ServicesSoftwareAboutBlogReferencesContact Deutsch
Book a consultation
IT Security & Compliance

Security is
not a feature.

Security is the foundation. Before we touch a device, the security baseline is in place: MFA, Defender, Conditional Access, email authentication. No compromises, no “we’ll do it later.” All hosted in Germany, fully GDPR-compliant.

Check your security scoreBook a security audit
Interactive Security Check

How secure is your IT? 10 questions.

Based on BSI baseline protection and NIS2 requirements. Click Yes or No — results update in real time.

Identity

Do all employees use multi-factor authentication (MFA)?

Email

Are SPF, DKIM and DMARC configured for your email domain?

Endpoints

Do you use an endpoint security solution (e.g. Microsoft Defender for Business)?

Access

Are Conditional Access policies active (e.g. access only from managed devices)?

Updates

Is there automated patch management for operating systems and software?

Backup

Are backups created regularly and recovery tested?

Awareness

Have employees been trained on phishing/social engineering in the last 12 months?

Incident

Is there a documented incident response plan?

Data

Is access to sensitive data controlled via a permissions concept?

Privileges

Are admin accounts managed separately (no daily use with admin privileges)?

Your Security Score
0/100
Critical — urgent action required
0/10 questions answered · 0 with Yes

Guidance based on BSI baseline protection · not a certified assessment

The Security Baseline

What we configure for every client first.

Before we touch a device or start a migration, the security baseline is in place. These eight measures are standard in every managed services contract.

🔐

Multi-Factor Authentication

For every user, every device. Phishing-resistant via FIDO2 or Microsoft Authenticator. Break-glass accounts for emergencies.

📧

Email Authentication

SPF, DKIM and DMARC fully configured. Nobody can spoof emails in your name.

🛡️

Microsoft Defender for Business

Endpoint Detection & Response (EDR) on every device. Automated threat response, centralized management.

🚦

Conditional Access

Access only from managed devices, only from approved regions, only with current compliance. Everything else is blocked.

💾

Backup with Recovery Testing

Automated backups for Microsoft 365, servers and critical data. Regular restore tests — so backup is more than just a promise.

🔄

Patch Management

Updates for operating system, Office and third-party software. Scheduled, tested, no reboots in the middle of the workday.

👁️

Security Monitoring

24/7 monitoring of all endpoints. Alerts on suspicious activity — before an attack causes damage.

📋

GDPR Configuration

Retention policies, DLP rules, audit logs. Your IT environment is configured so a GDPR audit holds no surprises.

The Process

Secure IT in 4 steps.

01

Security Audit

We assess your current security posture — identities, devices, email, backup, access rights. Result: a clear report with prioritized risks.

02

Set the Baseline

Activate MFA, roll out Defender, configure Conditional Access, set up email authentication. In 3–5 days, the foundation is in place.

03

Hardening

Advanced policies: DLP, device compliance, sensitivity labels, extended audit logs. Tailored to your compliance requirements (GDPR, NIS2).

04

Monitoring & Review

Ongoing monitoring of all endpoints. Quarterly security reviews with reports and recommendations. No surprises.

Frequently Asked Questions

What clients want to know about IT security.

What does a security audit from Nomad Solutions cost?+
The initial security audit is included free of charge for managed services clients. For companies that only want a one-time audit, we provide a custom quote — typically €1,500 to €3,000 depending on scope.
Is the security baseline included in managed services?+
Yes. Every managed services contract includes the complete security baseline as standard. MFA, Defender, Conditional Access, SPF/DKIM/DMARC, backup — all included in the €69/user price.
How long does it take to implement the security baseline?+
Typically 3 to 5 business days for the technical configuration. For employees, almost nothing changes — except they need to set up MFA on their next login.
Does the security baseline cover NIS2 compliance?+
The baseline addresses several NIS2 obligations (MFA, patch management, backup, incident preparation). Full NIS2 compliance additionally requires documented processes, reporting channels and regular reviews — we offer that as an extension.
What happens if a security incident occurs?+
Under a managed services contract: we detect the incident through our monitoring, automatically isolate affected systems, notify you immediately and initiate recovery. If NIS2-regulated: we support the 24-hour report to the relevant authority.
Can you audit existing environments without us becoming managed services clients?+
Yes. We offer one-time security audits for Microsoft 365 and Azure environments. Many clients start with an audit and then decide whether to implement the recommendations themselves or engage us.

How secure is your IT really?

In 30 minutes we assess your security posture together \u2014 free, no strings attached.

Book a security auditView managed services