Assurance of Cyber Security Compliance

Major German law firm

Assurance of Cyber Security Compliance

Conducting a successful M365 landscape security assessment

The Challenge

An internationally active major law firm based in Germany enlisted the help of Eraneos to help it transform its application landscape – which consisted of a multitude of special legal tools and on-premise solutions – into a more secure M365-based setup. 

Assurance of cybersecurity compliance through continuous assessment of an M365 landscape against a self-compiled security requirement framework 

The approach

We kicked off the project with an M365 transformation project that would run in parallel to multiple IS transformations, creating a need for close interaction. We established that an ongoing assessment was required to ensure security could be continuously integrated into the transformation. With relevant security laws in mind, namely (GDPR, StPO§53) standards (ISO27k Series, BSI), and best practices (CIS Controls), we consolidated all relevant standards to an assessable set of requirements.  
Alongside this, we offered a continuous assessment of all developed concepts (Identity, MS Teams, One Drive Client, Defender for Endpoint, etc.) including results presentation and discussion. 

The result

With our help, the law firm created an appropriate assessment framework consisting of relevant standards and security best practices. We also implemented continuous execution and presentation, helping to find discussion of security assessments of all concepts against the framework.  
Requirements for adjacent IS projects were also determined, documented, and regularly discussed throughout the project. 

Let’s create sustainable change together.