Authors: Chris Garber and Kevin Miller
M&A activity brings a wave of excitement around new capabilities, big numbers and bold futures. But left in the wake of said excitement are the disparate systems, processes and data that must now operate as one. From a security standpoint, M&A is often a breeding ground for vulnerabilities as silos grow wider across legacy systems and organizations begin to incur more and more technical debt to keep operations running. Our client set out to change all that. Here’s how we helped them secure the boundaries of their multiple Active Directory systems while streamlining operations for every end user.
Challenges
Our client, a leading North American beverage company, needed to eliminate security vulnerabilities while also making it easier for end users to access systems. Having grown through mergers and acquisitions, the organization was struggling to build a modern, secure environment with a consistent, unified user experience. Employees had to navigate multiple authentications across several traditional Active Directory systems—assuming they could remember which was the right one to use for the task at hand in the first place. We needed to help them modernize, but starting over from scratch wasn’t an option, either. Given the time and expense involved in a rip and replace, it was critical to help the client make the most of their existing investments. The client also requested that our proposed changes minimize business downtime. In other words, the show had to go on as we secured it.
Solutions & Approach
We started by assessing Active Directory and associated integrations to get a full picture of all the complexities involved. Then we set to work architecting and designing a remediation plan that leveraged industry frameworks such as NIST, CIS and other best practices. Once we had a remediation strategy in place, we collaborated with the client to establish a roadmap for Active Directory that would incorporate multiple cloud services including Google, Microsoft and Okta. By following the roadmap, the client will be able to secure a standardized manufacturing authentication environment while maintaining a secure application and data center modernization strategy well into the future.
Results & Lessons Learned
Overall, we helped the client reduce their technical debt while progressing toward a more secure, modern infrastructure by building standard operating procedures across all technical areas. Our client improved their security posture using industry secure frameworks and best practices, and we also helped them implement a modern authentication approach that would be intuitive for end users.
Perhaps most importantly, the client is now positioned for success with future M&A integration due to the new approaches to modern authentication we helped them establish.
___________________________________________________
Secure & Efficient
Our goal was to not only mitigate risk but also create a more simplified, efficient set of operations for the client through the following objectives:
• Reduce sprawl of Active Directory systems
• Ensure a consistent, efficient end user experience
• Simplify administration and operations
• Minimize enterprise impacting events by securing boundaries
___________________________________________________
“We view Collective Insights as a true partner in our journey to implement a modern and secure environment. Collective Insights actually listens to our concerns and provides flexible solutions. Collective Insights does not force a particular requirement; they listen and collaborate with us to develop a shared solution that satisfies the requirements.”
___________________________________________________
Key Takeaways
• Communication: Strong communication is essential to other third-party support organizations.
• Future of Work: In a world of work from home, the traditional office setting for end users is no longer relevant.
• Flexibility: It’s critical to provide key technology and application stakeholders with secure, flexible options.
• Preparation: Organizations need to make sure they’re prepared for modern, secure approaches as security risks heighten.