Securely into the Cloud
Cloud security for a service provider with a focus on Asia
End2End security analysis as the basis for the journey into the cloud
Security as the utmost goal
Securely into the cloud – that was the challenge: A globally positioned trade service provider pursues a clear cloud strategy with the goal of successive migration to Microsoft 365 and Azure. Skaylink was there as a solution partner right from the start, and offers ongoing support through regular interaction.
Assessment, consulting and implementation services are the focus of ongoing support for migration to the cloud with Exchange Online, Microsoft 365 and Azure, as well as in the design of the new IT security environment. IT security needs to be redefined. Especially due to the current security challenges while working from home and the associated use of employees’ personal devices under certain circumstances.
All security aspects are covered
Design cross-border cloud-based collaboration securely
A trading house based in Bremen, Germany, is one of the leading service providers for all companies that want to get a foothold in the markets of the future. A broad portfolio of services and trading expertise has grown in various business areas, especially in Asia. A network of over 50 subsidiaries in Germany and abroad makes the company a reliable, strong partner for both offline and online market development.
The company was faced with a decision – it needed to replace its existing Exchange Server landscape. As part of a new communications strategy, switching to Microsoft Teams was also under consideration. In addition, a decision to bring the previously outsourced IT back in-house and to make it more mobile and secure was made – but this was not feasible using the existing on-premises infrastructure and the Office 2010 Business Suite.
The first step was the migration of around 250 workstations at the headquarters in Bremen, with other branches to follow successively. Office 365 and Microsoft 365 were quickly chosen as the goal. The first workshops for the introduction of the cloud suite also followed immediately, before the company’s Group IT and Skaylink took the first steps in the project. The first task was to set up the Active Directories and the new server for Exchange Online in hybrid mode and to migrate the Exchange mailboxes. In doing so, the company also took the first steps toward migrating its IT landscape to Azure in the Microsoft Cloud – a process that has since picked up considerable steam. When new devices are added, they are no longer provisioned locally. Instead, they are provisioned virtually via Azure.
One challenge in the project was planning the connection of all relevant Active Directory forests and the verification of uniform identities. This was important to the company because national subsidiaries, for example in China, have their own tenants for legal reasons.
Since not all subsidiaries operate through the company’s account, all other networks should be star-connected via the cloud. One challenge was assigning user names and passwords.
New security concept
The key area of IT security was also to be redefined and was a key focus for the company right from the start with the introduction of consistent cloud usage. This has been intensified during the COVID-19 pandemic due to working from home.
For Skaylink, this includes analyzing devices and on-premises environments that are actually managed by another service provider. Effective measures have been defined based on consideration of all components.
In the meantime, Conditional Access is among the standard security solutions. If the requirements for this are not present, then multi-factor authentication is used.
The company first set up two-factor authentication with a password and PIN together with Skaylink, and then introduced Windows Hello for Business for password-free access using fingerprint readers or facial recognition. As an additional example, Log Analytics and Azure Automation are used. The logs of specific on-premises systems are evaluated fully automatically in the background to respond if a person tries to reset their password multiple times.
Usually, the company determines which devices employees are allowed to use. But when working from home, employees sometimes also work with their own devices, which was done without any problems. Microsoft Intune was used for endpoint management to facilitate the “bring your own device” approach. For the first time, this made it possible to also manage personal laptops and Apple devices to meet data protection and compliance requirements. Device owners have access to the resources, but these no longer run via the domain. Instead, they run via the tenant in the cloud. Single sign-on makes access easy.
License consultation and SAP integration
Skaylink also supported the company where licenses were concerned, which cleared some of the obstacles out of the way. Today, many applications run in the public cloud via Microsoft Azure, but some, such as payroll accounting, also run in a private cloud. In the meantime, the company has already set up an SAP test system in Frankfurt, Germany, which includes Adobe Forms Server, SAP Web Dispatcher and an EDI landscape. The next step will be to transfer the entire SAP landscape there.
Facts & Figures
integrated in the security concept
covered by the cloud infrastructure
with the cloud system daily
Further case studies
Transformation of Girteka’s AWS Infrastructure Management
Drivitty: Transformation into a Microservices Marvel
Story House Egmont – Digitized and Streamlined in Just Three Months
Nets Achieves Strong DevOps Mentality with “You built it, you run it”
Let’s start the future together
Are you unsure where the digital journey should take you? Our experts will be happy to answer your questions without obligation!
Just fill out the form to the right and we will be in touch with you shortly.