Securely into the Cloud

A trading house based in Bremen, Germany, is one of the leading service providers for all companies that want to get a foothold in the markets of the future. A broad portfolio of services and trading expertise has grown in various business areas, especially in Asia. A network of over 50 subsidiaries in Germany and abroad makes the company a reliable, strong partner for both offline and online market development.

The company was faced with a decision – it needed to replace its existing Exchange Server landscape. As part of a new communications strategy, switching to Microsoft Teams was also under consideration. In addition, a decision to bring the previously outsourced IT back in-house and to make it more mobile and secure was made – but this was not feasible using the existing on-premises infrastructure and the Office 2010 Business Suite.

The first step was the migration of around 250 workstations at the headquarters in Bremen, with other branches to follow successively. Office 365 and Microsoft 365 were quickly chosen as the goal. The first workshops for the introduction of the cloud suite also followed immediately, before the company’s Group IT and Skaylink took the first steps in the project. The first task was to set up the Active Directories and the new server for Exchange Online in hybrid mode and to migrate the Exchange mailboxes. In doing so, the company also took the first steps toward migrating its IT landscape to Azure in the Microsoft Cloud – a process that has since picked up considerable steam. When new devices are added, they are no longer provisioned locally. Instead, they are provisioned virtually via Azure.

One challenge in the project was planning the connection of all relevant Active Directory forests and the verification of uniform identities. This was important to the company because national subsidiaries, for example in China, have their own tenants for legal reasons.

Since not all subsidiaries operate through the company’s account, all other networks should be star-connected via the cloud. One challenge was assigning user names and passwords.

New security concept

The key area of IT security was also to be redefined and was a key focus for the company right from the start with the introduction of consistent cloud usage. This has been intensified during the COVID-19 pandemic due to working from home.
For Skaylink, this includes analyzing devices and on-premises environments that are actually managed by another service provider. Effective measures have been defined based on consideration of all components.

In the meantime, Conditional Access is among the standard security solutions. If the requirements for this are not present, then multi-factor authentication is used.

The company first set up two-factor authentication with a password and PIN together with Skaylink, and then introduced Windows Hello for Business for password-free access using fingerprint readers or facial recognition. As an additional example, Log Analytics and Azure Automation are used. The logs of specific on-premises systems are evaluated fully automatically in the background to respond if a person tries to reset their password multiple times.

Usually, the company determines which devices employees are allowed to use. But when working from home, employees sometimes also work with their own devices, which was done without any problems. Microsoft Intune was used for endpoint management to facilitate the “bring your own device” approach. For the first time, this made it possible to also manage personal laptops and Apple devices to meet data protection and compliance requirements. Device owners have access to the resources, but these no longer run via the domain. Instead, they run via the tenant in the cloud. Single sign-on makes access easy.

License consultation and SAP integration

Skaylink also supported the company where licenses were concerned, which cleared some of the obstacles out of the way. Today, many applications run in the public cloud via Microsoft Azure, but some, such as payroll accounting, also run in a private cloud. In the meantime, the company has already set up an SAP test system in Frankfurt, Germany, which includes Adobe Forms Server, SAP Web Dispatcher and an EDI landscape. The next step will be to transfer the entire SAP landscape there.