One of the country’s largest utilities reached out to the leading experts to overhaul its outdated cyber security posture. Ensunet helped one of the Big Four consultancies to respond to the utility-issued request for proposal (RFP), specifically the portion devoted to critical identity access management or IAM. When that consultancy won the RFP competition, they tapped Ensunet for execution of this vitally important project.
The project was a top-to-bottom assessment and overhaul of the utility’s cyber security posture and shoring up of its existing vulnerabilities. The initiative spanned everyone from the C-suite to field workers in manholes and bucket trucks, with thousands of pieces of hardware, both in the offices and among company-issued mobile devices in the field.
Complicating the situation was the deferred state of maintenance and upkeep for virtually all IT components and systems: Most were at the ragged end of their manufacturers’ support lives, requiring a rip-and-replace (along with new configuration) before the IAM component could even be considered.
Existing security procedures were equally outdated, relying on the old username/login protocol, backed by outdated “challenge questions” (with weak barriers such as “What was your mother’s maiden name?”). Modern updates, such as multi-factor authentication and single sign-on functionality, were sorely lacking.
Ensunet implemented two different leading-edge IAM solutions: Octa and SailPoint.
The project, for which Ensunet’s involvement spanned about nine months, proceeded in waves. As new systems, policies, and procedures were established, we would work on the IAM component, just before the people and data were migrated to the new systems.
There were three waves in total, encompassing more than a dozen different workstreams. All of our work was performed remotely. This wasn’t merely a Covid consideration; it was also faster and more efficient, and reduced the project’s carbon footprint, too.
Once the new systems were in place, Ensunet provided as-built documentation. We also cross-trained internal utility employees on how to use the new servers and systems, including how to back up data, add and delete new user accounts, and so on.
Ensunet worked with the consultancy’s senior architect, and program and project managers. We provided four of our own senior cyber security engineers, each with an average of 15 years’ experience. We also worked directly with the utility’s internal IT team, both in the training noted above, as well as in weekly standup meetings during the course of our nine-month involvement on this $80 million project.