Facts at a glance
To keep up in a fast-moving industry, the client needed an economical, healthy cloud landing zone for future growth and seamless user interaction.
- Multiphase migration strategy
- Upgrades to production
- Upgrades to legacy identity environment
- Security-focused assessment of Azure Landing Zone and Active Directory
- Drastic improvement of identity secure score
- Passed all 44 controls for regulatory compliance
- Fortified back-end security and well-defined user roles
- Seamless global communication for administrators
A long-standing fashion retailer, with brick-and-mortar stores across the U.S. and an online presence that launched in the early 2000s, has since increased its reach, opening storefronts in more than 30 countries across the globe.
Originally, the client created its cloud structure in-house on an as-needed basis. Because the network was created in the early stages of companies moving online, the structure was not built with a global transition in mind. Without a unified network environment, the client faced challenges in upgrades and expansion, as well as gaps in its security environment and communications.
Before expanding on front-end ideas, improvements on the back end were critical.
The client knew a stronger, more cohesive network was needed to better secure customers and employees, clarify user roles and create a more seamless user experience overall.
For the first round of updates, the retailer wanted to ensure all aspects of the cleanup were completed as securely as possible, compliance measures were on track to pass and a Single Sign-On (SSO) implementation was completed. From there, further enhancements could be discussed.
The retailer enlisted the help of Insight to conduct a health check of its Azure® Landing Zone and Azure Active Directory® (AD), and discuss options for SSO implementations and future improvements.
At the start of this engagement, the retailer was already in the middle of an upgrade on an AD environment. Together, we made a strategic plan — ensuring that the upgrade would finish with the newest version, and that improved performance would enable smooth integration of subsequent updates and add-ons.
With an open line of communication, Insight was able to assess the client’s Azure Landing Zone from a security perspective, making a list of items that were in good condition, and those that needed updating. The same was done for the AD on-premises. From there, we could immediately tighten security of the landing zone, clean up the AD, implement an SSO experience for users and create a foundation for structured expansion, as discussed.
Today, the retailer has reshaped global admin access. With an audit of current user role assignments, the company strategically reduced its once ad hoc user base from 16 to five and enabled multi-factor authentication.
Insight also helped the client shift to Webex® pointing to the Azure AD rather than Active Directory Federation Services (ADFS) on-premises, completing the desired SSO implementation.
Using quick fixes, Azure Security, and Azure governance and connectivity, the client’s identity secure score has tripled, moving from 16% to 53% — with a projected short-term target of >60%.
Additionally, we now have short-term targets of increasing the subscriptions secure score to above 80% and passing all 44 controls of regulatory compliance.
The new, updated Azure AD Connect server and future-state governance blueprint provided by Insight laid strong groundwork for further applications and developments for the client, its employees and its customers. Insight and the client continue to work together to elevate user experience and online security.