A medium-sized management consultancy with an excellent customer base has been using Microsoft SharePoint and Office365 in the cloud for over 10 years. Another application is MS Teams. Triggered by the stringent data protection and IT security requirements of a major customer, one of the senior partners has doubts about an adequate level of information security.
On the basis of the initial situation described above, Lenotti Advisors was commissioned with an audit regarding IT security, the exchange of data with customers via cloud platforms, the structure and management of its own cloud data repositories. Testing for GDPR compliance was part of the mandate. The audit resulted in around 70 recommended measures in the areas of rights management, network security, access control, general data protection regulation, patch management, network configuration, securing access to cloud resources using 2-factor / multi-factor authentication and the introduction of a virtual private network coupled with intrusion detection / intrusion prevention systems. As a result of the project, the customer’s requirements were met and the company’s IT security was massively increased.