CTO: Risk management and information sharing in Microsoft 365

Audit, prevention and data recertification in Microsoft 365 collaboration tools

COMPANY

• Independent Asset Manager
• Family-owned structure
• 41 Billion € under management
• 280+ users

CONTEXT

Jean-Christophe Normand, CTO of the year 2019 (CRIP)

The management company is regulated by financial institutions, and must meet audit and compliance obligations.

Since the end of 2019, the company has implemented Office 365 tools and then experienced a strong acceleration in the use of Microsoft Teams and OneDrive for Business applications linked in particular to the various confinements.

OBJECTIVES

The main risk to be managed was inherent in the sharing of sensitive data both internally and externally by employees. The objective was to maintain control over the sharing of information within Office 365 and to make users responsible for managing the security of their data.

5 IMPORTANT NEEDS:

• Be able to audit regularly (recheck access for compliance)
• Gain visibility on who does what, who can do what, on which file
• Be able to track and manage users' O365 sharing (OneDrive/ SharePoint sharing link) over time
• Be able to remediate following an audit: update rights, remove external links, correct illegitimate rights...
• Be able to integrate users into data management

Discover how Jean-Christophe Normand addresses legal and security issues through auditing, prevention and recertification of Microsoft 365 data ?

« Thanks to IDECSI we have simplified our audit, share revalidation and remediation processes. The strong points: user involvement in data management and simplified deployment of the SaaS platform! »

Jean-Christophe Normand - CTO