SlideShare a Scribd company logo
#MWCP23 Modern Workplace Conference Paris 2023 27 & 28 Mars 2023
Diamond 💎
Platinum 🪩
Gold 🏅
Suivez-nous tout au long de l’année !
Follow us all year round!
https://ams.community
https://twitter.com/mwcparis
#MWCP23
https://modern-workplace.pro
https://twitter.com/aOSComm
https://www.linkedin.com/company/
ams-community
https://www.linkedin.com/company/
mwcp
https://www.facebook.com/
modernworkplaceconferenceparis
https://www.facebook.com/
aOSCommunity (FR)
https://www.facebook.com/
aosComm (EN)
Nikki Chapple
Principal Cloud Architect | MVP
Agenda
1. Why Governance Risk and
Compliance (GRC) is important
2. The consequence of poor GRC
maturity
3. Benefits of the GRC maturity model
4. Baseline your current GRC maturity
5. How to improve your GRC maturity
Why
Governance
Risk and
Compliance
(GRC) is
important
No matter the size of
your business, data
protection and
compliance is critical
Remember data is your responsibility
OS
OS
The landscape is fragmented, creating risks
~70%
of companies are subject
to compliance with more
than five compliance
standards
80%
>80% of corporate data is
“dark” – it’s not classified,
protected or governed
Ref: FoIBM. Future of Cognitive Computing. November 2015
88%
of organisations no longer
have confidence to detect
& prevent loss of sensitive
data
Ref: Forrester. Security Concerns, Approaches and Technology
Adoption. December 2018
83%
83% of companies
experience challenges in
ensuring regulatory &
industry compliance from
ineffective data
management
Ref: Vanson Bourne. Realizing the Power of Enterprise Data. 2019.
USD
4.35m
Average total cost of a
data breach
Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
USD 164
Average per record cost of a
data breach
Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
45%
of breaches occurred in the
cloud
Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
The
consequence
of poor (GRC)
maturity
Benefits of the
GRC maturity
model
What is a Maturity Model
100
Start-ups,
new teams &
rapidly
created
processes
• plus failing
functions etc
200
Maturing
organisations
and teams
• plus inefficient
and at-risk
functions
300
Established
organisations
• Stable but
not class
leading
functions
400
Successful/
efficient
organisations,
functions and
processes
• Especially
regulated
functions
500
Best of
breed
• Exemplars
Governance, Risk, and Compliance Maturity
Model
https://bit.ly/3gLLFsx
Microsoft 365 Maturity Model
Governance Risk and Compliance
GRC
What &
Why
GRC
stance
Benchmark
Current
vs.
Future
State
Who,
Where,
How &
When
Monitor
and
Enhance
1
Governance,
Risk and
Compliance is
not a project
2
Include the
right
stakeholders
Ref: Microsoft Digital Defense Report 2022 | Microsoft Security
3
Governance
in depth
Data
Containers
Applications
Endpoints
Cloud
4
Take a risk-
based
approach
5
This is a
journey so you
need to know
where you start
State of security maturity in the cloud
environment
Not started
17%
Early stages
26%
Midstage
34%
Mature stage
23%
Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
Baseline your
current GRC
maturity
Baseline: Microsoft Zero Trust Maturity
Assessment Quiz
Identities
Endpoints
Apps
Infrastructure
Data
Network
https://www.microsoft.com/en-gb/security/business/zero-
trust/maturity-model-assessment-tool
Baseline: Configuration Analyzer for Microsoft
Purview (CAMP)
Microsoft Information Protection
Data Loss Prevention
Information Governance
Records Management
Insider Risk
Communication Compliance
Audit
eDiscovery
https://learn.microsoft.com/en-us/microsoft-
365/compliance/compliance-manager-
mcca?view=o365-worldwide
