Microsoft Purview

Protect and manage data wherever it resides within your organization by implementing Microsoft Purview for information protection and data loss prevention.

A Data Governance Approach to Microsoft Purview

Why Microsoft Purview with Bridewell?

  • Implementing Microsoft Purview for Effective Data Governance and Compliance: Our approach to implementing and deploying Microsoft Purview is driven by data governance, with a focus on ensuring your organization is compliant with relevant data privacy regulations. Our Microsoft, Cloud, and Data Privacy experts will work alongside you to understand regulatory risks within your environments and remediate them through Purview’s data, compliance, and governance capabilities.
  • Expertise in Cloud Security and Threat Protection with Microsoft Purview: As one of Microsoft’s leading cybersecurity partners, our team are designated solution partners for Security. We hold specialisms in Cloud Security and Threat Protection and have extensive experience in deploying Purview for some of the UK’s largest and most highly regulated organizations.


Purview Blog 680 x 400px Thumbnail

The Benefits of Purview

Our team will help you deploy Microsoft Purview quickly and effectively, so you enjoy the following benefits. 

 

 

card icon

Identify Risks to Your Data

Assess your current data privacy programme for any ongoing risks.

card icon

Identify Risky User Behaviour

Identify any user behaviour that risks non-compliance or a data breach.

card icon

Achieve Best Practice for Data Protection

Meet relevant requirements for regulatory compliance and industry best practice.

card icon

Ease the Pressure on Your Security Team

Our SOC team will take on responsibilities from your in-house security team, allowing them to dedicate time and resources to other activities.

Manchester Airport Group (MAG) sees more than 60 million passengers flying through its airports including Manchester, East Midlands and London Stansted each year. And with threats against critical national infrastructure increasing, having best-in class cyber security is paramount.

As the largest UK owned airport operator, MAG requires continual security monitoring of all its technologies, including servers, networks and end-point devices. For several years it had outsourced its security operations centre (SOC), including continual monitoring, to a third-party security provider. However, in March 2020, with the initial contract coming to an end, it became increasingly apparent that the current security set up was no longer fit for purpose.

The incumbent provider wanted to move MAG to a different technology platform which would require substantial CAPEX upfront and result in an increase in operating costs. MAG needed to find a solution that better met the group’s future needs and could provide a more cost-efficient and effective way of strengthening its security operations and safeguarding the business from increasing cyber threats.

Finding the Right Partner​

Setting up the outsourced SOC had previously been a gruelling project and the thought of taking on another project of this scale was daunting for MAG, especially in terms of the time it would take. The company recognised it needed support and sought advice from peers across the UK aviation sector. Following conversations, Tony Johnson, Head of Cyber Security Operations at MAG, was invited to a conference at a leading UK airport that had undergone a similar transformation and migration. It was here that he learned about the airport’s own journey building a more modern, agile outsourced SOC with Bridewell as its security partner. The peer airport had moved away from a fully outsourced SOC and worked with Bridewell to deploy a new SOC technology stack which is a blend of Microsoft Sentinel and Microsoft Defender XDR. Johnson was impressed by how much was done in such a short amount of time, including onboarding new services. “The team spoke highly of Bridewell,” said Johnson. “Bridewell represented themselves very well when we met them there. We had a really productive conversation and could have easily mistaken them for our peers own in-house security team as they had so much knowledge of the business and its infrastructure.”

Getting the Project off the Ground​

The progress that had been made at the peer airport and the strong relationship between the airport operator and Bridewell put Johnson’s fears to rest concerning the scale of the MAG project. Using the model Bridewell had developed with the Microsoft Defender XDR and Microsoft Azure Sentinel stacks, Johnson got to work on the business case for the new SOC.

He engaged Microsoft to develop a pilot SOC solution, funded by Microsoft, however, they too stressed the importance of having the right cyber security partner involved. Johnson already had Bridewell in mind.

“We had the technical capabilities to do this on our own, but we wanted to work with a company that had been there and done that. We knew that Bridewell had the relevant experience in aviation as well as ASSURE accreditation so could avoid the pitfalls and complications which can arise in this sector,” said Johnson.

 

Because of the previous experience outsourcing their SOC, MAG wanted to change its delivery model from a fully outsourced setup to a hybrid approach that would enable more autonomy over its protection. It wanted to keep some capabilities in-house in order to benefit from the understanding of the business and context the in-house team brings, while leveraging Bridewell’s expertise to design, implement and operate its security infrastructure, as well as train internal teams.

A two-tiered solution was agreed, keeping some security operations in-house while Bridewell ran the company’s 24/7 monitoring facilities. This enabled MAG to benefit from a state-of-the-art security without having to build their own entire security operation.

