Our client is one of the largest port groups in the UK, handling tens of million tonnes of cargo per year and welcoming a significant percentage of the UK’s total port traffic.
In 2023, they were looking to improve how their organisation handles data protection, data privacy and compliance with industry standards. They were also looking to deploy a Microsoft Purview labelling solution to help enforce protection settings around their sensitive data.
The Challenge
Due to their critical role within the UK’s supply chain, our client processes large volumes of sensitive data which must be secured to a high standard and in compliance with relevant data protection legislation. With multiple port locations across the UK and thousands of employees, this required a Purview deployment that would allow our client to:
Locate and identify data within their cloud and on-premises environments.
Identify if any on-premises servers contain sensitive information on their drives.
Identify any instances of data being misused or overshared.
Implement access control across SharePoint and OneDrive accounts to secure any sensitive information.
Restrict email permissions to ensure sensitive information was not sent externally
The Solution
To ensure they were able to deploy Purview with all the necessary capabilities, our client was looking for a partner with significant experience in both critical national infrastructure sectors and working with Microsoft security products.
Following this process, our client determined that Bridewell was best suited for the project. This choice was based on our experience delivering some of the UK’s largest deployments of Microsoft Security Solutions, status as a verified Microsoft Security Solutions partner with specialisms in Cloud Security, and data-privacy led approach.
Working alongside key stakeholders within our client’s organisation, our Cloud Security and Data Privacy teams worked together to implement a solution that labelled data across Microsoft Exchange, OneDrive accounts, SharePoint sites, Microsoft Teams, and calendar items. A default label for all files and emails was configured, requiring the user to always label their created items as well as emails sent. Bridewell also implemented an automated process for labelling sensitive data at rest.
The Results
Having completed the project and deployed Purview, our client now has policies and controls in place to ensure that all data within the organisation is protected appropriately and any data risk has been minimised. These policies do not interfere with their day-to-day operations but support their ways of working, allowing them to operate with confidence that data is secure and that they are complaint with relevant data privacy legislation.
