A City based Investment Advisor wanted to reduce IT costs and implement a fully secure platform for hybrid working.
As part of a process to move their trading platform to a hosted service, the client wanted to move all their internal servers to the cloud and configure a system that would meet their FCA regulation obligations.
SY have completed the migration to Microsoft 365 which includes:
- Microsoft Azure SQL instances and migration of existing Access database
- 365 SharePoint for all existing company data
- Exchange server and email journaling
- Azure VPN gateway for secure access to SaaS trading platform
With users handling highly sensitive client information, we needed to ensure that data was fully protected even where traders were working from home. To ensure this was the case, we set up Microsoft Windows 365 hosted PCs for all users.
- Users access ‘their’ PC through an internet browser from any device
- Access is protected though secure password and 2-Factor authentication
- Users can work from anywhere without data ever leaving the Microsoft 365 platform
- Data Loss Prevention rules mean we can manage and restrict transmission by email or copy/paste by data type, keywords, or document tagging
Backups of the entire platform are encrypted and automated six times daily to a secure AWS platform.
As well as the migration, SY implemented the following security features as part of our ongoing TaO (Threats and Opportunities) IT management plan. Our TaO report is the subject of out monthly client meetings and available through our customer portal:
- SY technicians will ensure network devices are kept patched up to date with the latest manufacturer updates and patches
- Users are restricted from installing unapproved applications. This process includes the compilation of a company approved set of applications and change control approval system.
- Using Microsoft Mobile Device Management (MDM) we manage how data is accessed from mobile devices and take steps to protect your data in case defences are breached
- All PCs only have a company profile that is managed through your Microsoft 365 Active Directory.
- Our auditing tools provide SY technicians with real time analysis on threats and issues in Microsoft (or 365) Active Directory
- Limit access to company data to only from the UK (or nominated countries)
- Anti-Virus solution installed
- Set date ranges for data retention / archive / deletion by folder of file type across all company held data
- Sweep all company data stores to locate and manage personal data held by your organisation
- Users can reset their own password by utilising MFA
- Out team send out ethical phishing emails to help train users to spot a fake email asking for password / bank etc details.
- Set up of a standard signature and company disclaimer that will automatically apply to all outgoing emails sent from any device
By ending the requirement for local servers and comms room we have demonstrated real time savings in maintenance, lifecycle replacement and power consumption and office space as well as deploying a robust secure and scalable solution for our client. The deployment has also resulted in a reduced user support requirement, although when they do need help SY’s brilliant customer care team is readily available.