Case study

Enabling seamless access and secure device management for a leading recruitment firm

Our client needed to respond to a changing world of secure remote access across multiple digital platforms.

The recruitment industry is fiercely competitive. Jobseekers and HR departments alike want to work with recruitment providers in new digital ways – making it easy to find, post, and share job information and CVs. A recruitment company’s stock and trade are to store and process personal information daily – so trust, security, and privacy of sensitive information are paramount.

Our client in this space is currently undergoing a period of massive technical change to enhance the security stance of their enterprise infrastructure – whilst also offering productivity and collaboration gains to end-users.

Through improvements to its security visibility and deployment of Microsoft technologies such as multi-factor authentication (MFA), conditional access (CA), Intune, and cloud authentication processes, the firm has re-enforced its position as a leader in digital transformation and security in the recruitment sector.

Results

Cost savings from vendor/technology consolidation.
Cost savings from simplifying legacy on-premises infrastructure.
Secure and seamless single sign-on to Office 365 and third-party applications.
Improved security awareness at all levels of the organisation.
Boosted MDM and BYOD security through the deployment of Microsoft Intune.
Improved security posture through MFA, conditional access, and Intune.

Watch 3-minute Security Posture Assessment Demo

Identify hidden threats and prioritise security risks.

Adapting recruitment in a world of remote access and different digital platforms

This once traditional recruitment and training provider has been on a journey of digital transformation over the last five years, which has brought about some tremendous growth opportunities. With the growth of the Internet and social media as a means for job seekers to find their dream role, our client has invested heavily in new digital platforms and routes to market.

Our client has a very large online presence in the recruitment sector in over 35 countries across the globe. It offers a website with a huge database of job opportunities that also acts as a customer portal, where they can log in, save down CVs, save job searches, update personal details, and more.

As a result of its growth and digital presence, the organisation holds and processes vast amounts of personally identifiable information (PII) on its customers. As their CISO stated: “CV sharing is our business, and we need to find the most secure solutions to share this information safely.” As a result, data protection and compliance with GDPR regulations were extremely important to the organisation and the Board.

With over 7,000 employees spread across 140+ offices (and working remotely), the organisation also had challenges around ensuring they controlled access to this sensitive information – and in a way that promoted collaboration and productivity in the workplace.

As the workforce became more mobile (with employees having increased freedom to work from home / from mobile), this presented the organisation with new challenges around securing devices as well as controlling identities. The organisation was keen to find a solution to secure devices across the entire group.

Finally, with cybercrime on the rise, the organisation was also worried about the risks of any potential breach, as it digitally transformed and moved more and more data from on-premises servers into the Cloud. The security team was concerned about the visibility of their security posture, security reporting at Board level, as well as post-breach strategy and incident response plans.

With this renewed focus on security, privacy and compliance, the organisation sought to invest heavily in Microsoft 365 technologies.

Security and Privacy Current State Assessment: Providing a roadmap for the next steps forward

Kocho’s relationship with the client started at our annual Identity and Security Summit held at Microsoft’s UK HQ. The client was starting on a journey to enhance the security stance of their enterprise infrastructure. When Microsoft recommended Kocho as their Gold Partner of choice, the decision was easy.

After careful consideration, the organisation chose to invest in the Enterprise Mobility + Security Suite (EMS) from Microsoft. They also made the decision to maximise the effectiveness of their existing Microsoft licencing by rolling out Office 365 across the group.

Kocho also presented a unique solution offering that was highly valued by the client – the Security and Privacy Current State Assessment. This unique solution helped the organisation understand its current security posture, articulate threats/gaps, and provided clear next steps for remediation, which the Board could easily understand.

The security engagement began with a two-hour onsite workshop where Kocho held detailed conversations and ran assessments to determine the organisation’s current security posture.

The assessments included:

A custom-built security and privacy survey
A technical gap analysis
A cyber-attack vulnerability assessment
A shadow IT assessment
Local active directory credential risk assessments

At the end of the assessment stage, we supplied the client with a unique dashboard that highlighted their risk exposure and identified security gaps.

Alongside the dashboard, Kocho also provided a detailed business report prioritising the security gaps and proposing recommended remediation. This detailed report was designed to help articulate security risks and investments at Board level.

Following on from the Current State Assessment and report, the organisation was then keen to take the security journey to the next stage. We engaged with the client through the delivery of a series of architect-led strategy workshops to define a detailed solution and improvement plan, including:

A pilot scheme and phased roll-out for conditional access (CA) and multi-factor authentication (MFA).
A strategy workshop for the deployment of Intune and Mobile Device Management (MDM) – moving away from the incumbent system using Mobile Iron.
A strategy workshop around cloud identity and moving from federated to managed authentication (including a separate Proof of Concept (PoC) for UK & EU Regions to use Microsoft Authenticator, moving away from RSA tokens and/or Google Authenticator).

From strategy to solution implementation

After the strategy workshops, Kocho then set out on a 12-week project to consult, deploy, and embed the following solutions:

Merged Intune, CA, and MFA pilot and solution deployment

Kocho introduced the deployment of Intune into a production environment to create a joined-up pilot including Intune, MFA, and CA.

This included:

Policy updates: Updates to all Intune and CA/MFA policies including a block all ‘back stop’ policy.
Architecture design documentation: Kocho created a joined-up architecture design document detailing how MFA, CA, Intune solutions and workstreams would interact and affect the end-user experience.
Detailed solution testing: Kocho and the client created thorough test plans and test use cases for a new joined-up experience for end-users.
Knowledge transfer sessions and user adoption: Training was held with the operational teams to give them sufficient understanding to support the Intune and MFA platforms. Additional documentation and required end-user comms and announcements were also provided.

Migration to managed authentication

Often referred to as ‘cloud identity’, this activity sought to take authentication requests away from ADFS (federated authentication/identity) and migrate over to Azure AD Connect (managed authentication/synchronised identity), using either password hash sync (PHS) or pass-through authentication (PTA).

This request was important to the organisation to modernise its remote authentication procedures for non-office workers, and reduce the number of authentication tokens created daily and save on costs.

Kocho was successful in securing the client onto a ‘private preview’ program with Microsoft and Azure – designed to ease migration capability from ADFS to Azure AD in a staged manner.

As part of the migration to managed authentication project, Kocho also helped to domain-join all the organisation’s Windows 10 devices, allowing easier device management. This ensured that devices were joined to both the on-premises Active Directory and the Azure Active Directory.

This was a key factor in helping the client understand how it could evaluate ‘device trust’ and ‘device ownership’ for use with conditional access – making the authentication process more seamless for the end-user.

Throughout the authentication migration project, Kocho worked with the client on the following:

Readiness Assessment for migration of the authentication methods from ADFS to Azure AD.
Configuration of Azure AD Connect to support single sign-on.
Disaster Recovery (DR) and High-availability (HA) server build.
Migration support.

Continuing support in the changing world of online digital Recruitment

At the time of writing, the client had successfully rolled out MFA/CA and Intune, including the Windows 10 managed devices components globally.

After Kocho’s initial Current State Assessment, follow-on support, and strategy workshops, the organisation was in a great position to put in place a lot of the new technologies with their existing team. Kocho were there to support where needed with call-off support days.

The organisation is now looking to roll out some of the new Office 365 collaboration and security tools over the next 12–18 months.