How Federaal Planbureau secures its econometric models and data.
As an independent federal institution, Federaal Planbureau forms the backbone of policy decisions through data, forecasts, and complex econometric models. At the foundation of these operations lies one indispensable factor: a flawlessly functioning and strictly secured Microsoft 365 environment.
How do you stay “in control” with a limited IT team when cybersecurity evolves faster than your organization can keep up (NIS2 compliance and the need for 24/7 monitoring and response)? To answer this question, Federaal Planbureau chose a different approach: transitioning from internal management to a strategic partnership focused on managed security.
Read all about how Federaal Planbureau permanently secures its digital workspace.
The challenges
NIS2 legislation:
As an independent federal government agency, Federaal Planbureau must comply with strict standards. It was crucial be compliant and also to be able to demonstrate this compliance to data providers and other government services that entrust them with sensitive data.
Unattainable specialization:
Managing and securing a Microsoft 365 tenant has become a full-time job due to Microsoft’s constantly changing roadmap. A policy configured today can already be outdated in two weeks. Permanently maintaining that unique expertise internally is impossible.
High operational pressure:
The IT team consists of 8 people, 4 of them are responsible for managing and securing the entire infrastructure. With this staffing level, it’s impossible to set up 24/7 monitoring internally without losing focus on the organization’s vital core activities.
We realized that managing an M365 environment is a job on its own. You have to be highly specialized to keep up with Microsoft's fast-changing roadmap. I was able to convince our management that with ACEN, we are bringing in a team of professionals who are ready 24/7.
The solution: Managed M365, SOC and APU’s
The chosen approach combines continuous control, intelligent monitoring, and budgetary flexibility within a single, efficient security model. The solution is built on three pillars:
- ACEN Managed Microsoft 365: ACEN scans the M365 tenant daily for misconfigurations, unusual exceptions (such as conditional access), and new security features. During regular meetings, a dedicated ACEN expert analyzes the data to take proactive action.
- 24/7 Managed SOC: A specialized team from ACEN monitors the environment day and night. Potential incidents are immediately detected and followed up on according to a concrete incident response plan. Alerts are smartly filtered to prevent alert fatigue.
- Action Pack Units (APUs): A flexible package of service credits used for proactive improvements on the roadmap or ad-hoc projects. This pre-approved model eliminates time-consuming quotes, allowing ACEN’s experts to get to work immediately when needed.
This new approach provides Federaal Planbureau with immediate peace of mind and quick results. The implementation went smoothly within two months, the NIS2 guidelines are firmly anchored and the internal team can focus on their core business.
Securing a Microsoft environment has become a specialization in itself due to constant updates. With this model Federaal Planbureau doesn't just need standalone tools, they need the guarantee that their security posture remains up to date 24/7.
