With security into the cloud

Cloud security for a service company with focus on Asia
skaylink_img_lizensiert_LR_00001

End2End security analysis as the basis for the path to the cloud

Security as the primary goal

With security into the cloud – that was the challenge: a global trading service provider pursues a clear cloud strategy with the goal of gradually migrating to Microsoft 365 and Azure. Skaylink was involved as a solution partner from the very beginning and provides continuous support in regular exchanges. Assessment, consulting and implementation services are at the heart of the continuous support for migrating to the cloud with Exchange Online, Microsoft 365 and Azure, as well as of the design of the new IT security environment. IT security should be redefined. Not least because of the current challenges facing security in the home office and the possible use of employees’ personal devices ensuing from this.

All security aspects covered

Secure cross-country cloud-based collaboration

A Bremen-based trading house is one of the leading service providers for all companies wishing to gain a foothold in the markets of the future. In Asia in particular, a broad portfolio of services and trading expertise has grown in various business areas. A network of more than 50 subsidiaries in Germany and abroad makes the company a reliable, strong partner for off- as well as online market development.   The company was faced with the decision to replace its existing Exchange server landscape. In the course of a new communications strategy, there was also the consideration of switching to Microsoft Teams. In addition, there was the decision to bring the previously outsourced IT back in-house and to make it more mobile and secure, which was not feasible with the previous on-premises infrastructure and the Office 2010 business suite. The first step was the migration of around 250 workstations at the headquarters in Bremen, with other branches to follow successively. The goal of Office 365 and Microsoft 365 was quickly set. The first workshops for the introduction of the cloud suite immediately followed, before the company’s Group IT and Skaylink took the first steps in the project. The first task was to set up the Active Directories and the new server for Exchange Online in hybrid mode and to migrate the Exchange mailboxes. In doing so, the company also took the first steps to move the IT landscape to Azure in the Microsoft Cloud, a process that has since gained significant momentum. As new devices are added, they are no longer provisioned locally, but rather virtually via Azure. One challenge in the project was planning to connect all relevant Active Directory forests and verify consistent identities. This was important to the company because national subsidiaries, such as in China, already have their own tenants for legal reasons. Since not all subsidiaries work via the company’s account, all other networks were to be connected in a star configuration via the cloud. This presented a challenge when assigning user names and passwords.  

New security concept

  The important area of IT security was also to be redefined and was a key focus for the company from the outset with the introduction of consistent cloud usage, which was exacerbated in the COVID 19 pandemic due to home office working. For Skaylink, this includes analyzing endpoints and on-premises environments that are actually managed by another service provider. Effective measures were defined based on an examination of all components. Conditional access is now one of the standard security solutions. If the prerequisites for this are not met, multi-factor authentication is used.   The company first set up two-factor authentication with password and PIN with Skaylink, and then also introduced Windows Hello for Business for passwordless access via fingerprint reader or facial recognition.   Log analytics and Azure automation come into play as another example. The logs of certain on-premises systems are evaluated completely automatically in the background to respond when someone tries to reset their password multiple times.   Usually, the company dictates which devices employees are allowed to use. However, due to the work in the home office, employees sometimes also worked with their own devices, which was done without any problems. For the bring-your-own-device approach, Microsoft Intune was used for endpoint management. This made it possible for the first time to also manage private laptops and Apple devices in order to meet data protection and compliance requirements. The device owner has access to the resources, but these no longer run via the domain, but via the tenant in the cloud, and access is very simple via single sign-on.  

License consulting and SAP integration

  Skaylink also assisted the company with licensing issues and removed many obstacles. Today, many applications run via Microsoft Azure in the public cloud, but individual ones such as payroll accounting also run in a private cloud. In the meantime, the company in Frankfurt am Main has already set up an SAP test system including Adobe Forms Server, SAP Web Dispatcher and EDI landscape. The next step will be to transfer the entire SAP landscape there.

Facts & Numbers

50

Subsidiary companies
into security concept
and cloud
environment integrated

23

Countries
are covered by the cloud infrastructure

1700

Employees
work daily with the cloud system

Further Case Studies

Our partners

Let's start the future together.

Unsure where the digital journey should lead you? Our experts will be happy to answer your questions without obligation!

Simply fill out the form on the right and we will get back to you as soon as possible.