Partner of:
In a previous article “Building your Security Toolset”, we explored how you can start to scope and build out a cybersecurity toolset for you company. We put Microsoft centerstage, and showcased how their products are able to address the challenges many businesses face with their cybersecurity. However, it’s no doubt that many businesses owners may leave knowing what they need to do but have no idea how do it. Even worse, they may read about Microsoft security tools and be met with hesitation and criticism on the complexity of the tool. Despite this, mastering Microsoft’s security tools is likely the best bet for protecting your organization and maintaining cybersecurity, and overcoming the learning curve may not be as difficult as its been made out to be.
Microsoft has been hard at work developing their cybersecurity capabilities when interacting with their services and operating systems. While many people are accustomed to needing to do things like installing an antivirus on Windows, the truth is Microsoft in modern times has been baking robust security into a lot of their product offerings for some time now. From the built in Defender antivirus in Windows to Security Defaults in anew Azure tenant, Microsoft has been on a steady trajectory of providing more and more security functionality by default. Gone are the days of Microsoft having unsecured services which require users to step in to secure with 3rdparty tools; now Microsoft’s inbuilt protections are handedly surpassing those tools and shepherding organizations towards secure decision making.
Despite the benefits they offer, Microsoft security tools are often met with hesitation and criticism due to their complexity. Many people find the learning curve associated with these tools to be steep, and it can take time to fully understand their capabilities. On the surface, it may seem like a valid criticism. However, lets really take a step back to analyze where this confusion is coming from: configuration and management.
This could certainly be the case if you are coming from ground zero, as many businesses are. In the world of cybersecurity, complexity takes a different meaning than most fields. In the medical field, a complex lifesaving device may mean spending time you don’t have when lives are on the line, and that speed impact due to complexity can be life or death. However, with our cybersecurity, taking the extra time to understand the complexities of how to properly setup the environment is worth the time. From personal experience, many tools which promise “touchless setup” are either overly permissive or so restrictive the business gets suffocated. There is no shortcut to tailoring a security deployment, and is it really fair to equate tailoring the solution to the business as “unnecessary complexity”? I certainly don’t think so.
It’s no surprise that we don’t all wake up knowing how to manage our organizations cybersecurity. For Microsoft, this comes in the form of understanding how to navigate across key portals such as Active Directory, Intune, Purview, Security and Compliance, and the Admin center. While this may seem like a lot of portals, think of how each of these portals are managed from a central location and have a common design language. Having come from the world of multiple security vendors in one organization myself, understanding how different tools organize information was one of the largest hurdles to increasing my understanding. Microsoft has done a tremendous amount of work making the design and operation across portals consistent. I don’t think it’s right to say mastering the navigation is impossible given that the portals they provide are not only similar in design language, but even include links to one another as they are under the same centralized management.
We know that Microsoft is offering a comprehensive solution to our cybersecurity problems, and what we essentially need to bring to the table is time to learn and operate the tool. To make this as painless as possible, here are some solutions to help us get on board with Microsoft as soon as possible.
The quickest and most comprehensive way to ensure a deployment with Microsoft is done correctly is to approach it just like any other project. We know complexity isn’t inherently bad, it just means we need to take care of configuring items the right way and in return we will be rewarded with a well-integrated and useful configuration. Finding members of the organization who are willing to put aside time to learn the customization options available and present the findings to the applicable managers is the right way to perform this. If you have constrained human resources, finding a solution provider that can help guide you through the configuration in a project-management style implementation, such as Sittadel’s 10-Week Security Essentials Configuration, will ensure the right boxes get checked and management is involved at every step to tailor the deployment to the business needs. Remember, the “touchless setup” offerings of deployment without customization will put us right back at the starting line. Customization is key to proper deployment.
No skill comes without instruction and practice. Believe it or not, managing cybersecurity tools can be seen as much as a skill as it is a task. The best way to learn these skills are by talking with knowledgeable experts and learning through getting your hands on how-to guides. While we aren’t going to go out and proclaim the Microsoft knowledge base is easy to read and follow (Even our engineers say they are dry. Ouch…), there are alternatives to get you up to speed quickly. Resources such as the Sittadel Knowledge Base provide guidance for operating Microsoft security tools, which outlines how to perform the necessary tasks to keep the configuration running smoothly. Having concise and accurate guidance to help understand what needs to be done goes a long way to helping you become a master in no time.
In its current state, Microsoft is offering a comprehensive way to manage your organizations cybersecurity. Their commitment over the past few years to incorporate more and more security into their consumer offerings gives a strong signal they believe in enabling cybersecurity for their customers. Combined with the fact that new security features are continuously being released, Microsoft is the right choice for a large majority of organizations. The common criticisms aimed towards Microsoft’s security services such as complaints with complexity are not show-stoppers, but merely indications that organizations are still getting used to adopting secure business practices. Through thoughtful configuration and concise documentation, the widely viewed “hurdles” of adopting Microsoft can be easily vaulted. As business owners, we shouldn’t let what is perceived to be a challenge dissuade us from making the right decision in the long run, and achieve that security that is essential for our organizations.
Copyright © 2022 Security Connections. All rights reserved.
