Case №1
How we helped an online retailer improve
cybersecurity protection and meet PCI DSS
compliance requirements in 3 months,
reducing costs by 50K and increasing the
quality of remote access by 62.5%
We were approached by a large e- commerce company from the USA. The company has a network of retail stores around the world.
What business problems did the client want to solve?
Ensure the security and continuous operation of the company's business processes in the face of a growing number of cyber threats:
✔️ Provide remote secure access for employees.
✔️ Organize access control to internal resources based on the role model.
✔️ Standardization of change ocesses, regular audit of the configuration of firewalls and network equipment.
✔️ Update an outdated fleet of equipment that provided inadequate security.
✔️ Ensure compliance with regulatory requirements and security standards (PCI DSS).
What pitfalls did encounter in the project?
- Staff turnover, as a result, the lack of proper documentation and description of change management processes.
- Communication gaps hindered task completion, delaying a unified strategy for information security management across internal divisions.
- High personnel expenses, regardless of qualifications, create a price-quality dilemma as contractors may lack the necessary expertise.
The methodology we choose:
✔️ Conducted IT hygiene for complete documentation of the inventory of IT infrastructure elements.
✔️ Created a prototype (PoC), because requirements were unclear and incomplete, a list of low-level requirements (LLDs) was finalized during the PoC stage.
✔️ Used best-practice approaches to building a remote access architecture using 2-factor user authentication.
How we approached this:
An inventory of AD user groups, as well as infrastructure, firewalls, network equipment and communication channels was carried out.
✔Step 2. Architecture design
The design of the solution architecture was created: diagrams of connections and work systems
✔ Step 3. Work plan
Prepared implementation plan with a timeline.
✔ Step 4. Communication
We have proposed a way to organize communication between departments.
✔ Step 5. Pilot project
We deployed a test (pilot) PoC to show the customer the operability of the architecture.
✔ Step 6. Introduction
Implementation in production and industrial operations.
Key results
💰 Achieved 50 000$ budget savings, deployed VPN system for 1200 users in 3 months, meeting business requirements and industry best practices.
🚀 The remote VPN service requests to Help Desk team decreased by 62.5%, with 92% of the requests being resolved at the first line of support (90 000$ budget savings).
As a positive indicator for us, the client offered to cooperate further and receive technical support for the implemented
solution on an ongoing basis (139 000$ budget savings per year).
ABOUT ME
Maksim Avtonenko
- Founder and CEO of OutsourceIT.PRO.
- Expert in cybersecurity with over 12 years of experience.
- I help retail companies in the US to improve cybersecurity protection by providing full visibility of the actual IT infrastructure state.
- Implemented more than 5 major projects for clients from EMEA, USA for the last 7 years of work.
What's next?
If you're facing similar challenges or have inquiries, let's schedule an online meeting ?
(ZOOM, GOOGLE MEET, SKYPE)
Request a call here:
