When public sector entities merge, IT system harmony and cost reductions are the order of the day; especially when the public is listening. Integrating 5 different instances of a major financial management system along with a range of database instances were the first projects to be tackled. After 18 months of work, the project was in excellent shape and only required a security audit before completion.
The security audit revealed several issues that were subsequently raised with suppliers. Suppliers acknowledged the flaws and stated that platform upgrades were required. A migration analysis concluded that these upgrades could add 1 year to the project and would marginalize the gains previously communicated publically. RedShield, a government application publishing panelist, were engaged to assess if shielding was a viable option.
As a presales exercise, RedShield studied the security audit report, then worked with the security tester to design and fine-tune the proposed shields. After a couple of iterations, the pen tester agreed that the shields fully remediated the highlighted issues. RedShield deployed the solution in line with customer change management over a 4-week period. The ensuing retest gave a clean bill of health and the integration was successfully completed without any risk acceptance.
“A couple of stubborn security issues came close to re-railing our whole project. Being forced to upgrade the whole platform would have caused huge disruption, cost and delays, but appeared to be our only option. With RedShield we were able to address just those
discovered issues and keep the project on track.”
The highly visible public sector customer not only deferred a costly upgrade exercise, but met project timelines and delivered on public expectations. RedShield reports gave management insight beyond expectation into levels of risk exposure and details on how that risk was being addressed. RedShield experts continue to monitor the tools and systems 24/7, audit the application defenses weekly, respond to any customer queries and application updates, and provide monthly commented analyst reports.