When The Walsh Group, one of the largest construction contractors in the United States, moved to the cloud, it realized it needed better ways to manage who accesses its systems. The company set up identity as the control plane—with Microsoft Azure Active Directory at the center and a zero-trust security stance to better protect access to all its resources. Now, The Walsh Group CIO says the company leads the industry in securing access to its hybrid environment, giving it a competitive advantage.
Like many companies, The Walsh Group has been moving some of its IT to the cloud to take advantage of the lower total cost of ownership and reduced management overhead. But in doing so, explains Pete Vallianatos, IT Infrastructure and Security Director at The Walsh Group, it lost some control over how people sign in to use the systems because the company no longer hosts them in its own datacenters.
Zero-Trust approach with Microsoft Azure
Today, the group is developing a zero-trust approach to enterprise security. As an example, The Walsh Group successfully blocked access to its IT from outside North America—the only continent it operates in.
But, after noticing an increase in sign-in attempts from employees on vacation, The Walsh Group broadened the list of countries people can sign in from, but with added protection through conditional access.
The Walsh Group became an early adopter of Azure Active Directory Identity Protection and spent months working on its features with Microsoft.
A security roadmap emerges
Working with Microsoft on the self-service password reset project revealed 2 things: First, The Walsh Group had several areas where it could improve security across its hybrid infrastructure; second, it could plug these gaps with the tools available through its Microsoft 365 subscription.
To protect its systems against malware and attacks across its cloud, email, and on-premises environments, The Walsh Group has deployed Azure Advanced Threat Protection (ATP), Office 365 ATP, and Microsoft Defender ATP, which mutually reinforce each other, helping to stop and detect threats at every level of the company’s IT infrastructure.
The company is introducing Microsoft Information Protection, which it uses with Microsoft Exchange Online mail flow rules and Office 365 Message Encryption to encrypt email based on its sensitivity.
Ready to start using Microsoft 365 capabilities? Visit: Cloud Computing for a Remote Workforce | Long Island, NY | Motiva