Baseline: Compliance Manager
Protect
information
Privacy
management
Govern
information
Control access
Manage
devices
Protect
against
threats
Discover and
respond
Manage
internal risks
Manage
compliance
https://compliance.microsoft.com/
How are Compliance Scores calculated?
Extend - Assessment templates
Understand the licencing implications
Business
Basic
Business
Premium
E3 E5
https://m365maps.com/
How to
improve your
GRC maturity
Level 100 organisation GRC Posture - Not
started
GRC
• Not
understood
People
• Undefined
roles &
responsibilities
Process
• Adhoc &
reactive
Level 100 Microsoft 365 posture - Not started
Default tenant
settings
Security
defaults may
not be applied
No data
protection
Default
retention
Level 200 GRC Posture - Reactive
GRC
•Compliance
& risk needs
understood
People
•No formal
roles & low
awareness
•IT Admin
responsible
Processes
•Adhoc
Level 200 Microsoft 365 posture - Limited
Security defaults in
Azure AD (MFA,
Privileged activities,
block legacy auth)
Manual encryption
of emails or
password protect
files
No retention or use
of Legal hold
Guest access
blocked or
uncontrolled guest
access
Level 300 GRC Posture - Defined
GRC strategy
• Framework
established but
tactical
• Focus on Zero
Trust security
rather than
compliance
People
• Siloed roles &
individual
responsibilities.
Processes
• Tactical &
inconsistent
• Initial privacy risk
management
assessment
• Initial compliance
assessment
Level 300 Microsoft 365 posture - Standard
Sensitivity labels
for containers
Recommended/
default sensitivity
labels for content
Data Loss
Prevention based
on labels
Org wide
retention policies
User & Container
lifecycle
governance
Governed guest
access
Compliance
Manager
baseline
Monitor Message
center
Level 400 GRC Posture - Predictable
GRC strategy
• Tailored, controlled &
measured
• Proactive
• Elevate your
compliance program
People
• Executive leadership
• Partnership - business,
IT & Security
• Dedicated roles.
Shared accountability
Processes
• Streamlined &
simplified with metrics
• GRC process to
identify, analyse,
control with
accountability
• Regular compliance &
privacy risk
assessments
Level 400 Microsoft 365 posture – Extend
with E5 licencing
Intelligent &
automated data
classification
Automated
protection &
retention
Extend DLP to
cloud apps and
endpoints
Insider risk
management
Formal records
management
Compliance
Manager
regulation
templates
GRC
• Strategic with
continuous
assessment.
• External benchmarks
People
• Proactive
• Business enabler
• Continuous
improvement
• Best of breed
• Pervasive compliance
culture
Process
• Risk based
• Lifecycle management
• Business Continuity
management
• Continuous
improvement
• Extend to supply chain
Level 500 - Optimal
Machine
Learning
classification
Content AI with
Microsoft Syntex
3rd party
ingestion of data
Data controls
extended beyond
Microsoft 365
Immutable
backup
Level 500 Microsoft 365 posture – Extend
beyond Microsoft 365 and automation
Summary
Practical steps
Establish board accountability and Chief Risk Officer role
Agree strategy and priorities
Embed cultural change
Establish a programme for continuous improvement
Select initial priority areas for attention
Build tools & processes outside Purview for non-technical controls
Best practices
You cannot go
from 1% to
100% on one
day
Take crawl-
walk-run
approach
Manage based
on risk
Be realistic. Design
something that can
be implemented
You need to
know where
you are now
Involve the right
teams
Don't let Microsoft 365
governance & compliance
be a roll of the dice
Merci pour
votre
attention !
Thanks
for your
attention!

