SNP Achieves Repeatable Success by Leveraging Microsoft Security Solutions in a Global IT Landscape

April 04, 2023 | Jatinder Kaur Virdee

This blog highlights our three customer use cases on how SNP leverages Microsoft security solutions for customers looking to preserve their manage all that disparate infrastructure while keeping their operational independence and IT budgets in check. 

 

Use Case 1: A leading horticulture company in the USA

The client had a hybrid infrastructure combining IoT devices with a Microsoft power platform leveraging Power Apps and Power BI. Since the client has a multi-cloud environment that is comprehensive and disparate, it requires a proactively implemented security solution that optimizes costs and productivity of their security team.

Some of the key challenges they faced included:
  1. The client had a comprehensive infrastructure with VMWare, Microsoft BI Stack, ETL/ELT tools such as SSIS, Azure Data Factory with limited security and governance
  2. On-premises, the client was running over 450+ VM’s that weren’t receiving security patches or updates, posing a significant security risk
  3. While the client had SOC compliance, MFA was impacting their operations
  4. Cyberattacks were also a high threat

Protecting the data and information that support this sprawling enterprise was a complex task. SNP was introduced by Microsoft to assess their infrastructure to improve their security posture with governance and compliance. Based on SNP's findings, their onsite servers were migrated to Azure Arc for configuration of Defender, Azure Policies, Update Management, and Microsoft Sentinel. The foundation of SNP's data security was built through a thorough assessment of their current situation and gap analysis and risks associated with their existing products while maintaining an eye on sustainability

The Solution: Delivering Value with Microsoft Azure
  • With our converged Enterprise Security Framework, SNP provides a secure foundation on Azure utilizing different Microsoft tools and methods.
  • SNP recommended an Azure subscription model which was aligned with the best practices, giving the client a clear perspective of how these subscriptions were organized in managed groups. Azure policies were applied to each management group to govern their subscriptions.
  • With compliance automation on Azure, SNP reviewed how to overcome the client's compliance challenges by using Azure Policies, which would evaluate and scan all Azure resources and highlight those that are non-compliant
  • Based on controls and best practices applied to subscriptions, Defender for Cloud's regulatory compliance continuously assessed its hybrid cloud environment to identify risk factors
  • Keeping the client's identity and access management challenges in mind, SNP provided several solutions. By leveraging Azure AD PIM (Privileged Identity Management), an Azure AD service, we were able to manage, control and monitor access to all important resources in the organization.
  • The policy-based approach of conditional access provided added security by allowing only trusted and compliant devices to access their apps
  • As an intelligent security analytics tool, Microsoft Sentinel isn’t just a SIEM, but it also provides the client the data security across their hybrid Azure environments
SNP leveraged multiple Microsoft tools and technologies such as:

Azure: Azure RBAC, Azure Policies, Microsoft Defender for Cloud, Azure Compliance Policies, Azure Active Directory, Microsoft Sentinel; Microsoft 365: Defender for M365, Defender for Cloud Apps; Azure Hybrid Management Tool: Azure Arc, Update Management

Unified Security Posture with Microsoft Security Solutions

Their executive team described the project as a success. As a result of this new security system, the client can now manage their compliance requirements better and achieve better governance. Furthermore, they improved their approach, which enabled them to manage their services more efficiently.

The client observed several business benefits:
  • A robust governance system with security features and compliance certifications, ensured easy regulatory compliance.
  • With Azure Defender for Cloud, the client now has a centralized security management location and can detect and respond to security threats in real-time.
  • Increased transparency with centralized identity and access management, AAD enabled the client to manage user identities, access to resources, and usage of applications.
  • Azure Arc increases operational efficiency, enabling them to manage all their diverse environment and improve their overall business operations.
  • Sentinel automated the monitoring and security management of processes that led to increased control and visibility over their hybrid landscapes
Better Returns with Reduced Effort

The client is most excited by the centralized management it’s gained with Azure Arc. They can now monitor everything from one platform. This visibility enables more efficient and proactive decision making while supporting their IT business needs. With Defender for Cloud for automated compliance across their environment, their manual efforts were reduced by 60%. With over 500 resources, including 450 on-prem servers, multiple IOT devices, and Azure Sentinel deployed on Azure Arc, the client's TCO was reduced by 20%.

