South African cloud solution provider and Microsoft partner InfoVerge has implemented Microsoft Sentinel and a series of interventions to improve the security posture and governance of a national healthcare professionals’ association.
InfoVerge has assisted the professional body to better mitigate both external and internal risk and become compliant with national security and data privacy regulations, through a comprehensive approach to improving security.
Itumeleng Chuene, Chief Revenue Officer at InfoVerge, explains that the association had sought to improve security and governance after an audit found room for improvement. “As a regulator for healthcare professionals, the association manages accreditation and personal information, so they needed to improve controls to remain trusted and relevant,” he says.
However, the body had a limited understanding of the extent of the requirements for appropriate risk mitigation.
Chuene says: “The customer is a mid-sized enterprise with around 250 users. From a budgeting perspective, they aimed to simply tick a box for compliance purposes. However, the services they initially specified amounted to having a security guard on duty only twice a week. We explained that security needs to be comprehensive and around the clock to be effective. Because of our flexibility, we were able to recommend solutions that would meet their requirements and improve governance, within their budget.”
He explains that the customer was an existing Microsoft customer, and therefore InfoVerge proposed implementing Microsoft Sentinel monitoring, along with regular vulnerability assessments, penetration testing and staff training.
Skhumbuzo Mjoji, Chief Technology Officer at InfoVerge Solutions, outlines InfoVerge’s approach: “First of all, we assessed their existing governance, risk and compliance policies. Following that, our partners carried out penetration testing and user security awareness training, which included phishing simulations. During the implementation, we assessed their network and implemented Microsoft Sentinel cloud-native SIEM to ingest security-related information from all computers and servers, and then analyse that information.”
Microsoft Sentinel provides attack detection, threat visibility, proactive hunting and threat response to help organisations stop threats early.
The ongoing vulnerability assessments and monitoring allow the organisation to monitor the environment more closely, and take a more proactive approach to security. It also supported an improved audit outcome.
Mjoji adds that while user awareness training was not specified as an initial requirement, InfoVerge highlighted its importance. “We deliver a comprehensive solution, ensuring all the necessary processes and components are in place. As a result, staff awareness improved and the organisation has not had any breaches since the implementation.”
Chuene notes: “Inasmuch as many people think of security for external factors, the biggest risk is often internal. When there’s no proper change management, training or awareness, employees can become a huge risk for the organisation. So part of our service is to ensure there's proper change management and awareness training so employees understand the risks and what they need to do to protect the environment.”
InfoVerge hosted a webinar in February at which it outlined its security solutions tailored for the health sector and government entities, and where it highlighted this case study and others. The session provides valuable insights into leveraging integrated Microsoft security tools to enhance infrastructure and data security, and support compliance with POPIA and HIPAA.
You can view the webinar here.
Share