Azure Blueprint Case Study

Delivering a bespoke collaboration facility

Enabling a ‘Big Four’ accountancy firm
to securely manage
protectively marked data

Utilising Microsoft Azure as the foundation, Xpertex provided a multinational accountancy firm with a highly secure, compliant compliance platform.Contents

Thank you for reading our

Delivering a bespoke collaboration facility, enabling a ‘Big Four’ accountancy firm to securely manage protectively marked data

About the Client

Our client is a multinational professional services firm, headquartered in London and part of the accountancy sector’s ‘Big Four’.

Challenge

To ensure that data classified up to OFFICIAL-SENSITIVE could be securely exchanged between departments and commercial entities, the UK Government created a Code of Connection for communications between Public Sector and Private Sector bodies. With many such contracts already in place with the UK Government and new opportunities regularly presenting themselves, the client took the decision to invest in a secure collaboration facility, accredited to OFFICIAL-SENSITIVE, to allow them to hold and process protectively marked data in full compliance with the new Code and reducing the risk on their corporate network.

In the past, handling tenders and responses which contained such information was a slow and manual process. It was therefore recognised that the client required an accreditable solution, connected electronically, to allow them to not only securely transfer classified information, but enable security cleared personnel to collaborate effectively with their colleagues and clients.

Xpertex’ reputation was key to the client extending the invitation to the tender for this project. Xpertex’ extensive experience in Central and Local Government, security cleared technical staff, and deep knowledge of secure remote working on Cloud platforms would prove invaluable to the success of the project.

Solution

In keeping with the client’s ‘Cloud First’ strategy, the facility was hosted in Microsoft Azure and configured to allow employees to connect via any corporate device. This would enhance their ability to respond quickly and effectively to tenders, as well as supporting the delivery of world-class solutions to their current and prospective customers.

Xpertex established a blueprint and a suite of delivery templates to rapidly deliver a collaboration platform built around Windows Virtual Desktop and the Microsoft Office 365 products, along with email, Teams, and SharePoint capabilities. Following an agile delivery methodology, the delivery team delivered the required technical capabilities across two weekly sprints.

Using standard blueprints deployed via scripts enabled the client to receive a new build each time they logged in. This reduced the amount of support calls received, as well as the overall security risk footprint. With Azure’s dynamic scale up/down capabilities, the system would be able to expand or contract dynamically, on demand, to optimise future scalability.

For additional levels of security, measures were put in place to allow the client to maintain full access control at all times. Authorised users would be issued with the relevant credentials to access the accredited environment using their corporate laptops. These laptops would be used to start a virtual client image to access the environment, effectively rendering the device as a thin client. A secure access gateway was implemented between the corporate network and the Azure platform, so the collaboration environment would only be accessible if the identities of both the user and the platform could be verified. Once in the environment, all email traffic would be directed from the Microsoft Exchange 365 infrastructure, with all collaboration data stored in Microsoft SharePoint 365.

To ensure the ‘who, what, where and when’ of all security incidents (misuse, inappropriate access, data leakage or fraud, for example) could be automatically tracked, an industry leading SIEM product was utilised. This would automatically collect and analyse all log data from host systems, security devices, and network devices, flagging any activities in breach of company policies, or that would create a known business risk, so corrective action could be taken. By providing security teams with a dynamic, real-time view of security across the entire network, their activities could be focused on the areas of greatest risk.

The entire solution was deployed, delivered, tested, and transitioned into support within an eight-week period. The relationship built between the client and supplier teams enabled everyone involved to quickly establish trust and credibility, with the resulting collaborative approach key to the success of the project.

Since the success of the initial deployment, the partnership has continued to thrive, with Xpertex delivering and supporting additional technical solutions to further optimise collaboration between the client’s staff and their public sector clients. Xpertex continue to provide the client with ongoing support during their core business hours, including a remote Service & Incident Management service. The system has successfully been accredited annually and remained stable throughout, and so the client’s satisfaction in the system has always remained high.

Solution Benefits

Highly secure, compliant exchanges of data classified up to OFFICIAL SENSITIVE between internal and external teams through a bespoke, Azure-based collaboration platform.
A reduced security footprint, with full access control of all users and devices.
A dynamic, real-time view of the entire network security ecosystem, optimising the effectiveness of internal security teams.
Complete, on-demand scalability.
Risk reduction of the corporate network.
Solution validated and approved by Microsoft UK.