The Department of Families, Seniors, Disability Services and Child Safety conducts important community work in Queensland, Australia. It supports many of the state’s residents in need by providing child protection services, elder abuse prevention resources, accommodation services for those living with disability, carer action plans and more.
Due to the nature of the department’s work, it faces significant security challenges. Employees routinely handle sensitive information, such as case notes for child safety and instances of domestic violence, which requires the utmost care.
“We have approximately 9,500 employees across the department and its supported agencies. Data can be handled by child safety officers, disability support workers and youth justice workers, so we need security controls to be effective while causing minimal disruption,” explains Tanya Georgiou, the department’s Director of Information Security and Cloud Operations.
Conscious that the risk of a data exfiltration event has risen with the arrival of new technologies, including generative AI, the department recognised a need to make changes. The Queensland Government has also mandated that departments comply with the Australian Signals Directorate’s Essential Eight strategies for mitigating cybersecurity risk.
“We had to increase our overall security posture and improve visibility over how data is handled across the department,” says Georgiou.
Consolidating security systems with a Microsoft 365 E5 licence
To accomplish these security and compliance objectives, the department upgraded to a Microsoft 365 E5 licence. This allowed the department to consolidate its security tools, replacing systems from separate suppliers with one solution for end-to-end protection.
“With the department investing in the E5 licence, we determined that we wouldn’t receive full value from it with other legacy technologies still in place,” explains Mark O’Reilly, the department’s Manager of Network and Security Operations.
“I was interested in what the overall outcome would be from reducing the different panes of glass resulting from multiple vendors. I never used to be a heavy Microsoft user, but I’ve been converted by observing how well its tools work together.”
Over just six months, Georgiou, O’Reilly and their colleagues partnered with Microsoft and Capgemini to implement the changes.
“Capgemini was excellent,” says O’Reilly. “We found that they could understand our requirements and recite them back to us in clear terms. That allowed us to pivot quickly.“
Securing digital touchpoints for end-to-end protection
Enabled by the upgrade to E5, the department has deployed all Microsoft Defender XDR suite products, including Microsoft Defender for Endpoint, Microsoft Defender for Cloud, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps and Microsoft Defender for Office 365. As uptake increases, Windows Defender Application Control helps to maintain compliance with the Essential Eight requirements.
The Microsoft Defender portal has enhanced the organisation’s visibility of improvements to its security posture through Microsoft Secure Score, which is regularly reported to the internal Information Steering Committee. According to O’Reilly, “Secure Score is useful because it consolidates scores across several endpoints and tools. We can assign each score category to the team responsible and let them work on improvements at their own pace.”
Integrated into a singular platform, these tools have strengthened end-to-end protection and visibility across on-premises, hybrid and cloud environments. Notably, Defender for Endpoint has immediately enhanced security across all server and desktop devices, with Apple iPhone mobile devices already successfully trialled and soon to be rolled out. This protection is augmented with Defender for Identity and Defender for Office 365, which safeguard identities, email and collaborative tools against malicious attacks.
With the rise of AI and cloud technology in mind, O’Reilly also notes the value of Microsoft Defender for Cloud Apps in preventing or identifying instances of data exfiltration.
“There are a lot of cloud-hosted sites that people can upload documents to and access from home, which other organisations that deal with us also use. We need visibility over what’s happening with our data, and we’ve found Defender for Cloud Apps to be extremely helpful in that regard.”
Unifying security operations under one platform
Another major change was the department’s migration of its security information and event management system to Microsoft Sentinel to improve threat detection, incident response and data visibility – all from a unified interface.
“I’ve only got a small security operations team looking after thousands of users working from 140 locations, and we have to be efficient to stay on top of daily alerts,” says O’Reilly.
“We do most of our work in Sentinel. Once a request comes in, the platform logs the incident within our incident management tool and presents the information in a way that allows us to resolve the issue quickly.”
The department has already noticed several advantages. For example, Sentinel has enabled automated responses to regular incidents, reducing time spent on repetitive tasks. Integration with other security tools, including Microsoft Defender solutions, has also impressed O’Reilly.
“The capabilities of Sentinel in pulling together the telemetry from our deployed platforms and triggering incidents for my team to triage and action have been a revelation,” he explains.
“As we have activated more tools, they have been automatically integrated into Sentinel, which means incidents are presented via the same interface and can be dealt with using the same operational processes. The more capabilities that are activated, the more visibility you gain into your network and monitoring.”
Improving security posture out of the box
As the department has continued reinforcing its security using Microsoft solutions, O’Reilly has been amazed by the capabilities made instantly available to his team.
“That’s what I’ve been most impressed with – seeing this technology work straight out of the box and comparing that with the customisation and configuration that would be required using the legacy tools we had in place,” he says.
O’Reilly is also impressed by the rate of improvement. “The Microsoft team has a rapid turnaround and improvement cycle. There are always improvements coming out that are weighted towards users doing these tasks, which helps make the system more efficient.”
The department expects to continue working closely with Microsoft as it follows its cybersecurity strategy and prioritises alignment with ‘Zero Trust’ principles, exploring the practical implications of this modern security approach.
Further, O’Reilly and Georgiou expect to expand the use of Microsoft Purview to protect and manage the department’s data, emphasising the platform’s Data Loss Prevention capabilities as generative AI technology develops.
“The holistic alliance with Microsoft is greater than the sum of its individual parts. They’re very much a trusted strategic partner,” Georgiou says. “I’m just glad we made the change.”