Microsoft 365 protection: Governance of user access and sharing
Groupe Pasteur Mutualité is a global player in the protection, support and well-being of healthcare professionals, embodying 160 years of living mutualism and campaigning for an active fraternity. As a result of all of its commitments, Groupe Pasteur Mutualité provides healthcare professionals with insurance coverage and services that facilitate their professional practice.
Context
Groupe Pasteur Mutualité, which has 500 employees, initially used the IDECSI solution in 2016 to protect the mailboxes of COMEX members to guarantee data confidentiality.
In 2020, with a brand new cybersecurity program called CARE (Confidence, Anticipation, Resilience, Commitment), the CISO is implementing a 3-year roadmap which aims to strengthen the security of Groupe Pasteur Mutualité's information system with a focus on the Cloud, mobility and user engagement.
In addition to strategic and commercial issues, Groupe Pasteur Mutualité, by its nature, processes sensitive data (personal and health data) and has advisers who are particularly mobile at the national level.
It is in this context that GPM decided to extend its scope of protection to all employees and to Microsoft 365 cloud collaborative tools thanks to IDECSI.
Problem
Indeed, the CISO needed to control and certify access, rights and sharing in the use of collaborative tools, with both granular elements to be able to deal effectively with security events and tangible elements to communicate with the general management, who are very aware of data protection. Faced with the complexity of analysing Microsoft 365 logs and the lack of visibility, the CISO called on IDECSI to meet 4 main objectives.
The 4 main objectives de GPM
Ensure and maintain data confidentiality
Empower the teams to M365, and it particular in the use of Teams and OneDrive
Guarantee access rights, identify owners (validation of members, team management)
Use granular elements to save processing time during investigations
“I can't see any solution other than the IDECSI tool for managing access rights and sharing. We must give users the means to govern their data, practically and simply.”
Paloma Gouin - CISO of Groupe Pasteur Mutualité