A leading transportation systems and services provider specializes in information systems for the transportation industry. It services three of the top 15 toll authorities in the U.S. and processes over two billion toll transactions annually at highly advanced toll authorities.
With major business growth occurring, senior management at the client wanted to ensure that their information security was keeping up with the growth. Protecting the organization’s reputation was a board-level concern.
In addition to general information security concerns, the client was specifically concerned about phishing attacks and Microsoft 365 breaches. Organization management had heard a rash of media reports highlighting compromises of Microsoft 365 via misconfigurations. Given the importance of Microsoft 365 to their organization, they were particularly concerned about potential compromises of their environment.
Initially, Celsior provided an Information Security Assessment program to benchmark the client’s current security posture and develop a roadmap for improving it. This assessment leveraged the NIST Framework at its core as this maps to all other standards and frameworks—allowing an “assess once, map to many” approach. As part of this, we used a review and an automated scan to identify technical vulnerabilities and capability gaps.
To address the Microsoft 365 concerns, we conducted Microsoft 365 log reviews of key personnel to identify subtle indicators of compromise that could escape the automated analysis. The assessment determined that while technical vulnerabilities were being adequately addressed, gaps still existed from a programmatic standpoint that needed attention.
Celsior worked with the client to develop a customized roadmap based on their plans for growth over the next three to five years. This ensures that cybersecurity is “baked in” rather than “bolted on.”
The roadmap also indicated areas where the client could further enhance their cybersecurity posture by utilizing some advanced features Microsoft offers at a higher license capability. The additional license cost was offset by identified license savings, resulting in increased security for roughly the same price as they were already spending.
Based on strong delivery, the client later contracted with us for a Virtual CISO. They were very happy with this arrangement and have significantly increased the contracted hours of the Virtual CISO based on the strong value that he has provided.
Enhancing client experience and reducing costs with a digital assistant.
Learn More
Improving customer experience through self-service capabilities.
Learn More
Delivering application modernization and strong software maintenance.
Learn More