More Related Content

Similar to Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023

Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
Amazon Web Services
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
Amazon Web Services
 
Csa summit who can protect us education for cloud security professionals
Csa summit   who can protect us education for cloud security professionalsCsa summit   who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionals
CSA Argentina
 
Migrating to Cloud – A Journey of Excellence
Migrating to Cloud – A Journey of ExcellenceMigrating to Cloud – A Journey of Excellence
Migrating to Cloud – A Journey of Excellence
Ahmed Aamer
 
Marlabs Capability Overview: Insurance
Marlabs Capability Overview: Insurance Marlabs Capability Overview: Insurance
Marlabs Capability Overview: Insurance
Marlabs
 
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss PreventionWebinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
WithumSmith+Brown, formerly Portal Solutions
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar Deck
Precisely
 
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Nikki Chapple
 
Marlabs capabilities overview: cloud services
Marlabs capabilities overview: cloud servicesMarlabs capabilities overview: cloud services
Marlabs capabilities overview: cloud services
Marlabs
 
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
sammart93
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
Tudor Damian
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s  IT GRC Tools – Key Issues and TrendsMaclear’s  IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear LLC
 
Salesforce Platform: Governance and the Social Enterprise
Salesforce Platform: Governance and the Social EnterpriseSalesforce Platform: Governance and the Social Enterprise
Salesforce Platform: Governance and the Social Enterprise
James Hindes
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
PECB
 
Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012
Bluewolf
 
Marlabs Capabilities Overview: Microsoft Office 365
Marlabs Capabilities Overview: Microsoft Office 365Marlabs Capabilities Overview: Microsoft Office 365
Marlabs Capabilities Overview: Microsoft Office 365
Marlabs
 
Draft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdfDraft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdf
EnricoJohanes1
 
IT Governance – The missing compass in a technology changing world
 IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
PECB
 
22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform
22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform
22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform
Miguel LLorca Gómez
 

Similar to Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023 (20)

Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
 
Csa summit who can protect us education for cloud security professionals
Csa summit   who can protect us education for cloud security professionalsCsa summit   who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionals
 
Migrating to Cloud – A Journey of Excellence
Migrating to Cloud – A Journey of ExcellenceMigrating to Cloud – A Journey of Excellence
Migrating to Cloud – A Journey of Excellence
 
Marlabs Capability Overview: Insurance
Marlabs Capability Overview: Insurance Marlabs Capability Overview: Insurance
Marlabs Capability Overview: Insurance
 
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss PreventionWebinar: Microsoft 365 - Your Gateway to Data Loss Prevention
Webinar: Microsoft 365 - Your Gateway to Data Loss Prevention
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar Deck
 
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
Microsoft 365 Governance Risk and Compliance Maturity model | MM4M365 practit...
 
Marlabs capabilities overview: cloud services
Marlabs capabilities overview: cloud servicesMarlabs capabilities overview: cloud services
Marlabs capabilities overview: cloud services
 
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s  IT GRC Tools – Key Issues and TrendsMaclear’s  IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
Salesforce Platform: Governance and the Social Enterprise
Salesforce Platform: Governance and the Social EnterpriseSalesforce Platform: Governance and the Social Enterprise
Salesforce Platform: Governance and the Social Enterprise
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 
Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012
 
Marlabs Capabilities Overview: Microsoft Office 365
Marlabs Capabilities Overview: Microsoft Office 365Marlabs Capabilities Overview: Microsoft Office 365
Marlabs Capabilities Overview: Microsoft Office 365
 
Draft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdfDraft - Digital Transformation Rough Plan.pdf
Draft - Digital Transformation Rough Plan.pdf
 
IT Governance – The missing compass in a technology changing world
 IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
 
22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform
22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform
22-Oct-2019 Sevilla: Reunión D365UG & PowerPlatform
 

More from Nikki Chapple

Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Nikki Chapple
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Nikki Chapple
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Nikki Chapple
 
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdfViva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Nikki Chapple
 
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Nikki Chapple
 
Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...
Nikki Chapple
 
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Nikki Chapple
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C... Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
Nikki Chapple
 
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Nikki Chapple
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Nikki Chapple
 
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Nikki Chapple
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Nikki Chapple
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Nikki Chapple
 
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Nikki Chapple
 
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Nikki Chapple
 
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Nikki Chapple
 
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Nikki Chapple
 

More from Nikki Chapple (17)

Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
Preparing for Microsoft 365 Copilot - Best Practices for Governance and Data ...
 
