Stay up to date with the latest cloud insights from our CTO
Case study
How SIG uses the cloud to strengthen their security posture
Healthy growth is the goal of every company. Opening new branches, hiring more employees, increasing revenue – this is what every business aims for.
Company Size:
6,500+
Industry:
Construction
Country:
UK
Since 2018
Technologies used:
Azure AD
Azure Sentinel
Multi-Factor Authentication
With expansion, come challenges. You may acquire new divisions which use their own systems. Employees in one branch or country may end up using different processes or technology to another.
As a result, your operating costs increase and profits can reduce, as the cost of maintaining all these environments grows. And then, there’s the eternal question – how to keep all of them safe?
This is the challenge that SIG has been facing. Turning to the cloud helped them to find the solution.
Setting the goals
SIG is a leading supplier of specialist building products, established in 1957 in Sheffield, UK. At the time of writing, the company operates across Europe out of 425 trading sites and counts 6,500 employees.
As SIG expanded, their IT environment became more complex. Over time SIG inherited separate IT infrastructure within each region, with individual teams working according to different processes.
Eventually, maintaining and operating the company’s systems started to consume increasingly more time and resources. As IT is not SIG’s primary line of business, it was decided to bring in external operational support, so the organization could focus on delivering specialized services to their customers.
The company developed a long-term strategy for migrating to the cloud, which would unify their IT environment and allow them to take advantage of the latest security and identity management features. This would not only simplify collaboration between different company divisions, but also reduce operational costs by optimizing IT resources.
As SIG had a prior relationship with Predica, they enlisted their help with executing this plan.
Simplifying identity management
The consolidation process began in 2018, when SIG decided to consolidate regional Active Directories onto a single Active Directory platform for the Group. The objective is to streamline identity management. As a large engagement, the project is still ongoing, however it is already yielding results. The solution made it easier for employees to communicate with each other, as all contacts were consolidated in a shared, global address book.
Both this process and the subsequent engagements strengthened the partnership between SIG and Predica, who effectively became an extension of the group’s own team.
Enhancing security
SIG have also been continually strengthening their security posture by implementing a number of solutions designed to protect both their users and resources. The company wants to ensure consistent standards of protection across the enterprise, and simplify operations with easy deployment of new solutions or services to all regions.
Having introduced a number of Azure security services, SIG can benefit from automated identity lifecycle management and multiple security measures, including MFA and self-service password management.
New solutions also make it easier to maintain compliance with internal and external regulations, by automating rule enforcement on various resource groups. Streamlined IT management also allowed employees to save time, more of which can now be spent on helping the company’s customers.
Introducing next-level protection
The organization is highly proactive in its security approach, and to support their efforts, they have recently chosen Predica to provide a 24/7 managed Security Operations Centre (SOC) service.
With the use of a cloud security information and event management (SIEM) solution based on Azure Sentinel, it will be possible to automatically identify and mitigate smaller threats before they have an impact on users, saving valuable time on responding to low-risk incidents. The service will also provide large-scale monitoring capabilities, processing data related to security in real time, and evaluating it against multiple sources of known threats, to enable pro-active hunting and fast response to threats.
Example dashboard from Azure Sentinel (not showing real data)
Carl Baron, Chief Information Security Officer for SIG, is leading the company’s new security strategy. He states:
Azure services make it easier to manage and secure our systems, and introducing Azure Sentinel for advanced protection was the logical next step within cloud-oriented strategy. Having a Managed SOC service enables SIG to support the business with the necessary security knowledge and skill without building an internal capability, helping SIG deliver value to our business and customers. Predica was a clear choice for us, given our long-time partnership – they have proven themselves to be trustworthy when it comes to the IT Security space.
Getting ready for the future
SIG is consequently realizing their strategy towards a cloud-first environment. Using the cloud gives them more capabilities when it comes to managing their environment.
The organization has already made improvements in their security posture and resource optimization. With the support from Microsoft and Predica, they are well on their way to reaching their objectives of consolidating and optimizing their IT resources.