The Cloud Collective has shifted NRMA Insurance onto Microsoft 365 as the company moves to remote work.
The partner collective, which consists of Quorum, Antares Solutions and Icomm, deployed Microsoft 365 E5 licences, providing access to tools such as privileged identity management (PIM), privileged access management (PAM), advanced threat protection, end-point detection and response and cloud app security.
On top of this, the Cloud Collective also rolled out Windows 10 following the expiration of Windows 7 earlier this year.
The move is intended to improve NRMA's visibility and transparency across the organisation through automated tools. According to the collective, these enable more than 2,000 staff to access internal systems remotely in a secure environment.
The NRMA Group includes businesses such as Thrifty Australia and New Zealand, My Fast Ferry, Fantasea and Australian Tourist Park Management, with more than 4,000 staff spread across 150 locations.
Quorum managing director Mark McLean said the company developed a new blueprint and digital foundation to NRMA, having worked with the insurer for the past two years.
Other projects included the design and build of their Microsoft Azure platform, a Windows 10 deployment as well as identity-related initiatives.
NRMA senior manager of infrastructure Chris Swadling said the company was continually looking to improve its security posture.
“We’ve got a well known and trusted brand. We don’t ever want to compromise the loyalty and trust that comes along with that,” he said.
“We were primarily looking at ways to improve our security, compliance and data governance posture across the group. We want to continuously improve security controls without impacting the ability of our people to work and collaborate.”
Swadling said some of the things the company has prototyped or implemented include PIM and PAM, advanced threat protection, end-point detection and response (EDR), cloud app security, Azure Information Protection (AIP) and conditional access and multi-factor authentication (MFA). The company is also piloting Azure Sentinel.
So far, NRMA is six months into the project, with the roll-out featuring Teams and plans to take on Enterprise Voice in the future.
“The main changes for them are registering for things like MFA, getting used to tagging mail and documents correctly,” Swadling said. “What it does for us as a technology team is that it gives us more visibility into what’s going on, across the organisation and the option to implement controls more rapidly. There’s also a lot of automation/autonomy in these tool sets so that takes some pressure off the team.”
Swadling said prior to COVID-19 there was only a small percentage of staff that accessed systems remotely. Post-COVID, nearly all staff have turned into remote workers and worked with Cloud Collective to use tools like conditional access and MFA in front of its VPN to help secure its distributed teams.
Azure Proxy was implemented in front of the platform that’s used by NRMA’s contact centres.
“The goal for us long term is to move away from reliance on our physical locations and networks, and move to an identity-centric model, where our people can do what they need to do from where they want to on any devices they would like. Ensuring we have the appropriate security in place is key to us achieving this,” he said.
“It’s been both a challenging and interesting past six months. It feels like we’ve done more in the last six than we did in the 12 before that. It’s been exciting.”