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdfViva Security and Privacy CollabDays Bletchley Sept 23.pdf
Viva Security and Privacy CollabDays Bletchley Sept 23.pdf
 
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
Commsverse 2023 Demystifying security and privacy in Viva | Commverse 2023
 
Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...Demystifying security and compliance in Viva | European Collaboration Summit ...
Demystifying security and compliance in Viva | European Collaboration Summit ...
 
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C... Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl  M365C...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl M365C...
 
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
Build a Teams creation workflow using Power Automate | ESPC 22 Microsoft Team...
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | MN Mi...
 
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
Build a Teams creation workflow using Power Automate | M365 Virtual Marathon ...
 
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
Implementing Microsoft Teams Lifecycle Governance to Stop Team Sprawl | Virtu...
 
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
Implementing Microsoft Teams lifecycle governance to stop Team sprawl | Teams...
 
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
Using Power Automate to manage Microsoft 365 evergreen change | MN365 - April...
 
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
Canadian Cloud summit - Build a Teams creation workflow using Power Automate ...
 
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
Commsverse 2022 - Why you need to manage Microsoft Teams sprawl - Jun 2022
 
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022Teams10X -  Using Power Automate to Manage Teams evergreen change - Sep 2022
Teams10X - Using Power Automate to Manage Teams evergreen change - Sep 2022
 

Recently uploaded

Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 

Recently uploaded (20)

Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 

Dont let governance risk and compliance be a roll of the device | Modern Workplace Conference Paris 2023

