Secure data storage solution for ORX using advanced Microsoft 365 features
ORX is the largest operational risk association in the financial services sector. Since 2002, they have been supporting the global risk community to exchange consistent industry data, share ideas through networking events, benchmark against their peers and ultimately advance the operational risk discipline. Today, ORX represents over 100 financial institutions. Due to the sensitivity of their members’ data, ORX wanted to implement information management systems based in Microsoft 365 to ensure greater control over data within a modern collaboration platform.
Intelogy engaged with ORX to provide a secure data storage solution for highly sensitive research projects. With access to the features of Enterprise Mobility and Security, the solution encompassed multiple services across Microsoft 365 including sensitivity labels and a custom auto-labelling utility to protect and control data when it leaves the Microsoft 365 content service.
During the engagement we also provided consultancy around Azure Active Directory (AAD), AAD Conditional Access, Intune, and application protection policies, to prevent access from unauthorised apps or devices. This also included implementing data loss prevention policies to avoid sharing data with external parties through SharePoint Online, Microsoft Teams and email.
ORX day-to-day operations required a stable, robust and secure technical solution, within Microsoft 365, to securely store and process information, with an intuitive user experience and assurance against unauthorised or accidental disclosure. It was also necessary to replace the use of file servers to store and process information, delivering improved efficiency and security whilst also reducing the risk of data loss.
Intelogy started the engagement with an initial discovery phase with the Technical and Research teams at ORX. Our consultants hosted a series of workshops to capture the requirements for the secure storage solution that would support their research projects.
Following completion of the first phase, and based upon the requirements captured, a prototype was constructed to demonstrate how the capabilities of Microsoft 365 could be configured to provide an end-to-end solution, allowing the Research team to visualise how the platform could be used as an integral part of existing processes.
The proposed solution used the team working features of Microsoft Teams to provide a workspace for collaborating on research projects. The underlying SharePoint content service stores project-related data securely, in a structured format to complement existing processes. A provisioning mechanism ensures a repeatable, consistent creation of project Teams based on a defined content and security template, and an associated SharePoint hub site provides an entry point to discover, search and request new project Teams. Although Microsoft 365 is available anywhere on any device by default, conditional access features of Azure Active Directory were configured to restrict access for guests.
Content does not always remain in its original location where security measures can be enforced to protect who can and cannot access it. This means that the ability to protect data once it has left ORX’s environment was particularly important. Microsoft 365 sensitivity labels were applied to files stored within the project Teams to protect content should it be moved from the Microsoft 365 environment.
Intune app protection policies
To protect sensitive data in the event it resides in a mailbox, Intune app protection policies will only allow access to ORX mailboxes when using the Outlook mobile app for iOS and Android from non-managed devices.
Data loss prevention policies
ORX highlighted that they had a requirement to prevent highly confidential content from being shared with external users. To meet this requirement, we used a combination of data loss prevention policies and mail flow rules.
In collaboration with the client, Intelogy built a “best of breed” secure cloud data storage solution for the Research team at ORX. The combination of sensitivity labels and security features available through Microsoft 365 makes this a seamless, integrated experience that enables the team to receive, process and analyse data, providing additional confidence that the security boundaries in place are keeping sensitive and confidential data safe and secure.