Enefit

One of main drivers for Enefit to start the project was to implement additional technical barriers and better support its employees to avoid becoming a victim of commonly used attacks. “It all started with top management of Enefit understanding cybersecurity risks and ways how to minimize those,” said Head of Digital Workplace, Nikita Skitsko.

“In order to make a significant investment like this, you need good clarity of why you are doing this and how it helps us to achieve strategic goals”.

The project has started with the implementation of certain entry-level security technologies and a benefits analysis of other capabilities. “While the comprehensive security license offers a suite of features crucial for a robust Zero Trust Architecture, starting with these foundational technologies lays a strong foundation for our security strategy. Additionally, different workshops, where our teams familiarized themselves with security features, have been an excellent starting point for this journey," says Neeme Kaalep, Platform Security Engineer in Enefit.

Alexander Värä, Global Technical Services Sales Director at SoftwareOne, who spearheaded SoftwareOne’s successful pitch for the project, explains. “The value [of a Microsoft 365 E5 implementation] does not come from having one product that is likely better than the one you currently have. Instead, having a platform that includes multiple technologies integrated together and are inherently rooted in your entire ecosystem, from operating systems to cloud services, allow significant configurability to achieve a much better level of protection.

"Another drawback of a heterogeneous security stack is that it forces the organization to create bigger teams who are proficient in those technologies, operated as black boxes. This is inefficient and could create silos between different security capabilities of an organization.

“It’s pivotal to achieve a good, solid security baseline and if you do that manually it takes a long time,” says Värä. “You must design, experiment and gradually roll-out your solution. With SoftwareOne, a lot of that was eliminated because of the pre-existing work we had done in this space.”

SoftwareOne won the project because of its long and deep background in securing mission-critical domains with Microsoft products. “SoftwareOne offer stood out because it was well thought trough, high quality specialists were involved from across SoftwareOne group and SoftwareOne was proactive and quick to react to Enefit needs.”, says Skitsko.

The implementation of the Microsoft 365 E5 security platform was ready ahead of the agreed timeline through leveraging SoftwareOne’s pre-existing security baseline components as code – and the exceptionally close cooperation with Enefit.

“This cooperation was successful,” says Kaalep. “Key part of that success was proper preparation and aligning project scope to Enefit needs.”

SoftwareOne’s overarching role was to design and advise in the deployment of a security baseline that aligned with Enefit’s risk profile, using Microsoft 365 E5 Advanced Security workloads.

The project achieved Enefit’s strategic objectives, Kaalep believes. He comments: “The deployment of Microsoft security solutions significantly enhanced Enefit’s ability to protect, detect, respond to, and mitigate cyber threats across the digital estate. With streamlined security operations and a trusted partner SoftwareOne, we ensure that security remains an integral part of our digital strategy.”

“Implementing E5 security should not be viewed as a one-time project. Instead, it's an ongoing journey requiring continuous learning, evolution, and improvement of your cybersecurity practices. After completing the initial phase, new projects and ideas will guide your next steps,” said Nikita Skitsko.

The implementation of the Microsoft 365 E5 Security platform not only hardens Enefit’s security baseline, but it also improves its security posture by putting in place the technologies and processes necessary to respond quickly to new cyber threats as they emerge.