Strengthening Cloud Security in the Medical Industry

The Problem

SGMC Health sought to enhance its cloud security posture across its Microsoft 365 environment to better support its growing infrastructure, which includes a central hospital campus and multiple satellite facilities. Like many healthcare organizations navigating digital transformation, SGMC Health’s previous security architecture relied on a mix of tools and processes that had evolved over time. This approach created challenges with integration, visibility, and efficiency across its cloud systems. To stay ahead of evolving threats and meet strict HIPAA compliance requirements, SGMC Health aimed to streamline its security operations, reduce redundancy, and strengthen protections for email, messaging, and other critical applications.

The BlueAlly Solution

Due to these challenges, SGMC Health partnered with BlueAlly through our Allied Care Protect Guardian retainer-style agreement. Together, we aimed to implement a unified, Microsoft-native cloud security strategy that would safeguard sensitive medical data, streamline operations, and reduce reliance on third-party vendors. BlueAlly addressed these complexities by enhancing identity and access management across SGMC Health’s Entra ID environment. This entailed leveraging the full Microsoft 365 Defender suite, including Safe Links, anti-spam protection, cloud app reporting, endpoint security, and centralized logging and monitoring.

We improved email and content-sharing protections through Exchange Online and enhanced data security on personal devices via Intune’s mobile application management (MAM) features for BYOD. We also strengthened OneDrive and SharePoint security with granular sharing policies and hardened Teams usage with meeting and chat policies. Additionally, BlueAlly implemented Azure AD Password Protection to enforce strong password policies and Microsoft Information Protection (MIP) to protect sensitive data across cloud workloads.

The Results

These comprehensive improvements to SGMC Health’s cloud security posture enabled the organization to fully maximize its Microsoft investments while strengthening the protection of sensitive medical data. The significant increase in the organization’s Microsoft Secure Score – from 42.98% to 85.36% within a year – was the result of close collaboration between SGMC Health’s Senior Information Security Officer, its Information Security team, and BlueAlly. Through continuous feedback and active engagement, BlueAlly worked alongside SGMC Health to fine-tune configurations, close critical gaps, and ensure the solution aligned with the organization’s broader cybersecurity strategy. These enhancements also improved visibility across cloud environments and enabled more effective KPI reporting to executive leadership.

SGMC Health also purchased Tier-3 support services beyond our initial service agreement, including email support during peak service times and restoring IT operations after a sudden hurricane. Through this collaboration, the hospital provider consolidated tools and leveraged native Microsoft capabilities to reduce the complexity and sprawl of its security stack, improve cost efficiency, and ensure reliable patient-care operations.

“BlueAlly proved to be an indispensable partner, not just for their technical expertise, but for their willingness to align with the vision I had for SGMC Health’s cloud security transformation,” said Tony Harrell, Senior Information Security Officer at SGMC Health. “They listened, adapted, and helped turn strategy into action. Together, we strengthened our security posture, unlocked real ROI from our Microsoft investment, and kept critical operations running, even when the unexpected hit! That’s the kind of partnership you don’t take for granted, especially when uptime and patient safety are non-negotiable and excuses aren’t part of the disaster recovery plan.”