DevOps Agile Cloud Transformation: Enhancing Cloud Controls​ Global Commercial Insurer & Reinsurer

Client Challenge

A prominent international insurer was confronted with a set of data security challenges during a tenant migration to a new MS Azure environment with enhanced security requirements.​

The client needed support in developing a Cloud Controls Matrix to guide the Data Controls team in selecting, defining, and documenting requirements for the migration.​ The matrix aims to provide a framework for the self-assessment of applications and the development of permit to operate requirements.​

Additional scope included: reviewing existing control documents, developing a stakeholder matrix, and identifying gaps in the migration process.​

The objective was to support the refinement of the tenant migration programme plan, including defining the acceptance criteria for testing and change management.​

What We Did

TORI Global undertook a comprehensive analysis and delivered a multi-phased project over several months. This included:​

  • Collaborating with the Data Controls team to develop the Cloud Controls Matrix, including a heat map of operational controls and a list of processes and deliverables​
  • Reviewing existing control documents and developing a stakeholder matrix, linking it to the Cloud Controls Matrix to identify gaps​
  • Continuous improvement findings were documented, providing options and information for improving the maturity level of Cloud Controls​
  • Established a structured methodology, bringing deep industry expertise and undertaking staff interviews, document reviews, in conjunction with teams and suppliers​
  • Adhered to security frameworks such as CIS, NIST, and ISO27001, ensuring principles of least privilege, just-in-time privilege enablement, and zero trust were followed​
  • The programme was executed using Agile methodology, with TORI resources applying Agile principles and participating in required ceremonies​

Outcome & Results

The project culminated in a successful transition to the new security model, with TORI Global providing:​

  • The Cloud Controls Matrix provided a comprehensive framework for managing processes in the new Azure environment, supporting the refinement of the tenant migration programme plan​
  • Stakeholder engagement and gap identification ensured alignment with stakeholder expectations and smoother coordination among internal teams​
  • Continuous improvement findings provided actionable insights for enhancing the maturity level of Cloud Controls, enabling ongoing refinement​
  • Adoption of security frameworks and adherence to Agile methodology principles ensured robust security measures and efficient project execution​

Share on LinkedIn