  • 1.
  • 2. #MWCP23 Modern Workplace Conference Paris 2023 27 & 28 Mars 2023 Diamond 💎 Platinum 🪩 Gold 🏅
  • 3. Suivez-nous tout au long de l’année ! Follow us all year round! https://ams.community https://twitter.com/mwcparis #MWCP23 https://modern-workplace.pro https://twitter.com/aOSComm https://www.linkedin.com/company/ ams-community https://www.linkedin.com/company/ mwcp https://www.facebook.com/ modernworkplaceconferenceparis https://www.facebook.com/ aOSCommunity (FR) https://www.facebook.com/ aosComm (EN)
  • 5.
  • 6.
  • 7. Agenda 1. Why Governance Risk and Compliance (GRC) is important 2. The consequence of poor GRC maturity 3. Benefits of the GRC maturity model 4. Baseline your current GRC maturity 5. How to improve your GRC maturity
  • 9. No matter the size of your business, data protection and compliance is critical
  • 10. Remember data is your responsibility
  • 11. OS OS The landscape is fragmented, creating risks
  • 12. ~70% of companies are subject to compliance with more than five compliance standards
  • 13. 80% >80% of corporate data is “dark” – it’s not classified, protected or governed Ref: FoIBM. Future of Cognitive Computing. November 2015
  • 14. 88% of organisations no longer have confidence to detect & prevent loss of sensitive data Ref: Forrester. Security Concerns, Approaches and Technology Adoption. December 2018
  • 15. 83% 83% of companies experience challenges in ensuring regulatory & industry compliance from ineffective data management Ref: Vanson Bourne. Realizing the Power of Enterprise Data. 2019.
  • 16. USD 4.35m Average total cost of a data breach Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
  • 17. USD 164 Average per record cost of a data breach Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
  • 18. 45% of breaches occurred in the cloud Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
  • 20.
  • 21.
  • 22.
  • 23. Benefits of the GRC maturity model
  • 24. What is a Maturity Model 100 Start-ups, new teams & rapidly created processes • plus failing functions etc 200 Maturing organisations and teams • plus inefficient and at-risk functions 300 Established organisations • Stable but not class leading functions 400 Successful/ efficient organisations, functions and processes • Especially regulated functions 500 Best of breed • Exemplars
  • 25. Governance, Risk, and Compliance Maturity Model https://bit.ly/3gLLFsx Microsoft 365 Maturity Model Governance Risk and Compliance
  • 27. 2 Include the right stakeholders Ref: Microsoft Digital Defense Report 2022 | Microsoft Security
  • 30. 5 This is a journey so you need to know where you start
  • 31. State of security maturity in the cloud environment Not started 17% Early stages 26% Midstage 34% Mature stage 23% Ref: Cost of a Data Breach Report 2022 - United Kingdom | IBM
  • 33. Baseline: Microsoft Zero Trust Maturity Assessment Quiz Identities Endpoints Apps Infrastructure Data Network https://www.microsoft.com/en-gb/security/business/zero- trust/maturity-model-assessment-tool
  • 34.
  • 35.
  • 36.
  • 37. Baseline: Configuration Analyzer for Microsoft Purview (CAMP) Microsoft Information Protection Data Loss Prevention Information Governance Records Management Insider Risk Communication Compliance Audit eDiscovery https://learn.microsoft.com/en-us/microsoft- 365/compliance/compliance-manager- mcca?view=o365-worldwide
  • 38.
  • 39.
  • 40.
  • 41. Baseline: Compliance Manager Protect information Privacy management Govern information Control access Manage devices Protect against threats Discover and respond Manage internal risks Manage compliance https://compliance.microsoft.com/
  • 42.
  • 43. How are Compliance Scores calculated?
  • 44. Extend - Assessment templates
  • 45. Understand the licencing implications Business Basic Business Premium E3 E5 https://m365maps.com/
  • 46.
  • 47.
  • 48.
  • 49.
  • 51. Level 100 organisation GRC Posture - Not started GRC • Not understood People • Undefined roles & responsibilities Process • Adhoc & reactive
  • 52. Level 100 Microsoft 365 posture - Not started Default tenant settings Security defaults may not be applied No data protection Default retention
  • 53. Level 200 GRC Posture - Reactive GRC •Compliance & risk needs understood People •No formal roles & low awareness •IT Admin responsible Processes •Adhoc
  • 54. Level 200 Microsoft 365 posture - Limited Security defaults in Azure AD (MFA, Privileged activities, block legacy auth) Manual encryption of emails or password protect files No retention or use of Legal hold Guest access blocked or uncontrolled guest access
  • 55. Level 300 GRC Posture - Defined GRC strategy • Framework established but tactical • Focus on Zero Trust security rather than compliance People • Siloed roles & individual responsibilities. Processes • Tactical & inconsistent • Initial privacy risk management assessment • Initial compliance assessment
  • 56. Level 300 Microsoft 365 posture - Standard Sensitivity labels for containers Recommended/ default sensitivity labels for content Data Loss Prevention based on labels Org wide retention policies User & Container lifecycle governance Governed guest access Compliance Manager baseline Monitor Message center
  • 57. Level 400 GRC Posture - Predictable GRC strategy • Tailored, controlled & measured • Proactive • Elevate your compliance program People • Executive leadership • Partnership - business, IT & Security • Dedicated roles. Shared accountability Processes • Streamlined & simplified with metrics • GRC process to identify, analyse, control with accountability • Regular compliance & privacy risk assessments
  • 58. Level 400 Microsoft 365 posture – Extend with E5 licencing Intelligent & automated data classification Automated protection & retention Extend DLP to cloud apps and endpoints Insider risk management Formal records management Compliance Manager regulation templates
  • 59. GRC • Strategic with continuous assessment. • External benchmarks People • Proactive • Business enabler • Continuous improvement • Best of breed • Pervasive compliance culture Process • Risk based • Lifecycle management • Business Continuity management • Continuous improvement • Extend to supply chain Level 500 - Optimal
  • 60. Machine Learning classification Content AI with Microsoft Syntex 3rd party ingestion of data Data controls extended beyond Microsoft 365 Immutable backup Level 500 Microsoft 365 posture – Extend beyond Microsoft 365 and automation
  • 62. Practical steps Establish board accountability and Chief Risk Officer role Agree strategy and priorities Embed cultural change Establish a programme for continuous improvement Select initial priority areas for attention Build tools & processes outside Purview for non-technical controls
  • 63. Best practices You cannot go from 1% to 100% on one day Take crawl- walk-run approach Manage based on risk Be realistic. Design something that can be implemented You need to know where you are now Involve the right teams
  • 64. Don't let Microsoft 365 governance & compliance be a roll of the dice