In this case study:
Industry: Professional Services
Products and Services: Spyglass Security and Compliance
Country: USA
Background
An architecture and engineering firm was looking for a way to improve their security posture using the security tools they already owned in their Microsoft tenant. With customers in the public and private sector requesting security compliance assessments and surveys, the firm needed well-defined security procedures to demonstrate a sound and operational security posture.
With Quisitive’s help, the firm’s IT team was able to define clear security and compliance solutions and procedures that aligned with their business needs. Quisitive was able to reduce the number of vulnerabilities and strengthen the firm’s overall security posture to prevent the possibility of future breaches.
Challenge
The firm’s chief information security officer (CISO) and IT team could not always adhere to security compliance assessments and surveys, and they were lacking the time and resources necessary to do an audit of their security landscape. Quisitive conducted an Office 365 security assessment, revealing a number of vulnerabilities, including VIP-level users logged in with impossible travel situations, a high volume of end-user phishing attacks and an excess of admin accounts and shared service accounts. Within one week of Quisitive’s findings, the firm committed to a 3-month Spyglass trial in which the Spyglass team rolled out advanced Microsoft security features.
The firm was then asked to give an update to its board and senior leadership on the status of its security posture the future of its security posture and the steps that were being taken to make improvements. Quisitive helped the firm’s chief information security officer build a progress report in nontechnical terms using Microsoft tools and Spyglass dashboards
Solution
After conducting an Office 365 security assessment and a 3-month Spyglass trial, the firm signed on to Spyglass as a full-time customer. During this time, Quisitive worked with the firm to evaluate their existing security and compliance policies, close security gaps and adopt the National Institute of Standards and Technology (NIST) 800-53 to satisfy customers in the public and private sectors.
Six months after implementing Spyglass, Quisitive helped double the firm’s Microsoft Secure Score, reduce the number of impossible travel events by 50%, reduce the number of unfamiliar login locations by one-third, and automatically remediate over 30,000 phishing attempts.
Quisitive also helped cut global admin and service accounts by 50%, cut sensitive data stored in Office 365 by one-third, cut stale externally shared files by 50%, and reduce the number of files being shared with personal emails to zero. Overall, end-user adoption of new security features increased to over 90%.
When the firm’s chief information security officer was asked to report on the firm’s security posture, he was able to pull key metrics from Microsoft’s Security & Compliance Center and Spyglass dashboards to demonstrate, quarter over quarter, incremental and steady progress and give insight into the near-term risk reduction work that was being done.