Once Bridewell understood MAG’s business objectives, an assessment phase took place in which Bridewell performed a gap analysis, followed by a design phase where it looked at the resources already available within MAG and highlighted any additional resource, technology and processes required to make the transition a success. With a significant percentage of MAG’s staff furloughed due to the pandemic, resource was a challenge. However, Bridewell was able to fill any gaps and keep the project running smoothly and, crucially, on-schedule.

 

A Resounding Success​

The initial pilot period lasted eight weeks and was a resounding success. It was completed ahead of deadline with all success criteria met and delivered in budget with no additional spend beyond what was already committed with the incumbent provider.

“Bridewell really impressed us with how organised they were when it came to getting the pilot SOC underway and they drove the team which was exactly what we needed,” said Johnson. “There was no reason not to take it to the next stage.”

Phase one of the rollout needed to be completed by Christmas Eve which was when the existing contract with incumbent provider ended. The incumbent provider had 70% coverage of MAG’s estate and MAG wanted to achieve the same target by the end of phase one. “Bridewell was completely successful in meeting the target and we had exceeded the 70% coverage,” said Johnson. 

Bridewell also provided a dedicated SOC analyst who acted as an honorary team member, sharing the skills and knowledge with MAG’s internal team to give them the best success in running the SOC in-house. This resulted in significant cost savings by removing the need to invest heavily in training with an external provider.

Phase two was completed in March 2021 and Bridewell’s SOC analyst and hybrid team has been in place ever since helping the MAG team move forward and providing expert guidance to instil the in-house team with confidence in running the SOC.

Enhanced Visibility and Protection​

Thanks to MAG’s partnership with Bridewell and Microsoft, the airport group has seen a major improvement in its security setup across the organisation. The group now has better application security and visibility, including a greater view of its security infrastructure, enabling the team to respond to threats across the kill chain in minutes.

Prior to working with Bridewell, MAG only had 70% visibility of its estate and could only see 5,000 events per second. Since the transition, MAG now has visibility of 80,000 events per second and over 95% of endpoints and servers are visible to the SOC. MAG’s team were also flooded with a lot of unnecessary noise from the incumbent provider which would constantly notify them of potential issues detected. It would be down to the MAG team to investigate the issues which often turned out to be normal behaviour and required no action.

“We’re very confident that we’re delivering a better service internally than the incumbent provider ever could. We can see the outcomes. We can see the incidents that are getting raised and that we’re solving,” said Johnson.

MAG has seen the biggest impact in dealing with phishing attacks. Like many organisations, MAG has experienced a significant increase in phishing attacks over the last 12 months with attackers continually trying new approaches to trick employees into opening malicious links. The previous solution would entail a lengthy manual process that required MAG to contact other internal technical teams to undertake tasks every time a phishing attempt was reported. However, the new SOC automatically spots phishing attempts, checks that nobody in the organisation has clicked the links, and removes threat from inboxes across the organisation.

The organisation had also been considering a SOC assurance audit from a third party to demonstrate the strength of the new solution, but initial conversations with assurance providers revealed this would be costly and time consuming. And with the positive impact of the new Bridewell solution so clear, senior stakeholder within MAG deemed that an assurance audit was not necessary.

Start your Microsoft Purview Journey with Bridewell

Speak with one of our consultants to see how we can support your organization with Microsoft Purview.

man staring at code

How it Works

Data governance isn’t just about technology, but how organizations use, process and secure data. Our Purview deployments prioritize understanding how your employees handle data so we can implement policies that support their ways of working.

 

Data Discovery 

Our cloud security and data privacy teams will hold discovery workshops to understand:

  • Your current approach to data classification, retention and data loss
  • Any challenges with how your users access and share data
  • Your goals with Purview

Our team will review your current approach against applicable data protection legislation and best practice standards.

Any areas of non-compliance or data risk will be highlighted immediately.

 

Design and Implementation

Based on our findings, we will recommend updates to relevant policies and provide a test deployment of our proposed labelling solution to address these shortcomings.

This test deployment ensures there is no risk to your current operations and allows our team to optimize your Purview deployment before it is moved to a live environment.

Why Us?

card icon

180+ Security Specialists

Our team have diverse experience across sectors and disciplines, and hold accreditations from numerous industry bodies.

card icon

Certifications

Our people and services are highly accredited by leading industry bodies including CREST, the NCSC, and more. Our SOC holds extensive accreditations from CREST (including for CSIR and SOC2) and works closely with our cyber consultancy services.

card icon

Partnerships

As a Microsoft Partner, we also hold advanced specialisms in Cloud Security and Threat Protection. We’ve also implemented some of the UK’s largest deployments of the Microsoft Security stack, inc. Sentinel, Defender, Purview and more.

Accreditations and Certifications

Our cybersecurity consultants and services are globally recognized for meeting the highest standards of accreditation and have leading industry certifications.

Accreditations - Other