An Oregon-based financial services provider with more than 90,000 members. The client requested help with an ongoing operating system migration as well as security and compliance updates mandated by the financial industry. Industry audits last year had shown they were behind on implementing required security standards to meet compliance.
As a financial institution, the client was required to be National Credit Union Administration (NCUA) compliant. In order to be considered compliant, the client needed to harden workstations for security purposes using an industry recognized framework. They were also required to complete a server migration, phasing out an older server that didn’t meet security standards. These projects required additional staff to allow some team members to oversee day-to-day operations while others concentrated on the implementation.
EdgeLink provided a consultant with experience as a Windows Systems Engineer to provide guidance on the operating system migration, as well as the mandated security and compliance work. To begin, the consultant helped identify a recognized framework for the organization to implement. After deciding on the Center for Internet Security (CIS) guidelines, the consultant began the implementation project for Windows 10 workstation security hardening. The process involved implementing group policies to limit access, run limited rights, set password complexity, and specify encryption protocols. In total, more than 600 settings were validated and tested for compatibility to make sure implementation wouldn’t break any applications.
EdgeLink helped the client complete the crucial security and compliance updates required without any disruption for the client’s internal users. The project encountered almost no technical challenges and was completed on time at the six-month mark. Recent financial industry audits showed that outstanding security issues had been addressed and significant progress had already been made to conform to coming compliance standards. The client was so pleased with the work of EdgeLink’s consultant that they hired him full time. He is set to begin working on a similar CIS implementation project for the client’s servers.