Our key role in identity access management (IAM) for a major utility and its Big Four consultant
The biggest successes you’ll ever see, when it comes to protecting our nation’s critical infrastructure, are the things you don’t see.
Be thankful that you don’t see the electrical grid being hacked. Or the water supply getting compromised.
These are terrifying, indeed existential, threat scenarios that, sadly, are part of the fabric of modern society. And Ensunet is proud to have recently contributed to shoring up the cyber security of a major link in the infrastructure. Our success is measured in "bad things that won’t happen.” Indeed, you might never know what we did... unless you actually read this article.
Big utility, Big Four partner
For this project, one of the country’s largest water-and-electric utilities reached out to some of the world’s foremost experts to see who would be best at performing a top-to-bottom cyber security makeover for them.
And so the utility issued an RFP, or request for proposal, for this massive project. The budget was north of $75 million.
One of the country’s Big Four consultancies tapped Ensunet to help with a key portion of their RFP response, with the understanding that we would execute on that portion of the RFP in the event that they won.
The specific area of expertise concerned identity access management or IAM. Ensunet has a strong track record in this area.
Long story short: We helped the consultancy to write that portion of the RFP response. They won the RFP selection, and we were set to work.
A top-to-bottom project
Naturally, nondisclosure requirements prevent us from giving too many details, but know that this project affected thousands of employees, using hundreds of systems. Everyone was impacted, from the CEO to the field workers in manholes and bucket trucks.
Identity access management is the specialty of managing (and verifying) all of an enterprise’s employees, customers, and resources, and what each one is allowed to access, at any given time. For this project, Ensunet, as part of a huge team, was tasked with cyber posture assessments, vulnerability assessments, and cross-training of internal teams.
Despite the frightening at-stake risks mentioned earlier, many of the more mundane ones were on everyone’s minds: Broken processes. Locked-out employees. Missing data. Compliance issues. Reputational damage.
The situation was compounded by the as-is state when we arrived. Maintenance and security updates had been deferred for far too long; basic IT infrastructure and systems were at the end of their support life—think of an old car, for which replacement parts are no longer available. There were thousands of devices at play, both in the offices and in company-issued mobile devices out in the field. Existing security procedures were of the old username/login variety, without modern updates such as multi-factor authentication or single sign-on functionality.
Working in waves
The project, for which Ensunet’s involvement spanned about nine months, proceeded in waves. Working with the consultancy’s senior architect, and program and project managers, we provided our own senior cyber security engineers (with an average of 15 years’ experience each). Together, we implemented two different leading IAM solutions: Octa and SailPoint.
Each wave was phased, often starting with a rip-and-replace of outdated systems. As new systems, policies, and procedures were established, we would work on the IAM component, just before the people and data were migrated to the new systems.
There were three waves in total, encompassing more than a dozen different workstreams. All of our work was performed remotely. This wasn’t merely a Covid consideration; it was also faster and more efficient, and reduced the project’s carbon footprint, too.
Keeping the lights on
Maintaining smoothly-running enterprise IT is often compared to “keeping the lights on.” Here, it was more than just a convenient analogy. Our project helped to literally keep the lights on (and the water running) for millions of customers in one of America’s biggest metropolitan regions.
Ensunet is one of the foremost providers of enterprise IT services in the country, as this high-profile project and marquee clients attest. When it’s time for your project, contact us for a complimentary consultation with one of our friendly subject-matter experts.