BPCE: Protection and Control of Shared Data on Microsoft 365

Streamlining the Access Rights Review Process and Empowering Data Owners

CONTEXT

BPCE-IT, the IT subsidiary of Groupe BPCE, launched a large-scale cybersecurity program called Walkyrie, aimed at strengthening data protection within its Microsoft 365 environment. Faced with the massive adoption of collaborative tools and an exponential increase in data volumes, it became essential to establish an effective framework to control, monitor, and reduce exposure risks.

As part of this initiative, BPCE-IT leveraged the IDECSI solution to build robust data governance and involve users in securing their own sharing practices.

CHALLENGES

The project's main objectives were:

• Data leak risk reduction: Identify and remediate excessive exposure of sensitive information.
• Compliance: Deploy regular access and sharing rights reviews on Microsoft 365.
• User awareness and accountability: Engage employees in data governance by giving them visibility into their own sharing activity.
• Measuring effectiveness: Define KPIs and track progress based on observed results.

"These campaigns allowed us to reduce our data exposure, 10,000 corrections were made, and the objective has been reached. Users are satisfied with the solution's ergonomics and appreciate being at the heart of the process." 

    Vincent Rey,  Deputy Leader and Head of Data Protection Solutions, BPCE-IT