“SNP was introduced to us to assess our infrastructure to improve our security posture with governance and compliance. Based on their findings, our onsite servers were migrated to Azure Arc for configuration of Defender, Azure Policies, Update Management, and Microsoft Sentinel. For us, the project was an immense success. As a result of this new security system, we can now manage our compliance requirements better and achieve better governance. Furthermore, we are better able to manage our services to customers more effectively. We have a robust governance system with security features to meet our compliance needs. Azure Defender helps us detect and respond to security threats in real-time while Azure Arc increases our operational efficiency, enabling us to manage our diverse environment and improve our overall business operations seamlessly over our hybrid landscapes." Says their Director Architecture/Cybersec

 

Use case 2: A leading auto insurance provider in USA

Having a wide-ranging infrastructure, the client sought help to establish a zero-trust security enabled on Network, Apps, Databases and Hybrid environment.

Some of the key challenges they faced included:

  • The client had wide range of infrastructure like VMWare, ETL/ELT tools such as SSIS, Azure Data Factory and had less security and governance across these environments.
  • The client was running over 150+ VM’s on-premises, which was no longer receiving security patches or updates, posing a significant security risk.
  • The client had SOC compliance, but MFA was a pain point which was impacting their operations.

SNP had performed the migration of their infrastructure and now to enhance their security posture and governance approach, SNP suggested a Zero Trust security model with Defender for Cloud, Azure Policies, Microsoft Sentinel and Azure Arc.

The Solution: Delivering Value with Microsoft Azure
  • SNP followed a streamlined approach and an inhouse converged Enterprise Security Framework to provide a secure and functioning base in Azure. SNP leveraged different tools and methods.
  • SNP was able to start Subscription management where their Azure subscription was aligned with the best practices. Glimpse of how subscriptions were organized with management groups and Azure policies were applied at Management group to govern their subscription.
  •  SNP reviewed on how compliance automation on Azure could be achieved using Azure Policies. Azure Policies do evaluations of the Azure resources and scans those that are not compliant with your organization needs.
  • Defender for Cloud’s regulatory compliance continuously assesses the hybrid cloud environment to analyze the risk factors according to the controls and best practices in the standards that we have applied to subscriptions.
  • SNP provided the client with several solutions to address their identity and access management but specially, Azure AD PIM (Privileged Identity Management) PIM a service in Azure AD that enables us to manage, control, and monitor access important resources in organization, PIM provides time-based or approval-based role activation to avoid the risk of misused excessive access.
  • Conditional Access provided policy-based approach that added security by allowing access to the applications across the cloud and on-premises only from trusted and compliant devices.
  • Microsoft Sentinel which is not just a SIEM tool but also an intelligent security analytics tool, provide security data across hybrid environment not just limited to Azure cloud.
SNP leveraged multiple Microsoft tools and technologies such as:

Azure: Azure RBAC, Azure Policies, Microsoft Defender for Cloud, Azure Compliance Policies, Azure Active Directory, Microsoft Sentinel; Microsoft 365: Defender for M365, Defender for Cloud Apps.

Outcome & Business Impact:

As stated by their executive team, the client project was a success. The client is now able to manage their entire infrastructure in Zero Trust model with better governance and security in line with their compliance requirements. They were also able to improve their approach, which helped them to manage their services.

The client observed several business benefits:
  • Improved Governance with built-in security features and compliance certifications to readily meet the organization’s regulatory compliance requirements.
  • Leveraging the Azure Defender for Cloud, the client now has a centralized location for their security management while enhancing their security posture to detect and respond to security threats more efficiently.
  • Increased transparency: Azure Active Directory provided a centralized location for identity and access management, allowing the client to manage user identities, access to resources, and application usage
  • Operational Efficiency: With NSG’s, the client could have granular network security by enabling network security groups (NSGs) to reference ASGs instead of individual VMs.
  • Automated monitoring and security management of processes leading to increased control and visibility of their hybrid landscape using Microsoft Sentinel

 

Use case 3: A global law firm based in the USA

The client migrated their US infrastructure to azure and wanted a zero trust security enabled on Network, Apps, Databases and Users.

