsoft.com/en-gb/security/business/zero-
trust/maturity-model-assessment-tool
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
Baseline: Configuration Analyzer for Microsoft
Purview (CAMP)
Microsoft Information Protection
Data Loss Prevention
Information Governance
Records Management
Insider Risk
Communication Compliance
Audit
eDiscovery
https://learn.microsoft.com/en-us/microsoft-
365/compliance/compliance-manager-
mcca?view=o365-worldwide
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
Baseline: Compliance Manager
Protect
information
Privacy
management
Govern
information
Control access
Manage
devices
Protect
against
threats
Discover and
respond
Manage
internal risks
Manage
compliance
https://compliance.microsoft.com/
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
How are Compliance Scores calculated?
Extend - Assessment templates
Understand the licencing implications
Business
Basic
Business
Premium
E3 E5
https://m365maps.com/
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
 Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023
How to
improve your
GRC maturity
Level 100 organisation GRC Posture - Not
started
GRC
• Not
understood
People
• Undefined
roles &
responsibilities
Process
• Adhoc &
reactive
Level 100 Microsoft 365 posture - Not started
Default tenant
settings
Security
defaults may
not be applied
No data
protection
Default
retention
Level 200 GRC Posture - Reactive
GRC
•Compliance
& risk needs
understood
People
•No formal
roles & low
awareness
•IT Admin
responsible
Processes
•Adhoc
Level 200 Microsoft 365 posture - Limited
Security defaults in
Azure AD (MFA,
Privileged activities,
block legacy auth)
Manual encryption
of emails or
password protect
files
No retention or use
of Legal hold
Guest access
blocked or
uncontrolled guest
access
Level 300 GRC Posture - Defined
GRC strategy
• Framework
established but
tactical
• Focus on Zero
Trust security
rather than
compliance
People
• Siloed roles &
individual
responsibilities.
Processes
• Tactical &
inconsistent
• Initial privacy risk
management
assessment
• Initial compliance
assessment
Level 300 Microsoft 365 posture - Standard
Sensitivity labels
for containers
Recommended/
default sensitivity
labels for content
Data Loss
Prevention based
on labels
Org wide
retention policies
User & Container
lifecycle
governance
Governed guest
access
Compliance
Manager
baseline
Monitor Message
center
Level 400 GRC Posture - Predictable
GRC strategy
• Tailored, controlled &
measured
• Proactive
• Elevate your
compliance program
People
• Executive leadership
• Partnership - business,
IT & Security
• Dedicated roles.
Shared accountability
Processes
• Streamlined &
simplified with metrics
• GRC process to
identify, analyse,
control with
accountability
• Regular compliance &
privacy risk
assessments
Level 400 Microsoft 365 posture – Extend
with E5 licencing
Intelligent &
automated data
classification
Automated
protection &
retention
Extend DLP to
cloud apps and
endpoints
Insider risk
management
Formal records
management
Compliance
Manager
regulation
templates
GRC
• Strategic with
continuous
assessment.
• External benchmarks
People
• Proactive
• Business enabler
• Continuous
improvement
• Best of breed
• Pervasive compliance
culture
Process
• Risk based
• Lifecycle management
• Business Continuity
management
• Continuous
improvement
• Extend to supply chain
Level 500 - Optimal
Machine
Learning
classification
Content AI with
Microsoft Syntex
3rd party
ingestion of data
Data controls
extended beyond
Microsoft 365
Immutable
backup
Level 500 Microsoft 365 posture – Extend
beyond Microsoft 365 and automation
Summary
Practical steps
Establish board accountability and Chief Risk Officer role
Agree strategy and priorities
Embed cultural change
Establish a programme for continuous improvement
Select initial priority areas for attention
Build tools & processes outside Purview for non-technical controls
Best practices
You cannot go
from 1% to
100% on one
day
Take crawl-
walk-run
approach
Manage based
on risk
Be realistic. Design
something that can
be implemented
You need to
know where
you are now
Involve the right
teams
Don't let Microsoft 365
governance & compliance
be a roll of the dice
Merci pour
votre
attention !
Thanks
for your
attention!

