As the charitable arm of Derby County Football Club, Derby County Community Trust (DCCT) aims to improve people’s lives using the power of sports. Creating meaningful experiences for people of all ages and abilities is more than just fun and games, though. DCCT is serious about protecting sensitive information about its members and the organizations it works with every day. With Microsoft Azure Active Directory, Microsoft Defender for Office 365, and Microsoft Endpoint Manager, DCCT can now secure its data and devices while reducing costs and inefficiencies to maintain that pact.
“Enabling a Zero Trust approach with the strong authentication of Azure AD and endpoint management of Microsoft Endpoint Manager ensures the high level of security and compliance DCCT requires.”
Jake Wright, Senior Customer Journey Specialist, Bam Boom Cloud
Enhancing lives and communities through sports, physical activity, health, and education opportunities has been the cornerstone of Derby County Community Trust (DCCT) and its mission since 2008. Even during the COVID-19 pandemic, the United Kingdom–based charity ran more than 40 different projects, reaching more than 7,700 online participants and boosting their physical health and emotional wellbeing—even from afar. Its caring approach is a key part of its culture. So when one of its employees was the victim of a phishing attack, DCCT jumped into action to ensure the organization and its constituents were protected.
When the phishing attack occurred, Simon Carnall, Head of Community at DCCT, reached out to Microsoft Partner Network member Bam Boom Cloud, technology advisors that work with small and midsize businesses to deliver IT solutions that help them grow and innovate. Bam Boom Cloud understood the security and cost challenges the organization faced. Carnall and Jake Wright, Senior Customer Journey Specialist at Bam Boom Cloud, reviewed how each department functions and envisioned how DCCT might operate more securely in the future. To turn that vision into a reality, Bam Boom Cloud focused on deploying best-in-breed cloud security technology to address today’s threat landscape while reducing unnecessary costs and inefficiencies.
To determine existing vulnerabilities, Bam Boom Cloud explored how the organization’s current technology was set up, from its password policies and use of third-party security products to detailed Microsoft reports that identified DCCT users who had been most frequently targeted through phishing campaigns. Afterward, Wright met with Carnall to review their findings and recommendations.
Wright proposed deploying four Microsoft security and compliance technologies available with Microsoft 365 for identity management, advanced threat protection, data loss prevention, and device security to empower the organization to fully achieve its security goals. Wright also demonstrated that DCCT would quickly save money and gain efficiencies using the advanced features available through Microsoft 365 and decommissioning several third-party solutions.
Managing identity across the device estate
Among the first challenges DCCT identified was the need to ensure all employees signed in to its internal system securely, regardless of their location. Its current workforce could easily create and deploy simple passwords, which were easy to guess and made the organization vulnerable to bad actors. Since the core of their work required employees to be on the road, visiting schools and colleges, DCCT needed technology in place to help them do their jobs more efficiently, effectively, and securely.
“We wanted all employee devices, along with our entire device estate, to be compliant, secure, and centrally managed,” explains Carnall. “DCCT handles a lot of information on behalf of schools, colleges, and other customers. It’s essential that information is classified appropriately and is kept secure.”
With Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra, DCCT can manage identities and control access to applications and documents across the environment. Now, using multifactor authentication, DCCT employees are required to provide a second form of identification before signing in. DCCT also employs Conditional Access to safeguard access to its data and applications while maintaining simplicity and ease of access for its workforce. Finally, DCCT employees can change or reset their own passwords, without the extra time and cost of an IT administrator to provide assistance. Bam Boom Cloud also recommended adding corporate branding to the organization’s Office 365 portal. This makes the portal easily recognizable and more difficult for imposters to mimic when employees need to access the self-service password reset tool.
Adopting a Zero Trust framework
With Azure AD combined with Microsoft Endpoint Manager, DCCT can adopt a Zero Trust approach to security. Rather than assume that all the information behind a corporate firewall is safe, a Zero Trust model assumes a breach has occurred—and it verifies each request as though it has originated from an open network.
“Enabling a Zero Trust approach with the strong authentication of Azure AD and endpoint management of Microsoft Endpoint Manager ensures the high level of security and compliance DCCT requires,” explains Wright.
Adopting Microsoft Intune, which is included in Microsoft Endpoint Manager, DCCT can access cloud-based mobile device and mobile app management. Now the organization not only knows who is using which endpoint, but it can automatically push the latest software updates to all endpoints, ensuring all devices have the most up-to-date security patches.
With Intune, DCCT can remotely manage how employees use their connected devices, including cell phones, tablets, and laptops. After enrolling all of the organization’s devices in the Intune management portal, DCCT now has centralized antivirus policies and patch deployment, enforced BitLocker encryption, the ability to remotely wipe devices (if an employee device is lost or stolen), encrypted organizational data, and enforced multifactor authentication on all mobile devices using Outlook.
Defending data with advanced threat protection
Next, DCCT deployed Microsoft Defender for Office 365 with its advanced threat protection to identify and act on malicious links or files. Using Defender for Office 365, DCCT is better protected from threats coming through email messages or links contained in phishing attacks, malware, and spam. And it extends this protection to collaboration tools employees rely on, including SharePoint, OneDrive, and Microsoft Teams.
To ensure an added layer of protection, Bam Boom Cloud configured and enabled Safe Links and Safe Attachments, features in Defender for Office 365, providing time-of-click URL and attachment scanning of all inbound messages. DCCT now uses DomainKeys Identified Mail and Domain-based Message Authentication, Reporting, and Conformance, both email authentication protocols, to identify and prevent domain and email spoofing in Exchange.
Protecting sensitive information
Finally, DCCT implemented a unified data loss prevention approach to protect sensitive information and prevent its inadvertent disclosure. This approach to sensitive data enables the organization to identify, monitor, and automatically protect this information across Office 365. By configuring data labels to categorize data sensitivity and creating data policies to determine how sensitive data is handled, DCCT is better able to prevent sensitive data from being sent outside the organization.
“Bam Boom Cloud rolled out all the Microsoft security and compliance packs in about three weeks,” explains Carnall. “Given the speed and efficiency of the implementation, we were able to benefit from the cost-savings almost instantaneously.”
With Microsoft 365 security and compliance technology, DCCT is now empowered to fully realize its security goals across its entire device estate. The rapid rollout helped the organization quickly achieve huge cost savings since it no longer had to pay up to £500 per month for third-party security products. And it is now better positioned to improve lives and communities, and protect them, for many more years to come.
Find out more about Derby County Community Trust on Twitter, Facebook, Instagram, and LinkedIn.
“We wanted all employee devices, along with our entire device estate, to be compliant, secure, and centrally managed.”
Simon Carnall, Head of Community, Derby County Community Trust
Follow Microsoft