The Division of Households, Seniors, Incapacity Companies and Baby Security conducts vital neighborhood work in Queensland, Australia. It helps most of the state’s residents in want by offering baby safety companies, elder abuse prevention sources, lodging companies for these residing with incapacity, carer motion plans and extra.
Because of the nature of the division’s work, it faces vital safety challenges. Workers routinely deal with delicate data, akin to case notes for baby security and cases of home violence, which requires the utmost care.
“We have now roughly 9,500 workers throughout the division and its supported companies. Knowledge will be dealt with by baby security officers, incapacity assist staff and youth justice staff, so we want safety controls to be efficient whereas inflicting minimal disruption,” explains Tanya Georgiou, the division’s Director of Data Safety and Cloud Operations.
Acutely aware that the danger of an information exfiltration occasion has risen with the arrival of latest applied sciences, together with generative AI, the division recognised a must make modifications. The Queensland Authorities has additionally mandated that departments adjust to the Australian Indicators Directorate’s Important Eight methods for mitigating cybersecurity threat.
“We needed to enhance our total safety posture and enhance visibility over how knowledge is dealt with throughout the division,” says Georgiou.
Consolidating safety techniques with a Microsoft 365 E5 licence
To perform these safety and compliance goals, the division upgraded to a Microsoft 365 E5 licence. This allowed the division to consolidate its safety instruments, changing techniques from separate suppliers with one resolution for end-to-end safety.
“With the division investing within the E5 licence, we decided that we wouldn’t obtain full worth from it with different legacy applied sciences nonetheless in place,” explains Mark O’Reilly, the division’s Supervisor of Community and Safety Operations.
“I used to be eager about what the general final result can be from lowering the totally different panes of glass ensuing from a number of distributors. I by no means was once a heavy Microsoft person, however I’ve been transformed by observing how effectively its instruments work collectively.”
Over simply six months, Georgiou, O’Reilly and their colleagues partnered with Microsoft and Capgemini to implement the modifications.
“Capgemini was glorious,” says O’Reilly. “We discovered that they might perceive our necessities and recite them again to us in clear phrases. That allowed us to pivot shortly.“
Securing digital touchpoints for end-to-end safety
Enabled by the improve to E5, the division has deployed all Microsoft Defender XDR suite merchandise, together with Microsoft Defender for Endpoint, Microsoft Defender for Cloud, Microsoft Defender for Identification, Microsoft Defender for Cloud Apps and Microsoft Defender for Workplace 365. As uptake will increase, Home windows Defender Software Management helps to keep up compliance with the Important Eight necessities.
The Microsoft Defender portal has enhanced the organisation’s visibility of enhancements to its safety posture by means of Microsoft Safe Rating, which is frequently reported to the interior Data Steering Committee. In response to O’Reilly, “Safe Rating is helpful as a result of it consolidates scores throughout a number of endpoints and instruments. We will assign every rating class to the staff accountable and allow them to work on enhancements at their very own tempo.”
Built-in right into a singular platform, these instruments have strengthened end-to-end safety and visibility throughout on-premises, hybrid and cloud environments. Notably, Defender for Endpoint has instantly enhanced safety throughout all server and desktop units, with Apple iPhone cellular units already efficiently trialled and shortly to be rolled out. This safety is augmented with Defender for Identification and Defender for Workplace 365, which safeguard identities, e mail and collaborative instruments in opposition to malicious assaults.
With the rise of AI and cloud expertise in thoughts, O’Reilly additionally notes the worth of Microsoft Defender for Cloud Apps in stopping or figuring out cases of knowledge exfiltration.
“There are quite a lot of cloud-hosted websites that folks can add paperwork to and entry from house, which different organisations that take care of us additionally use. We’d like visibility over what’s occurring with our knowledge, and we’ve discovered Defender for Cloud Apps to be extraordinarily useful in that regard.”
Unifying safety operations beneath one platform
One other main change was the division’s migration of its safety data and occasion administration system to Microsoft Sentinel to enhance risk detection, incident response and knowledge visibility – all from a unified interface.
“I’ve solely bought a small safety operations staff taking care of hundreds of customers working from 140 areas, and we’ve to be environment friendly to remain on high of day by day alerts,” says O’Reilly.
“We do most of our work in Sentinel. As soon as a request is available in, the platform logs the incident inside our incident administration instrument and presents the data in a approach that permits us to resolve the problem shortly.”
The division has already seen a number of benefits. For instance, Sentinel has enabled automated responses to common incidents, lowering time spent on repetitive duties. Integration with different safety instruments, together with Microsoft Defender options, has additionally impressed O’Reilly.
“The capabilities of Sentinel in pulling collectively the telemetry from our deployed platforms and triggering incidents for my staff to triage and motion have been a revelation,” he explains.
“As we’ve activated extra instruments, they’ve been robotically built-in into Sentinel, which implies incidents are introduced through the identical interface and will be handled utilizing the identical operational processes. The extra capabilities which might be activated, the extra visibility you acquire into your community and monitoring.”
Bettering safety posture out of the field
Because the division has continued reinforcing its safety utilizing Microsoft options, O’Reilly has been amazed by the capabilities made immediately obtainable to his staff.
“That’s what I’ve been most impressed with – seeing this expertise work straight out of the field and evaluating that with the customisation and configuration that might be required utilizing the legacy instruments we had in place,” he says.
O’Reilly can also be impressed by the speed of enchancment. “The Microsoft staff has a fast turnaround and enchancment cycle. There are all the time enhancements popping out which might be weighted in direction of customers doing these duties, which helps make the system extra environment friendly.”
The division expects to proceed working carefully with Microsoft because it follows its cybersecurity technique and prioritises alignment with ‘Zero Belief’ ideas, exploring the sensible implications of this contemporary safety strategy.
Additional, O’Reilly and Georgiou count on to broaden the usage of Microsoft Purview to guard and handle the division’s knowledge, emphasising the platform’s Knowledge Loss Prevention capabilities as generative AI expertise develops.
“The holistic alliance with Microsoft is larger than the sum of its particular person components. They’re very a lot a trusted strategic companion,” Georgiou says. “I’m simply glad we made the change.”
