MyDataSecurity: Interview and vision of the Product Manager

IDECSI looks back on its MyDataSecurity innovation: the essential dashboard for each user to better manage data security.

Thanks to a simple interactive interface, users can manage permissions and monitor access, independently, on all their data and their collaborative platforms (Microsoft 365, file servers, Netapp, Zimbra).

As a reminder, IDECSI offers a SaaS solution for a global data security system based on 5 pillars: Collection and traceability, review of rights by users, control and audit by admins, alerts and investigation, and finally, consolidated reports.

To improve the development of its solution, IDECSI appointed Thibault Joubert as Product Manager. Microsoft MVP and former Wavestone consultant. Thibault specializes in Digital Workplace security.

Today, he reviews IDECSI's vision, the latest news and the forthcoming developments on MyDataSecurity.

Read the 4 questions we asked Thibault Joubert:

• What are the latest developments on MyDataSecurity?
• And now, what is the medium-term vision for MyDataSecurity and for the IDECSI platform in general?
• Based on your experience, how does MyDataSecurity strengthen M365 data security?
• Responsability is a topic that is currently on the rise. Could MyDataSecurity add value in this area?
  
  

1. What are the latest developments on MyDataSecurity?

We all know that users have little time to devote to cybersecurity issues and security rules that they do not necessarily understand. That's why they need a simple, clear dashboard that highlights potential security risks.

To achieve this, we have focused on several key points:

1. We have reworked the interface with UX designers to match the B2C codes as closely as possible, so that it’s intuitive and fluid to use and therefore avoid costly training needs.
2. As part of this approach, communication with users, historically via email, has been enriched with two new channels:
   - Rights review campaigns
   - The Microsoft Teams bot, for direct communication with the user through its collaborative tool
3. Finally, we have introduced a major innovation: points of attention. The aim here is to highlight for the user all the points that the company has defined as sensitive, in order to give them a consolidated view. This may involve sharing documents classified as confidential with the whole company, or giving the whole company access to its mailbox, or public Teams containing sensitive files. In one click, they can view their points of attention and correct the problem directly from their dashboard.

Access to information has also been redesigned with the same objective: to make it easier to understand and to simplify access to information. We now allow the user to directly view the shares of their OneDrive or the Teams of which they are the owner, in line with the ergonomics of Microsoft 365 tools. This means they remain in a familiar environment.

We have also made technical improvements, especially on loading times. Our experience has shown us that users can own a very large number of Teams and share a large volume of files. We have implemented a mechanism that allows the profile to be displayed immediately regardless of the volume of user data and with perfectly up-to-date data.

Engage your employees for more effective security: Learn more about MyDataSecurity

2. And now, what is the medium-term vision for MyDataSecurity and for the IDECSI platform in general?

Our promise is to provide a comprehensive data protection service that does more than simply identify the problems: it proposes practical, scalable solutions to solve them.

In this respect, MyDataSecurity's ability to integrate users is at the heart of IDECSI's value proposition. Our promise is that MyDataSecurity will become the central security dashboard for every user. The goal here is to limit the number of interfaces presented to users,...

To deliver the most relevant response to this promise, we will focus the development of MyDataSecurity on four points:

• Always looking to improve the user experience, with a redesign of the search function and improved management of points of attention, which are more visible and easier to process. We will also provide the means for each company to adapt the points of attention to their own safety rules;
• Enhancing our solution with new features and developments in collaborative platforms. For example, a topic close to my heart is support for private and shared channels, a new feature in Microsoft Teams. Our customers have repeatedly reported to us that users found it difficult to know who had permissions on these different channels.
• Increasing the number of environments covered
  

  We want to extend our service with the addition of other file servers (like ISILON or HNAS) or other collaboration platforms like Jalios.

• Last but not least is integrating information from partners into our portal, such as the results of an internal phishing campaign or the need to update a terminal. In particular, we have begun a partnership with ProofPoint to show users their most relevant information.

3. Based on your experience (Microsoft 365 Security Consultant and Microsoft MVP), how does MyDataSecurity strengthen M365 data security?

The IDECSI platform complements Microsoft's solutions and increases the security of company data, whether in on-site or cloud environments.

The Microsoft 365 E5 licence provides interesting features such as Azure AD Access Reviews or MCAS File Policies, but with some limitations, such as the lack of capacity for historical data (investigation) and the lack of granularity in possible actions or even a review of rights limited to Microsoft Teams members. In addition, these features are mainly suited to mono-tenant infrastructure.

The platform responds to these limitations and offers 5 key functions for a comprehensive data security system: Collection and traceability, Review of rights by users, control and audit by admins, alerts and investigation, consolidated reports.

IDECSI brings a unique advantage to the market with its dashboard for users, which makes it possible to respond to security and compliance issues in a simple way, and increasing efficiency and ROI in the face of cybersecurity issues.

4. Responsibility is a topic that is currently on the rise. Could MyDataSecurity add value in this area?

At a time when we're talking so much about energy efficiency and data management, there's one area of development that strikes me as particularly interesting: limiting the digital footprint.

Since we already collect metadata from files in order to manage their permissions, we have the ability to show users the energy impact of storing their data. To go further, we can suggest to users the most relevant data to delete. For example, deleting a document with a large number of versions, duplicate documents in several different areas and data which has not been accessed for a certain time.

In collaboration with a major CAC 40 account, we are working on a solution that will involve users in its “Sustainability week”.

We know that storage accounts for around 10% of digital pollution and working to reduce it is a first step that companies can take quickly.

Beyond the “environmental” aspect, there is also an economic ROI to be gained for companies. The 1TB storage limit can quickly reach saturation, and adding GB per user has a cost for the company, especially on SharePoint in the case of Office 365.

A few words about Thibault Joubert
Product Manager IDECSI x Microsoft MVP Office Apps & Services

IDECSI has appointed Thibault Joubert as Product Manager. Microsoft MVP and former Wavestone consultant, Thibault specialises in Digital Workplace security.

At Wavestone, Thibault helped his clients take control of their Microsoft 365 platform in terms of security, compliance and identity, by defining and implementing controls.

Thibault is also a member of the "Office 365 and security" working group at CLUSIF, a French association of companies, consultancies and solution providers.

Thibault holds the following certifications:

• Microsoft 365 Certified: Security Administrator
• Microsoft 365 Certified: Enterprise Administrator Expert