Just as the importance, scope and complexity of their ICT infrastructure has grown, so most businesses have seen the importance, scope and complexity of their security management systems take on much greater significance over the years. “Even with all of this, companies are often not sufficiently alert to the many potential risks that lie in wait for them every day”, asserts Van Clapdurp. “There's a genuine need to raise awareness in this area”, he continues, speaking from experience.
One clear security trend we are starting to see is that attacks and threats are not only increasing in number, but are becoming more complex and therefore more dangerous. “Companies are also still too inclined to think that attacks can only come from outside. However, there is an equal chance of a disgruntled employee – former or active – being behind such an attack.”
Assessing levels of security
It is no easy matter in these circumstances to obtain a clear and full picture of such a complex, ever-expanding security environment. Nevertheless, this is the first challenge faced by any security administrator. Fortunately, there are tools that can help here. One is Microsoft Secure Score. This is part of Microsoft Defender, the integrated security solution for Office 365 and Microsoft 365. “An important benefit of this tool is undoubtedly its accessibility. In principle, every Microsoft 365 or Office 365 user can get started with it right away for free.”
Microsoft Secure Score automatically analyzes your security environment. The analysis not only covers what you have in place at the moment, but also what may potentially be missing from your current security arsenal. The tool then translates this quick basic analysis into a general security score. “This score provides a snapshot of the current level of security in your business”, explains Van Clapdurp to sum up. The score given is based on a system of points or partial scores awarded in three categories: the security of your identities, your devices and your applications. As things stand, the score is relevant for internal purposes only. “But who knows what the future might bring: perhaps these metrics could, in time, count toward an ISO compliance score to indicate how secure it is for doing business and communicating digitally with specific customers and suppliers”, adds Van Clapdurp.
In addition to potential risks and gaps, the analysis overview from Microsoft Secure Score also provides specific recommendations or suggestions for improvement. “There is no obligation to put any or all of these recommendations into effect”, states Van Clapdurp. “However, your security score will go up with every improvement you make to your security environment.” Microsoft Secure Score also shows your security history, which makes it simple to keep track of the evolution of your score.
Microsoft Secure Score does more than just offer general recommendations in the case of a low score. “For example, if you received a relatively high overall security score but the result for the security of your identities was too low, Secure Score will formulate specific recommendations for you. You might, for example, be advised to activate multi-factor authentication”, states Van Clapdurp. “If you put the recommendation into effect, your score will go up. It all depends on the degree to which you implement the recommendation and the number of extra users that are then protected. If you implement it for all your users, your score will be markedly higher than if you only did it for some of them. By contrast, if you introduce multi-factor authentication for all your existing users but not for new users, then you'll lose points.”
Taking it to the next level
Microsoft Secure Score is an accessible, user-friendly tool that is easy for IT managers to get started with. The results of the security analysis are presented visually on a dashboard. However, not all actions for improvement are easy to put into effect on your own. Keep in mind, too, that the review of your security is limited to a basic analysis.
For this reason, you may be recommended to call in a specialized partner such as Inetum-Realdolmen. “To give a concrete example: if you want to block an outdated method of logging in, such as legacy authentication, you first need to carry out an in-depth analysis of the applications you are using. In this case, seeking the assistance of an experienced expert is far from an unnecessary luxury”, states Van Clapdurp.
“Microsoft Secure Score is important first and foremost as a baseline for a broader, more in-depth analysis of the vulnerabilities in your security environment”, the security expert concludes. “You can use the score as a basis on which to then put more proactive measures for optimizing your security in place. We are able to provide this type of analysis, which goes by the name of Security Priority Assessment. As part of this, we provide you with individual professional advice and support at each stage of the assessment. Our security roadmaps offer an even more in-depth security analysis together with a specific step-by-step plan. This allows us to optimize security for an organization depending on the licenses it has at that time. The best way to picture it is by comparing it to burglary protection for a building. In this scenario, Secure Score would advise you to protect the entrance to the building with CCTV and secure locks. However, a full risk assessment (Inetum-Realdolmen Security Priority Assessment) would also address security inside the building (access badges, CCTV, door bolts, etc.) with the aim of ensuring full protection for the building as a whole.”