Case Study - Ports of Auckland

About Ports of Auckland

Ports of Auckland Ltd has been playing a vital role in the Auckland economy for 176 years. It is New Zealand’s biggest import port and the largest and most efficient container port.

Currently the port handles nearly 1 million 20-foot containers annually for import and export services, a significant tonnage of non-containerised cargo and over 200,000 cars and light commercial vehicles.

The port also helps New Zealand exporters deliver their products to the world, with a network of freight hubs across the North Island which provides exporters with choice and supply chain efficiency.

As New Zealand’s premier cruise port, over 100 cruise ships and 250,000 passengers are handled annually. Each ship visit is worth about $1.5m to the local economy.

Major projects underway at POA include container terminal automation, increasing car handling capacity and channel deepening. The port has a goal of being zero emissions by 2040.

Background

Ports of Auckland (POA) has over 500 staff using a range of cloud-based technology such as Microsoft 365, Azure, AWS, and some SaaS applications for HR and Financials.

Challenges
The organisation has been using the Microsoft 365 (M365) suite for approximately 5 years. Outside of formal corporate audits, the M365 suite had not had a comprehensive configuration and security audit check. POA wanted to get a good understanding of their risk position and lower their exposure to any security threats.

Solution

After assessing the market POA realised there were many organisations offering some form of M365 audit service incorporating security checks however, very few specialised in that area. After discussing their requirements with Kaon Security, POA were of the firm view that Kaon were dedicated to the cause of helping customers improve M365 security through their audit services and ongoing engagement program. As a result, Kaon were contracted to conduct their Microsoft 365 Security Review Service which is delivered on a fixed price basis.

Results

After completing the audit exercise, a comprehensive report was prepared for review by the team at POA which included:

• An Executive Summary of the Microsoft 365 Security Review, which is specifically written for business people.
• Detailed Key Observations and Recommendations Section covering the findings, risk analysis commentary, and recommendations for security posture improvement.
• Configuration review analysis classifying all identified issues; noting their current and recommended optimal security settings; risk severity rating; remediation time and complexity grading; security impact rating.
• Issue classification breakdown.

“The reports that we received are of high quality and had a good level of detail. They are designed and structured to aid organisations with a basic understanding of Microsoft 365 security. For example, screen shots are included that demonstrate precisely where the issue is located within the cloud interface, and what needs to be managed to achieve compliance/good security.” Comments Stephen Kraemer - Chief Information Security Officer at Ports of Auckland.

“The Kaon Security team were very accommodating and open to our problems and suggestions for improvement, willing to learn ways of changing the report that can add value to its customers. They are very passionate and knowledgeable about security which provides us comfort and integrity, as well as challenging us to improve our position if we fail to address recurring issues. This is very important as some organisations provide the audit information but make no further attempt to challenge the organisation to do better.” Says Stephen.

Future

The IT team at POA now have a better understanding of the M365 suite and are learning to manage the environment better. The organisation plan to improve their administration skills and harden the environment as they are vested in the suite for the front office, so it requires solid security. The Kaon Security service also provides for three ongoing checks in the following 12 months.

Stephen comments, “I would give their Microsoft 365 Review Service a solid 8 out of 10 for value for money and overall outcome. I would be hard pressed to give any security organisation a 9 or 10 as there is always room for improvement in security and overall, it’s a lagging industry. My comment to Kaon would be to keep up the good work and fighting the good fight.”