Royal Sun-Alliance
Royal Sun-Alliance are an established insurance Client within the City of London and had for many years struggled to support their large workforce of staff on a Digital front. RSA then implemented a large digital transformation program, moving on-premise systems into Microsoft's Azure/Office 365 Cloud. Additionally, 20,000 laptops were also being deployed to staff working remotely due to the COVID-19 pandemic to provide new and enhanced capability to staff. Given RSA are an insurance provider, security compliance is paramount to the types of data and volumes RSA hold and process. Coupled with many third-party integrations, ensuring integration with infrastructure to third-party systems meant an extensive scope of evaluating security compliance.
SCOPE
CHALLENGES
Working remotely due to the COVID-19 pandemic, ensuring a third-party IT services outfit responsible for configuring, administration and deploying IT services and hardware were some key challenges. Coupled with an organization considered mature in its Cyber posture needing to uphold a high compliance level against its anti-malware, anti-virus and data leaking software. Our role was to ensure the third-party IT service provider was held accountable for maintaining the high degree of security compliance in data and security protection for 20,000 laptops including server infrastructure being deployed across several Azure accounts. Additional challenges resolved around performing security evaluation of the migration of services and ensuring that any potential security weakness could be identified and rectified before the design becoming deployed as part of the transformation.
OUTCOMES
As part of our support, we were able to ensure RSA’s Cyber requirements for achieving and maintaining compliance using various security protection was upheld when deploying a fleet of 20,000 laptops. We also undertook a security evaluation audit, ensuring the new O365 accounts were conforming to RSA’s Information Security requirements to ensure the program could continue with the Digital Migration. We also developed and managed the deployment of a combination of migration endpoint security metrics into a centralized SIEM platform using ELK configured to provide alerting in this area.