We’ve seen how increasing connectivity and using more technology in the workplace provides cyber criminals with more opportunities to access your servers and compromise your data or cause serious damage.
To help keep you safe, Microsoft have developed Microsoft Secure Score (previously known as Office 365 Secure Score).
What is Secure Score?
Aware that many of their customers are using a range of cloud computing options alongside 365, Microsoft wanted to increase security.
Office 365 has three layers of security, all operational from the moment you start using it. There is no need to activate it or do anything else to get it working optimally for you. It’s the best way to protect sensitive information when you don’t have full control over it.
Microsoft explains that Secure Score is: “A measurement of an organisation’s security posture, with a higher number indicating more improvement actions taken.” They provide a dashboard within the 365 security centre which allows you to monitor all your apps, devices and infrastructure in one place.
Essentially, it’s a way to assess how secure your data is now, where there are vulnerabilities and what you can do to resolve these. It scores each security element it analyses so you can quickly and clearly see where you need to take steps to improve the numbers (and your protection).
How to access Secure Score
It’s straightforward to get to Secure Score if you’re a Microsoft user. You can find the widget on the Office 365 Security and Compliance Centre homepage.
Alternatively, you can access it via the Microsoft Graph Security API, which is designed to connect security apps and workflows. It will show both your scores and your recommendations.
How Microsoft Secure Score works
The tool assesses both Microsoft products, including Office 365, OneDrive for Business and SharePoint, and third-party software and apps. They are planning to add other products as time goes on.
It then assigns a numeric score to each area it looks at. Performing security tasks such as report viewing or configuring a recommended security feature will earn you points, as will improving security on any non-Microsoft tool.
Secure Score will give partial points if improvement actions are completed for selected users, although in some cases you will only receive points when the action is fully completed, and it varies depending on what that action is.
What that means is if your results show you need to protect all users with multi-factor authentication, for example, but you only protect 5 out of 100 users, you get a total score of around 2. Turning on a certain setting or creating a new policy, on the other hand, gives you full points.
Scores are updated in real-time as changes and improvements are made, and daily syncs allow Security Score to receive system updates so it can track progress. Microsoft highlight that “security should be balanced with usability, and not every recommendation can work for your environment.”
Why use Secure Score
Using Microsoft Secure Score gives you access to metrics and trends and allows you to compare your scores against similar organisations to your own. It integrates with other products from its own range, and updates when third-party solutions have made improvements.
Furthermore, once you have a clear picture of your security posture, you can then work to improve it. Secure Score lets you compare with existing benchmarks and set KPIs (key performance indicators). It also provides ‘discoverability, visibility, guidance, and control’.
What to do once you have your results
Once you’ve got your Security Score, Microsoft gives you recommendations on the steps you can take to protect yourself from threats and helps you to implement those into your systems.
The next step is to prioritise the updates and improvements that are the most essential to your business, and Microsoft will walk you through this. If you have an internal IT department, they may decide to manage changes. Alternatively, if you work with an external IT support partner, let them know you’re using Secure Score and ask them to get involved with the change process.
Depending on where you are now and how much you need to do to improve your security, there could be considerable costs involved. Make sure you do your research before making any changes so you know what to expect.
Also, work out how long it will take to implement these changes. You want to keep disruptions to a minimum and ensure business as usual wherever possible, so look at staggering the updates through the various departments within the business, or updating servers at the weekend.
If you would like to discuss how to get started with Secure Score, or have any other questions about this blog post, get in touch today! Our dedicated team is on hand to help you with any queries.