Contact Sales

Cloud Security & Compliance: National Grid (Top 10 Utility company Globally)

FalconRock-National Grid

National Grid is a top 5 US energy company, operating a hybrid cloud environment, utilizing both private and public clouds (Azure and AWS), including SaaS applications and cloud-based solutions was severely lacking Cloud security capabilities and failing compliance.

Challenges

  • Security Vulnerabilities: National Grid Corporation faced significant security risks, including vulnerabilities in code, endpoint protection gaps, and inadequate privileged access management.
  • Complex IT Environment: The organization had a complex IT environment with multiple systems and applications requiring integration and security enhancements.
  • Compliance Requirements: Ensuring compliance with various regulations such as SOX, SSAE16/ISAE3402, and PCI was critical.
  • Cloud Security: Transitioning from on-premise systems to cloud-based solutions required robust security measures and governance frameworks.
  • Resource Management: Managing a large team of security architects, engineers, and offshore teams while aligning with business objectives and budget constraints.

Solution

  • Security Services Establishment: Implemented comprehensive security services, including vulnerability scanning, code analysis, license management, and test data masking. Strengthened leadership teams and agile teams to ensure effective solution management.
  • ForgeRock CIAM Solution: Designed and architected a Customer Identity and Access Management (CIAM) solution for the Gas Business Enablement (GBE) customers.
  • Advanced Security Solutions: Implemented solutions for OAuth2.0, Mutual TLS, SSO, MFA, RBAC, PAM, and access governance. Addressed security gaps in endpoint protection, ITGCs, and privileged access management.
  • Cloud Security Posture Management: Utilized Palo Alto’s Prisma Cloud for multi-cloud security posture management, continuous compliance, and automated remediation.
  • Security Tools Implementation: Deployed Nessus for vulnerability scans, CheckMarx/VeraCode for security testing, and SonarQube for continuous inspections.
  • Enterprise Security Roadmap: Developed and managed the enterprise security roadmap, including SecOps, DevSecOps, and compliance efforts. Implemented CyberArk for privileged access security and IBM’s InfoSphere Optim for data governance.
  • Zscaler Platform: Designed and implemented the Zscaler platform for SSL inspection, secure web gateway, and cloud application control.
  • Compliance and Governance: Redeveloped corporate IT policies in alignment with the NIST Cybersecurity Framework. Provided leadership for transitioning to cloud-based solutions and ensuring compliance with regulatory requirements.
  • Team and Budget Management: Built functional teams, directed IT operations, and managed a budget of ~$26MM. Delivered IT responsibilities for compliance needs and developed foundational IT operations capabilities

Tangible Results

  • Enhanced Security Posture: Mitigated security risks and addressed vulnerabilities, leading to a more secure IT environment.
  • Cost Savings: Achieved significant cost savings through automated vulnerability scanning, threat analysis, and efficient resource management.
  • Compliance Achievements: Ensured compliance with SOX, SSAE16/ISAE3402, PCI, and other regulatory requirements.
  • Improved Cloud Security: Successfully transitioned to cloud-based solutions with robust security measures and governance frameworks.
  • Operational Efficiency: Strengthened IT operations capabilities, resulting in improved efficiency and effectiveness in managing security and compliance efforts.
  • Team Growth and Development: Managed a period of IT personnel growth exceeding 40% per year, building a strong and capable security team.