More Related Content

Similar to Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023

Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
Amazon Web Services
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
Amazon Web Services
 
Csa summit who can protect us education for cloud security professionals
Csa summit   who can protect us education for cloud security professionalsCsa summit   who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionals
CSA Argentina
 
Migrating to Cloud – A Journey of Excellence
Migrating to Cloud – A Journey of ExcellenceMigrating to Cloud – A Journey of Excellence
Migrating to Cloud – A Journey of Excellence
Ahmed Aamer
 
Marlabs Capability Overview: Insurance
Marlabs Capability Overview: Insurance Marlabs Capability Overview: Insurance
Marlabs Capability Overview: Insurance
Marlabs
 
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss PreventionWebinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
WithumSmith+Brown, formerly Portal Solutions
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar Deck
Precisely
 
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Nikki Chapple
 
Marlabs capabilities overview: cloud services
Marlabs capabilities overview: cloud servicesMarlabs capabilities overview: cloud services
Marlabs capabilities overview: cloud services
Marlabs
 
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
sammart93
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
Tudor Damian
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s  IT GRC Tools – Key Issues and TrendsMaclear’s  IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear LLC
 
Salesforce Platform: Governance and the Social Enterprise
Salesforce Platform: Governance and the Social EnterpriseSalesforce Platform: Governance and the Social Enterprise
Salesforce Platform: Governance and the Social Enterprise
James Hindes
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
PECB
 
Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012
Bluewolf
 
Marlabs Capabilities Overview: Microsoft Office 365
Marlabs Capabilities Overview: Microsoft Office 365Marlabs Capabilities Overview: Microsoft Office 365
Marlabs Capabilities Overview: Microsoft Office 365
Marlabs
 
Draft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdfDraft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdf
EnricoJohanes1
 
IT Governance – The missing compass in a technology changing world
 IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
PECB
 
22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform
22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform
22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform
Miguel LLorca Gómez
 

Similar to Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023 (20)

Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
 
Csa summit who can protect us education for cloud security professionals
Csa summit   who can protect us education for cloud security professionalsCsa summit   who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionals
 
Migrating to Cloud – A Journey of Excellence
Migrating to Cloud – A Journey of ExcellenceMigrating to Cloud – A Journey of Excellence
Migrating to Cloud – A Journey of Excellence
 
Marlabs Capability Overview: Insurance
Marlabs Capability Overview: Insurance Marlabs Capability Overview: Insurance
Marlabs Capability Overview: Insurance
 
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss PreventionWebinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar Deck
 
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
 
Marlabs capabilities overview: cloud services
Marlabs capabilities overview: cloud servicesMarlabs capabilities overview: cloud services
Marlabs capabilities overview: cloud services
 
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s  IT GRC Tools – Key Issues and TrendsMaclear’s  IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
Salesforce Platform: Governance and the Social Enterprise
Salesforce Platform: Governance and the Social EnterpriseSalesforce Platform: Governance and the Social Enterprise
Salesforce Platform: Governance and the Social Enterprise
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 
Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012
 
Marlabs Capabilities Overview: Microsoft Office 365
Marlabs Capabilities Overview: Microsoft Office 365Marlabs Capabilities Overview: Microsoft Office 365
Marlabs Capabilities Overview: Microsoft Office 365
 
Draft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdfDraft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdf
 
IT Governance – The missing compass in a technology changing world
 IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
 
22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform
22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform
22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform
 

More from Nikki Chapple

Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Nikki Chapple
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Nikki Chapple
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Nikki Chapple
 
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdfViva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Nikki Chapple
 
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Nikki Chapple
 
Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...
Nikki Chapple
 
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Nikki Chapple
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C... Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
Nikki Chapple
 
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Nikki Chapple
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Nikki Chapple
 
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Nikki Chapple
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Nikki Chapple
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Nikki Chapple
 
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Nikki Chapple
 
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Nikki Chapple
 
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Nikki Chapple
 
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Nikki Chapple
 

More from Nikki Chapple (17)

Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
 
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdfViva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
 
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
 
Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...
 
