A startup company dealing with risk approached hexegic® after outgrowing their initial, start-up orientated IT infrastructure. The nature of the business exposes it to a considerable threat level and there was a concern that this was not adequately mitigated. There were also significant availability, resilience and scalability concerns. hexegic® were asked to provide guidance and recommendations for an infrastructure design that would allow the cyber security risk to be appropriately managed. hexegic® successfully designed and delivered an infrastructure that has both significantly improved the cyber security of the company and supported an aggressive expansion.
hexegic® initiated engagement via a series of teleconferences, enabling our Consultants and Architects to engage with a senior board member and the IT team. We took the time to understand the current system architecture and services, as well as the increased services that the new system would be required to deliver. We also ensured that we fully understood where the existing system did not meet the requirements of senior board members.
The company employs software developers and information analysts. Software developers are highly skilled and tend to demand freedom to achieve their tasks; they occasionally circumvent security controls that they consider unnecessary or unduly onerous. The information analysts target nefarious actors on the dark/deep web and thus require routine access to hostile areas of the internet. In combination, the circumvention of security controls and the wrath of malicious actors makes the company a major target. The board and IT team had a clear understanding of these issues and were very aware that their IT infrastructure did not facilitate effective cyber security risk management. The company also had aggressive growth plans that would exacerbate the issues presented by their current infrastructure.
Once the requirements were fully understood, hexegic® produced several high-level infrastructure designs. These all offered the company greater visibility and control of user accounts, network traffic and applications, with improved internal and external defences and, additionally, enhanced monitoring functionality. On-premise, co-located and cloud options were presented and fully explained, enabling the board to select one for further development. The board were all from a technical background and readily understood the details of each approach. This meant that a presentation and discussion method was used to communicate the various options, rather than more traditional means (such as a formal report).
Each option was well presented with positives and negatives
we felt fully involved in the evolution of our service.
During the development of the selected approach (co-location, with some cloud services), hexegic® applied design principles that have been proven during the delivery of accredited infrastructures for our government and defence sector clients. This included a fully managed infrastructure service, highly segregated internal infrastructure, centralised management functions, ongoing vulnerability assessments, patch management and configuration management activity.
The final phase of our engagement involved deploying and testing the new infrastructure, progressively migrating users onto it and decommissioning obsolete parts of the old infrastructure. This was achieved over a five-month period and signed off by the board.
The infrastructure designed and delivered by hexegic® has successfully supported the expansion of the company into the USA and Europe, enabled the delivery of an upgraded isolated browsing solution and facilitated the development of new services.