Our Work

A Cloud Services Roadmap to Secure Digital Transformation 

Defence

Our client needed to adopt technology that would facilitate remote communication and collaboration between team members.

Our clients vision included:

  • Establishing a modern organisation leveraging secure cloud-based services
  • Focusing on highly collaborative experiences

The strategy for enabling this vision included:

  • Consolidation and integration of systems to increase visibility and reduce gaps caused by layering “best-of-breed” systems
  • Enabling efficiencies related to the cost of disparate tooling
  • Ongoing operational efficiencies by consolidating the skills required to support the business operations
  • Secure collaboration with a focus on mobility services to enable productivity regardless of location
  • Identification of systems and services not compatible with this vision and establishment of a roadmap for their transformation

With a strong shift towards optimising operations our client had to balance performance and risk against cost.

Our client selected and purchased Microsoft M365 as a key part of the technology framework required to achieve their vision. Chamonix was subsequently engaged to help the client on their journey to realising this vision and to assist in shaping a more modern workplace that could respond to ongoing flexible work requirements. Our brief was to provide our client with a roadmap for the adoption of Cloud Services with an initial focus on leveraging capabilities within the M365 E5 suite including Exchange Online, SharePoint Online, One Drive for Business, Power Platform, Intune / Microsoft Endpoint Management and Defender 365 in a safe and secure manner. As a defence customer there were accreditation requirements to maintain their Defence Industry Security Partner (DISP) credentials.

Chamonix was engaged by our client as they were seeking a trusted partner with a track record of delivering secured cloud services within a defence context.

Our Approach

The first step was for our team to engage with the client’s teams and stakeholders to assess the different scenarios and implications of shifting to these cloud-based applications. Our process included carrying out a series of workshops with key stakeholders covering the business intentions and priorities, and how these changes could be implemented to maximise their capabilities and reduce duplication of services.

The Chamonix team also conducted workshops with the client’s technical teams to gain greater understanding of their existing operational and technical environment. Teams that were consulted in this process included

  • Security team – Identity and access control, incident detection and response, endpoint security and data loss prevention
  • Compliance team – Sensitivity labelling, protective markings and eDiscovery
  • Desktop deployment team – Desktop platforms and deployment tools, mobile device management
  • Onsite SharePoint management team – Existing portals and content management
  • Exchange team – Mailboxes for messaging, calendar, tasks, contacts and archive retention

During the workshops we worked with our client to identify different usage scenarios. As part of considering these usage scenarios we worked with the business, IT and security teams to identify the types of work that would be permitted and the security and access implications of allowing these types of work across each usage scenario. Factors considered included:

  • Devices
    • Client owned or BYOD
    • Managed or unmanaged
    • Windows, OSX, iOS, Android
  • Network
    • Corporate Network
    • Corporate Cellular
    • Personal Cellular
    • Trusted Wifi
    • Untrusted Wifi
  • Users
    • Corporate
    • Contractor
    • Guests / External

Our Recommendation & Solution

Following our assessment of the capabilities and constraints of our client’s business, we presented a four phase ‘roadmap’, that would guide them to make the transition securely and successfully to Microsoft 365. Security considerations were an integral part of any proposed transition, due to the classified nature of documents and materials within the business, with much of the first phase being dedicated to ensuring the appropriate controls were in place prior to adoption.

The phases of the transition were as follows:

Enablers: The first phase was about ensuring that the necessary security and governance was in place before commencing the transition. Recommendations included:

  • Establishing appropriate governance structures and controls
  • Identity and access management including risk detection and response, privileged account management, lifecycle management, audit and external collaboration
  • Endpoint security through the implementation of Microsoft 365 Defender suite of capabilities for detection, response, authorisation and access control
  • M365 core platform security compliance including Defender, Information protection, Retention policies and labels, eDiscovery, Lockbox, information governance, data loss prevention and conditional access

The establishment of boundaries to shape staff behaviours, and a cultural shift towards personal knowledge of and accountability for security matters was recommended when transitioning to the target flexible work.

Adoption of the identified platform: Once the enabling controls had been implemented, the next stage would be to provide support and training materials to the organisation to implement hybrid capabilities for Exchange Online, SharePoint and Intune / Microsoft Endpoint Manager to facilitate migration activities. Adoption also includes introducing additional platforms and features including:

  • Power Platform (BI, Apps, Automate, Virtual Agents, On-Prem Data Connectors)
  • SharePoint & OneDrive for Business
  • Teams features
  • Additional M365 features including Bookings, Delve, Forms, Viva, Stream, Planner, Yammer


Migration:
This phase recommends migrating Exchange and SharePoint services to the cloud-based Microsoft 365 suite. This would involve working with the on-premises Exchange and SharePoint teams to make the switch to online versions of Exchange and SharePoint and OneDrive for Business. Adoption of hybrid / modern deployment approaches using Microsoft Endpoint Manager is a key component along with broadening endpoint management to provide secure mobile access to applications from additional device types including Apple iOS / iPadOS and authorised Android platforms.

Continuous Improvement: The governance controls introduced in the Enablers phase and reinforced through allocation of responsibilities to operational support teams through the adoption and migration phases implements a continuous improvement framework. This is actively monitored by the cloud steering committee including interaction with operational support teams, and updated to reflect business priorities.

Ready to Shape the Future of Your Business?

Let us help you navigate the path of digital transformation.

Get Started