With more than 800 offices across 28 states, this national optometry practice and eyeglass retailer empowers patients to live their lives by providing comprehensive eye care and an expansive selection of eyewear solutions. The client needed to better understand their security vulnerabilities across parts of their 0365 and Azure environments. Tallan’s Security Assessment included a review of the current security policies and areas most vulnerable to attacks, like user identity and endpoint security gaps. This assessment specifically focused on DLP (Data Loss Prevention) and moving to a Zero Trust infrastructure. Tallan made informed recommendations on how to modernize this organization’s security posture, and reviewed costs to remediate any security gaps in a high, medium, and low hierarchy.
Data and Analytics, Cloud
Bringing Security into Focus.
- In order to help this client better understand how the Azure Security Center fits into their objectives, Tallan began with a series of educational workshops covering Zero Trust and cloud adoption best practices.
- Workshops included a scope and objectives discussion, a 2-day Ready Govern (Cloud Adoption Framework) workshop, and a workshop centered around Azure Security Center.
- These knowledge sharing and review sessions worked to define the scope of essential security tools, frameworks, and best practices.
Resolving 135,000+ Instances of Data Loss Prevention Risk.
- The client was specifically concerned with preventing data loss because of HIPAA compliance requirements. Tallan conducted a holistic assessment of their environment, including servers, desktops, operating systems, and aging hardware.
- to identify gaps. Tallan identified security risks through analyzing Defender for Cloud Secure Scores, Microsoft 365, Identity Secure Score and Azure Policy. The Secure Scores were reviewed to better their security posture, and Defender alerts were reviewed to demonstrate possible gaps in the security of the client’s infrastructure.
- Throughout this 2-week engagement, the Tallan team assessed 874 Active Directory guest users, 541 total resources, and 1,267 Azure policies.
- Tallan found, from a DLP perspective, this client had over 135,802 instances of classified data points, such as Social Security and Driver’s License numbers. There were three inactive DLP policies in place prior to Tallan’s engagement, meaning, that if there was a breach, the client would not have been notified.
A Clearer Strategy.
- To close the engagement, Tallan and the client’s team reviewed recommendations to modernize their security posture. This included the full remediation of all uncovered security gaps.
- A customized plan forward included reference architecture for Azure services, cost analysis, and ongoing Azure costs consumption estimates.
- With a tested framework in place, the Azure technology that aids in our client’s provision of personalized eye care experience through trusted local optometrists is much more efficient and secure.