Client Challenge
A prominent international insurer was confronted with a set of data security challenges during a tenant migration to a new MS Azure environment with enhanced security requirements.
The client needed support in developing a Cloud Controls Matrix to guide the Data Controls team in selecting, defining, and documenting requirements for the migration. The matrix aims to provide a framework for the self-assessment of applications and the development of permit to operate requirements.
Additional scope included: reviewing existing control documents, developing a stakeholder matrix, and identifying gaps in the migration process.
The objective was to support the refinement of the tenant migration programme plan, including defining the acceptance criteria for testing and change management.
What We Did
TORI Global undertook a comprehensive analysis and delivered a multi-phased project over several months. This included:
- Collaborating with the Data Controls team to develop the Cloud Controls Matrix, including a heat map of operational controls and a list of processes and deliverables
- Reviewing existing control documents and developing a stakeholder matrix, linking it to the Cloud Controls Matrix to identify gaps
- Continuous improvement findings were documented, providing options and information for improving the maturity level of Cloud Controls
- Established a structured methodology, bringing deep industry expertise and undertaking staff interviews, document reviews, in conjunction with teams and suppliers
- Adhered to security frameworks such as CIS, NIST, and ISO27001, ensuring principles of least privilege, just-in-time privilege enablement, and zero trust were followed
- The programme was executed using Agile methodology, with TORI resources applying Agile principles and participating in required ceremonies
Outcome & Results
The project culminated in a successful transition to the new security model, with TORI Global providing:
- The Cloud Controls Matrix provided a comprehensive framework for managing processes in the new Azure environment, supporting the refinement of the tenant migration programme plan
- Stakeholder engagement and gap identification ensured alignment with stakeholder expectations and smoother coordination among internal teams
- Continuous improvement findings provided actionable insights for enhancing the maturity level of Cloud Controls, enabling ongoing refinement
- Adoption of security frameworks and adherence to Agile methodology principles ensured robust security measures and efficient project execution