Activating all security features would bring things to a standstill

Global user base and 70 satellite-connected vessels make Marin IT's systems complex.

27.06.2019 14:00 EEST (UTC +3)

Article

Marineholmen, in central Solheimsviken, Bergen, is the hub of the town's marine technology achievements. There, Nils Olav Åsen and his team manage IT solutions for users all over the world. Nils, the Chief Solutions Architect at Marin IT, has been working closely with Innofactor to migrate between 4,000 and 4,500 users to the cloud.

Marin IT is owned by DOF, a shipping company providing offshore and subsea services, and the fishery company Austevoll Seafood. With users and companies operating all over the world, Marin IT has established offices in Houston, Rio, Macaé, and Perth, as well as in Bergen and Austevoll.

"It's a very complex infrastructure. Sophisticated systems and around 70 DOF boats communicating via satellite just add to the complexity," says Åsen.

Users who leave — a security risk

Innofactor has been working with Marin IT since the cloud migration began in 2014. All users associated with Marin IT's customers, and the related e-mail, private folders, and some shared folders have now migrated. It was important to move only actual users.

"When you have temporary employees on projects that come to an end, the list grows of people who should lose access. This can pose a huge risk if you lack robust account deletion routines," explains Jørn Ellefsen, Managing Director of Innofactor Norway.

For this reason, Marin IT consulted the customers' HR departments to verify who the current users were, before migrating them to the cloud: only actual users were migrated.

More secure than an in-house data center

Customers often ask Åsen how safe it really is to migrate to the cloud. Is having everything out there on the net sufficiently secure? Is there sufficient control?

"The answer is that migrating your identity, email and personal folders to the cloud brings lots of new security-related features, providing more security than an in-house data center," says Åsen.

An example of this is the securing of user accounts. If two people log into a user account simultaneously, one from Norway and the other from somewhere else in the world, this is detected by algorithms that trigger an alarm. To log in, the user must then use multi-factor authentication to confirm his/her identity. This was one of the first issues to be resolved.

All Microsoft cloud services include an arsenal of security features. The challenge lies in their balanced adaptation, something at which Innofactor's consultants excel.

 

When security staff have too much power

"All security settings are turned off as a default. If you switch everything on, you might just as well go home. You will accomplish absolutely nothing," says Erik Monsen, Business Development Manager at Innofactor, who has been working closely with Marin IT to achieve the right security balance.

It is crucial to strike a balance between effective security, interaction and sharing. The objective should be security for the user without compromising availability, interaction and innovation.

"Work soon becomes no fun at all if you have to log in using two-factor authentication each time you want to read an e-mail or use 16 parameters to save a document that you need to classify. This is familiar to people who have worked in places where the security staff have had too much decision-making power," says Ellefsen.

"You may then end up with the paradox of systems that are less, rather than more, secure. A shadow IT problem develops, because users create their own, more efficient solutions, such as a free cloud-storage service account. The higher you set the password requirements, the more likely you are to find a yellow post-it, showing the password, on someone's screen," Monsen explains.

The goal is to implement cloud-based security in a totally unobtrusive way for the user. Because users are not always aware of whether certain choices are safe or potentially disastrous, a security solution should be built that liberates them from making such decisions, while being automated and intelligent enough to safeguard them.

Revoking e-mail


Users at Marin IT have welcomed the early phase of migration to the cloud, largely due to the better availability and new functionality it has brought. The next stop for migration will be providing new and more secure functionality for e-mails, attachments and document sharing.

"For example, we can add features to ensure that only the intended recipient opens an external e-mail. Or you can send an e-mail stating that the receiver can view but not print or forward it. You can even revoke the attachment in an e-mail if you have sent it to the wrong person, or no longer want the receiver to access the document," explains Åsen.

"This may be relevant if you are delivering a tender and want to prevent sensitive information from falling into a competitor's hands. In such cases, you can track the documents and see where in the world they have been read, or whether there has been an attempt to forward them, for example. At Marin IT, we are now testing these issues, which must be gradually introduced for our customers," he continues.

In this way, we can progressively fine tune the security features, for example by allowing the user to open a document on a PC as long as he or she is using an IP address within the management network, but not in a Russian hotel or if a family Mac has been logged into the company's WiFi.

Many supporting members

"Just as I 'subsidize' my fitness center, Microsoft has an incredible number of businesses that are 'subsidizing' members, who are paying for functionality they do not use. Unaware of the full range of possible features, they fail to create a comprehensive security policy based on Microsoft 365. We see many types of cyberattacks or data leaks that could have been avoided by using tools already at the customer's disposal," says Monsen.

This is where Innofactor comes in, by helping to configure Microsoft 365 on a holistic basis. This ensures that you get what you pay for and are aware of the new features continuously being released. From this perspective, migration to the cloud can be viewed as an unending Cloud Journey.

Last winter, Innofactor was declared security partner of the year 2018 by Microsoft, an award that Åsen believes is well-deserved. Innofactor's expertise has been worth its weight in gold to Marin IT.

"Although we have many skilled staff with the latest expertise at Marin IT, it would probably have taken much longer to do this ourselves," says Åsen. "Time is money."

"It is important to realize that there is also a business upside to cloud solutions. You may pay more in licensing fees per user but save a lot by dropping various third-party software with high licensing costs that requires management and maintenance skills," Monsen concludes.

This article has been originally published at Digi.no.

"We see many types of cyberattacks or data leaks that could have been avoided by using tools already at the customer's disposal."

 

Erik Monsen
Business Development Manager
Innofactor Norway

To provide you with a better user experience, we use cookies on our site. By continuing to browse the site you agree to the storage of cookies on your device.