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C... Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
 
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
 
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
 
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
 
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
 
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
 

Recently uploaded

Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionAdvanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Bert Blevins
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Zilliz
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
LINUS PROJECTS (INDIA)
 
DealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 editionDealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 edition
Yevgen Sysoyev
 
How to build a generative AI solution A step-by-step guide (2).pdf
How to build a generative AI solution A step-by-step guide (2).pdfHow to build a generative AI solution A step-by-step guide (2).pdf
How to build a generative AI solution A step-by-step guide (2).pdf
ChristopherTHyatt
 
The Evolution of Remote Server Management
The Evolution of Remote Server ManagementThe Evolution of Remote Server Management
The Evolution of Remote Server Management
Bert Blevins
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
rajancomputerfbd
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Kunal Gupta
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
maigasapphire
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
chetankumar9855
 
The Role of Technology in Payroll Statutory Compliance (1).pdf
The Role of Technology in Payroll Statutory Compliance (1).pdfThe Role of Technology in Payroll Statutory Compliance (1).pdf
The Role of Technology in Payroll Statutory Compliance (1).pdf
paysquare consultancy
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
SynapseIndia
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
Eric D. Schabell
 
Comparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdfComparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdf
Andrey Yasko
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
HackersList
 

Recently uploaded (20)

Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionAdvanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
 
DealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 editionDealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 edition
 
How to build a generative AI solution A step-by-step guide (2).pdf
How to build a generative AI solution A step-by-step guide (2).pdfHow to build a generative AI solution A step-by-step guide (2).pdf
How to build a generative AI solution A step-by-step guide (2).pdf
 
The Evolution of Remote Server Management
The Evolution of Remote Server ManagementThe Evolution of Remote Server Management
The Evolution of Remote Server Management
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
 
The Role of Technology in Payroll Statutory Compliance (1).pdf
The Role of Technology in Payroll Statutory Compliance (1).pdfThe Role of Technology in Payroll Statutory Compliance (1).pdf
The Role of Technology in Payroll Statutory Compliance (1).pdf
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
 
Comparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdfComparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdf
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
 

Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023

  • 2. #MWCP23 Modern Workplace Conference Paris 2023 27 & 28 Mars 2023 Diamond 💎 Platinum 🪩 Gold 🏅
  • 3. Suivez-nous tout au long de l’année ! Follow us all year round! https://ams.community https://twitter.com/mwcparis #MWCP23 https://modern-workplace.pro https://twitter.com/aOSComm https://www.linkedin.com/company/ ams-community https://www.linkedin.com/company/ mwcp https://www.facebook.com/ modernworkplaceconferenceparis https://www.facebook.com/ aOSCommunity (FR) https://www.facebook.com/ aosComm (EN)
  • 7. Agenda 1. Why Governance Risk and Compliance (GRC) is important 2. The consequence of poor GRC maturity 3. Benefits of the GRC maturity model 4. Baseline your current GRC maturity 5. How to improve your GRC maturity
  • 9. No matter the size of your business, data protection and compliance is critical
  • 10. Remember data is your responsibility
  • 11. OS OS The landscape is fragmented, creating risks
  • 12. ~70% of companies are subject to compliance with more than five compliance standards
  • 13. 80% >80% of corporate data is “dark” – it’s not classified, protected or governed Ref: FoIBM. Future of Cognitive Computing. November 2015
  • 14. 88% of organisations no longer have confidence to detect & prevent loss of sensitive data Ref: Forrester. Security Concerns, Approaches and Technology Adoption. December 2018
  • 15. 83% 83% of companies experience challenges in ensuring regulatory & industry compliance from ineffective data management Ref: Vanson Bourne. Realizing the Power of Enterprise Data. 2019.
  • 16. USD 4.35m Average total cost of a data breach Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
  • 17. USD 164 Average per record cost of a data breach Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
  • 18. 45% of breaches occurred in the cloud Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
  • 23. Benefits of the GRC maturity model
  • 24. What is a Maturity Model 100 Start-ups, new teams & rapidly created processes • plus failing functions etc 200 Maturing organisations and teams • plus inefficient and at-risk functions 300 Established organisations • Stable but not class leading functions 400 Successful/ efficient organisations, functions and processes • Especially regulated functions 500 Best of breed • Exemplars
  • 25. Governance, Risk, and Compliance Maturity Model https://bit.ly/3gLLFsx Microsoft 365 Maturity Model Governance Risk and Compliance
  • 27. 2 Include the right stakeholders Ref: Microsoft Digital Defense Report 2022 | Microsoft Security
  • 30. 5 This is a journey so you need to know where you start
  • 31. State of security maturity in the cloud environment Not started 17% Early stages 26% Midstage 34% Mature stage 23% Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
  • 33. Baseline: Microsoft Zero Trust Maturity Assessment Quiz Identities Endpoints Apps Infrastructure Data Network https://www.microsoft.com/en-gb/security/business/zero- trust/maturity-model-assessment-tool
  • 37. Baseline: Configuration Analyzer for Microsoft Purview (CAMP) Microsoft Information Protection Data Loss Prevention Information Governance Records Management Insider Risk Communication Compliance Audit eDiscovery https://learn.microsoft.com/en-us/microsoft- 365/compliance/compliance-manager- mcca?view=o365-worldwide
  • 41. Baseline: Compliance Manager Protect information Privacy management Govern information Control access Manage devices Protect against threats Discover and respond Manage internal risks Manage compliance https://compliance.microsoft.com/
  • 43. How are Compliance Scores calculated?
  • 44. Extend - Assessment templates
  • 45. Understand the licencing implications Business Basic Business Premium E3 E5 https://m365maps.com/
  • 51. Level 100 organisation GRC Posture - Not started GRC • Not understood People • Undefined roles & responsibilities Process • Adhoc & reactive
  • 52. Level 100 Microsoft 365 posture - Not started Default tenant settings Security defaults may not be applied No data protection Default retention
  • 53. Level 200 GRC Posture - Reactive GRC •Compliance & risk needs understood People •No formal roles & low awareness •IT Admin responsible Processes •Adhoc
  • 54. Level 200 Microsoft 365 posture - Limited Security defaults in Azure AD (MFA, Privileged activities, block legacy auth) Manual encryption of emails or password protect files No retention or use of Legal hold Guest access blocked or uncontrolled guest access
  • 55. Level 300 GRC Posture - Defined GRC strategy • Framework established but tactical • Focus on Zero Trust security rather than compliance People • Siloed roles & individual responsibilities. Processes • Tactical & inconsistent • Initial privacy risk management assessment • Initial compliance assessment
  • 56. Level 300 Microsoft 365 posture - Standard Sensitivity labels for containers Recommended/ default sensitivity labels for content Data Loss Prevention based on labels Org wide retention policies User & Container lifecycle governance Governed guest access Compliance Manager baseline Monitor Message center
  • 57. Level 400 GRC Posture - Predictable GRC strategy • Tailored, controlled & measured • Proactive • Elevate your compliance program People • Executive leadership • Partnership - business, IT & Security • Dedicated roles. Shared accountability Processes • Streamlined & simplified with metrics • GRC process to identify, analyse, control with accountability • Regular compliance & privacy risk assessments
  • 58. Level 400 Microsoft 365 posture – Extend with E5 licencing Intelligent & automated data classification Automated protection & retention Extend DLP to cloud apps and endpoints Insider risk management Formal records management Compliance Manager regulation templates
  • 59. GRC • Strategic with continuous assessment. • External benchmarks People • Proactive • Business enabler • Continuous improvement • Best of breed • Pervasive compliance culture Process • Risk based • Lifecycle management • Business Continuity management • Continuous improvement • Extend to supply chain Level 500 - Optimal
  • 60. Machine Learning classification Content AI with Microsoft Syntex 3rd party ingestion of data Data controls extended beyond Microsoft 365 Immutable backup Level 500 Microsoft 365 posture – Extend beyond Microsoft 365 and automation
  • 62. Practical steps Establish board accountability and Chief Risk Officer role Agree strategy and priorities Embed cultural change Establish a programme for continuous improvement Select initial priority areas for attention Build tools & processes outside Purview for non-technical controls
  • 63. Best practices You cannot go from 1% to 100% on one day Take crawl- walk-run approach Manage based on risk Be realistic. Design something that can be implemented You need to know where you are now Involve the right teams
  • 64. Don't let Microsoft 365 governance & compliance be a roll of the dice