Case Study

Validating a leading healthcare provider’s security posture

Kocho has been a partner provider for one of the UK’s leading healthcare providers since 2011. So, when they needed to review their already strong security posture, it’s us they approached.   

As one of the leading names in private healthcare, IT security had always been taken seriously.

Like so many organisations worldwide, COVID-19 led to an almost overnight change in working practices. Remote work became the norm and IT provision needed to quickly adapt to accommodate.

The healthcare provider responded quickly, amending their Microsoft licences to utilise the cloud-based tools within the E5 licence for Microsoft 365. This enabled their workforce to work, collaborate and access resources remotely, and securely.

Working once more with Kocho

As these new ways of working became the norm, post-COVID, our client was proactive in reviewing the access and usage of their Microsoft environment.

Having worked successfully together in the past, and as a trusted Microsoft Partner, they approached Kocho to provide a security posture assessment (SPA) for both Microsoft 365 and their Azure infrastructure across the business.

Watch 3-minute Security Posture Assessment Demo

Identify hidden threats and prioritise security risks.

Validating security, demonstrating compliance, and identifying improvement opportunities

The SPA formed a key part in our client’s commitment to maintaining a rigorous approach to security and compliance.

From the process and presentation of its findings, the SPA helped the organisation in three essential aspects.

  • Validation of their security credentials from a trusted and creditable third-party.
  • Demonstration of due diligence and compliance.
  • Opportunity to identify areas for further and ongoing improvement.

Overall, the SPA provided a baseline for the organisation. Offering confirmation that the good practices implemented were working. It also provided the foundation for a roadmap of continued developments.

This ensured they remained vigilant and equipped to manage evolving security and compliance challenges.

SPA implementation and delivery

The turnaround, from initial discovery to analysis, playback and delivery was two weeks.

The SPA was carried out across various subscriptions and tenants in the business, and covered:

  • Microsoft 365 environment.
  • Azure infrastructure.
  • Base level compliance and auditing.

Reporting made easy with the playback presentation

The assessment was presented back to the IT management team via an interactive PowerBI dashboard, utilising the MITRE ATT&CK framework and CIS benchmarking as its base.

This provided validation of the good health of our client’s security, while highlighting key recommendations for further improvement.

The playback meeting, alongside a detailed slide deck and the interactive SPA dashboard, ensured that the IT and compliance managers could present their security posture in confidence to their leadership team.

A value-added feature for a few reasons.

  1. The ready-made report saved the team a lot of admin and analysis time.
  2. It provided validation of next-step recommendations and made it easy to articulate these to the leadership team.
  3. It prioritised any security improvements found in terms of risk, necessary effort, and impact.

The on-going value of the SPA dashboard

Through the dashboard, our client had a comprehensive, yet accessible view of the security posture across every aspect of their environment. Including all Microsoft 365 applications and third-party integrations.

This was not just a box-ticking exercise, but an important part of their overall security compliance toolkit.

A means of external validation with the addition of a dashboard that let them identify areas for improvement.

Using a high, medium, and low scoring system, they were able to identify areas for improvement and prioritise in order of importance. Providing a powerful benchmark and a platform from which to develop their security roadmap.

The dashboard also allowed for more granular analysis to help maintain high levels of diligence around their security.

They could drill into a particular score to not only understand the reason, but also to get a recommended solution.

Having access to this detail would therefore feed directly into the ongoing planning of future work. Ensuring that investment was being directed in the most cost-effective way.

Lasting benefits

  • Important to get validation from a trusted third-party Microsoft partner.

  • Provided an excellent baseline that could be used to gauge ongoing improvements. This also would form part of their ongoing compliance processes.

  • Strengthened and simplified the business case for future Microsoft 365 investment to the leadership team

  • Made it easy to develop a security roadmap and to prioritise improvements based on minimum output and maximum impact.

  • Delivered peace of mind that their security was in a good position, while identifying ways to strengthen further.

Next steps

The security posture assessment has played a key role in our client’s ongoing commitment to maintaining a high-level of security.

While the results demonstrated and validated this strong posture, this was not a cue for them to rest on their laurels.

Indeed, the assessment has allowed them to build a roadmap, based on the findings, to further optimise their Microsoft 365 E5 licence.

The assessment acts as a baseline and will be revisited periodically. Ensuring continued improvement and helping them to lead the way when it comes to data protection and security in the private health sector.

Watch 3-minute Security Posture Assessment Demo

See how a Security Posture Assessment:

  • Uncovers security blind spots
  • Prioritises your key risks
tag icon

Great emails start here

Sign up for free resources and exclusive invites

Subscribe to the Kocho mailing list if you want:

  • Demos of the latest Microsoft tech
  • Invites to exclusive events and webinars
  • Resources that make your job easier
Butterfly overlay image

Got a question? Need more information?

Our expert team is here to help.