Technology Record - Issue 33: Summer 2024

93 attacks and coordinating responses across many assets with extended detection and response that is integrated into Microsoft 365 and Azure.” Staying on track “Managing compliance can indeed be very challenging, especially for global firms in a context where there are constant updates to regulations and new guidelines being introduced,” says Deprins. To help its customers with this, Microsoft has created free Compliance Checklists in its Service Trust Portal that detail local regulations and suggest best practices for compliance in 50 different countries. For solutions, customers can use Microsoft Purview Compliance Manager to monitor regulatory compliance and reduce risk against hundreds of customisable frameworks, standards and templates. It does this by providing users with a score for their current level of data protection and then identifies key areas for improvement and prioritises recommended actions based on their impact on risk. “Purview Compliance Manager allows for very detailed risk and compliance assessments across the entire stack,” says Deprins. “This is made visible through a Compliance Dashboard and Compliance Score and with this tool even multi-cloud compliance is supported which takes things to the next level.” Organisations can also use Microsoft’s topicbased quick assessments, available through its free learning resources, to understand how to manage risk thematically and benefit from both first-party and third-party compliance services through the Compliance Program for Microsoft Cloud. “Through a number of listening systems and direct engagement with compliance stakeholders both in the financial services industry and at the side of the regulators, Microsoft has been deeply engaged for over 10 years in our mission to specifically enable financial firms to be able to use our cloud services in the most secure and compliant way,” says Deprins. “Through these engagements we get to assess regulations and new requirements early on which allows us to work with engineering and legal teams to ensure these are also built into our products. A good example of this would be how the GDPR privacy regulation in Europe has led us to deliver on the EU Data Boundary project, meaning that we engaged on a multi-year journey to store and process data within the EU meeting the needs of our European customers. “The solution for operational resilience is to take a comprehensive, risk-based and outcomes-focused approach that starts from the critical parts of the business and covers topics such as ensuring high reliability, testing business continuity, strengthening cybersecurity and managing concentration risk across the whole environment including thirdparty suppliers. Microsoft’s tools and solutions aim to do just that.” Photo: AdobeStock/Skórzewiak BlueVoyant helped WTW to implement Microsoft Purview and Defender to protect its 55,000 workstations Photo: iStock/JohnnyGreig FINANCIAL SERVICES