Some of the key challenges they faced included:

The client migrated over 250 servers (3 servers with each over 30TB of data, 5 servers with each over 15TB of data), which included the customer’s critical financial applications Aderant & iManage, their Citrix/ AirWatch environment, multiple SQL instances and databases, and multiple business applications to Azure. SNP had performed the migration of their infrastructure and now to enhance their security posture and governance approach, SNP suggested a Zero Trust security model with Defender for Cloud, Azure Policies, and Azure NSG/ASG’s could be configured.

The Solution: Delivering Value with Microsoft Azure:

SNP followed a streamlined approach and an inhouse converged Enterprise Security Framework to provide a secure and functioning base in Azure. SNP leveraged different tools and methods.

  1. SNP reviewed on how compliance automation on Azure could be achieved using Azure Policies. Azure Policies do evaluations of the Azure resources and scans those that are not compliant with your organization needs.
  2. Defender for Cloud’s regulatory compliance continuously assesses the hybrid cloud environment to analyze the risk factors according to the controls and best practices in the standards that we have applied to subscriptions.
  3. SNP provided the client with several solutions to address their identity and access management but specially, Azure AD PIM (Privileged Identity Management) PIM a service in Azure AD that enables us to manage, control, and monitor access important resources in organization, PIM provides time-based or approval-based role activation to avoid the risk of misused excessive access.
  4. Conditional Access provided policy-based approach that added security by allowing access to the applications across the cloud and on-premises only from trusted and compliant devices.
  5. Zero Trust network architecture where different services are deployed across multiple VMs. With ASGs, we could group VMs that provide a specific service and then apply security rules based on the group. This makes it easier to manage network security for microservices-based applications. ASGs allowed for granular network security by enabling network security groups (NSGs) to reference ASGs instead of individual VMs.
SNP leveraged multiple Microsoft tools and technologies such as:

Azure: Azure RBAC, Azure Policies, Microsoft Defender for Cloud, Azure Compliance Policies, Azure Active Directory ; Microsoft 365: Defender for M365, Defender for Cloud Apps; Network – NSG’s, ASG’s, NSG Flow logs

Outcome & Business Impact:

As stated by the client's their executive team, the project was a success. The client is now able to manage their entire infrastructure in Zero Trust model with better governance and security in line with their compliance requirements. They were also able to improve their approach, which helped them to manage their services.

The client observed several business benefits:
  • Improved Governance with built-in security features and compliance certifications to readily meet the organization’s regulatory compliance requirements.
  • Leveraging the Azure Defender for Cloud, the client now has a centralized location for their security management while enhancing their security posture to detect and respond to security threats more efficiently.
  • Increased transparency: Azure Active Directory provided a centralized location for identity and access management, allowing Costa Farms to manage user identities, access to resources, and application usage.
  • Operational Efficiency: With NSG’s, the client could have granular network security by enabling network security groups (NSGs) to reference ASGs instead of individual VMs.
  • Automated monitoring and Network management of processes leading to increased control and visibility of their hybrid landscape using Network NSG’s flow logs.

In response to the client's migration of 200 servers to Azure, SNP reduced their TCO by 30% and by implementing network security groups, their manual effort was reduced by 50%.

“SNP originally worked with on a DC migration project which was one of the most challenging and significant accomplishments of my career. I am incredibly grateful to have had the opportunity to work with the SNP team on the project. The depth and breadth of knowledge within SNP are second to none. Their team have been amazing from start to finish. Their understanding of the subject matter, attention to detail, dedication, and persistence have been on point throughout the project. SNP then worked with us a very successful security assessment project which has been critical to our Azure implementation. I look forward to future projects/engagements”. Says the CIO.

Protect data, apps, and infrastructure quickly with built-in security services in Azure with SNP Technologies Inc.
Business
tags:
Microsoft Azure
Cloud Security
Securing Internet Applications
Application Security
API Security
Jatinder Virdee Linkedin Profile

Jatinder Kaur Virdee

Jatinder Kaur Virdee is the Director of Marketing at SNP Technologies Inc. She is responsible for the development of the joint marketing strategy, messaging, and creation of joint content for our strategic partner ecosystem, Microsoft.