Case Study

Security health checks unlock global collaboration

Connecting tenants across international business teams poses a big risk. Thanks to detailed security analysis from Kocho, our client could complete the process with confidence.

When a leading medical provider needed to assess the health of its security infrastructure, Kocho’s ready-made Security Posture Assessment was just what the doctor ordered.

The ability to work collaboratively is an essential requirement for any organisation. But it’s not without its challenges – and those challenges only multiply as an organisation grows.

Now imagine you’re a global healthcare giant of a business. You’ve over 38 million customers and 84,000 employees spread across 11 business divisions worldwide. You need to make sure those different divisions can work together AND ensure highly personal medical and financial information remains safe.

This was a challenge our client aimed to solve.

Our client was working with Microsoft on a cross-tenant collaboration project to improve its Microsoft Teams infrastructure. However, the security posture of each business division needed to be assessed before access between tenants could be enabled.

With an established partnership built on previous identity and access management projects, Kocho was ideally placed to help with our ready-to-go Security Posture Assessment (SPA) service.

Greater collaboration through detailed security posture assessment

By gaining the crucial visibility and context required, the use of Kocho’s SPA service helped our client:

Assess the security strength of each business division against specific security and compliance requirements

Identify which divisions did and did not meet the required standard – with advice on how to remedy potential dangers

Enhance and get the most out of their Microsoft licensing, improving data loss prevention (DLP) and device controls

Establish effective data scanning and event logging capabilities

Enable cross-tenant collaboration between approved divisions for better information sharing and more efficient working practices

Watch 3-minute Security Posture Assessment Demo

Identify hidden threats and prioritise security risks.

A need for seamless and secure collaboration across Teams

Our client continuously seeks new ways that technology can help deliver frictionless, highly personalised services to each of its 38 million customers around the globe.

In partnership with Microsoft, our client is in the process of digitally transforming its operations using the Azure cloud to facilitate better collaboration and improve customer service.

A key part of this transformation is ensuring that its various Microsoft Teams tenants can work together whilst remaining secure and meeting strict compliance requirements.

But before collaboration between Teams tenants could be enabled, our client needed to audit and understand its current security posture across 11 global business divisions to ensure a consistent degree of security.

Microsoft Teams is an essential tool for us, but one potential weakness could have ramifications across our global business. Getting visibility of each division’s current security posture was a crucial step to take.

Client Director of Security Strategy

Kocho was well known to the client’s internal IT team due to a long-standing relationship between the two companies. For the past 12 years, we’ve supported on and completed many identity and access management projects for the client.

It was on one such project that we became aware of the client’s need for a solution that would help it assess its security posture and move the Teams integration project forward.

Having developed our Security Posture Assessment service for just such a purpose, we suggested it may be a good fit and arranged to conduct a proof-of-concept demonstration on the client’s UK Teams tenant.

Proving the benefits of a tailor-made security assessment

Kocho’s SPA service analyses an individual tenant’s technology stacks and current working practices to assign a risk score and report. This report features suggested actions to improve and remediate any existing or potential security and compliance issues.

For the proof of concept to be successful, it needed to meet our client’s specific compliance requirements. These requirements are based on CIS benchmarks but feature additional controls to protect sensitive customer data.

Our experienced security architects, led by Mat Richards, were able to modify the SPA to return results tailored to the required measurements.

Visibility was key to establishing a consistent level of security across each business division. By tailoring the SPA, we could quickly identify improvements that made sense.

Mat Richards

Head of Mobility and Security, Kocho

The information provided by the SPA report proved valuable in identifying whether the reviewed tenant met the specified standard to allow for cross-tenant collaboration.

Pleased with the speed and depth of detail delivered by the proof of concept, our client asked us to perform the same assessment against each of its 11 global Microsoft Teams tenants.

Enabling secure cross-tenant collaboration

Over the next nine months, we completed the remaining assessments. This helped the client’s Group IT team understand its overall security posture across different global teams with differing regional data regulations and standards.

This information helped establish a consistent and compliant security standard. This standard could then identify which business divisions were safe to enable cross-tenant collaboration with.

Our client can now be confident that their teams can communicate and collaborate in a way that’s secure, regulated, and compliant.