For 20 years Natural Power have provided advice and assistance to renewable energy clients working across 37 countries. Their team of 350 experts provide the tools and directions needed by those who look to invest in, develop, build or operate renewable energy assets.
A recent investigation by Cambridge University’s Centre for Risk Studies identified the energy sector as a primary target for hackers with 15 per cent of all cyber-attacks in the UK being directed at this sector, making it second only to the financial services as the most at-risk sector. Furthermore, the Verizon Data Breach Investigations Report identified that 63% of all data breaches are due to weak, stolen or default passwords.
To address this risk within Natural Power, Callum McLean led the Identity & Access Management (IAM) project. Callum has dedicated 15 years to Natural Power as Head of IT and, more recently, Head of Innovation and Data. He was the driving force behind the delivery of the project, conceiving the strategy to leverage the benefits of Identity as a Service (IDaaS) to successfully tackle cyber risks facing Natural Power.
Challenge
Cyber Security & Password Risks
Callum recognised the organisation faced cyber security risks due to the password practices that were in use. “Staff were using a whole host of different mechanisms to store passwords, using the same passwords for everything, or just using very weak passwords” he explained. “I was very conscious of the security risk and our responsibility to keep our, and our clients’, data secure”. Callum explains a further concern was that “some applications did not enforce strong passwords and were available online, presenting a cyber security risk”.
Shadow IT
Shadow IT blind spots were also an issue. Callum continued, “I was concerned that applications were being rolled out and used by departments and individuals outside of IT’s knowledge. How could we control access and protect systems if we had no knowledge of them? We wanted to have a better idea of what Shadow IT was in use to see if we could provide more needs-based, enterprise-ready solutions. We also wanted to address the use of unauthorised systems. Similarly, use of Shadow IT was giving us concerns about what data was potentially leaving the business, as well as the security of the unauthorised platforms which were in use.”
Productivity
Another challenge faced by Natural Power was the loss of productivity and downtime caused by users having to manage passwords. Callum explains “we recognised this was costing the business in productivity and wanted to reduce the time it took staff to login to various online systems and eliminate user frustration with password management and effort logging in to their applications.”
Solution
Natural Power chose My1Login’s Identity & Access Management as the solution to both the cyber security risks that existed and the productivity impact that password management and logging into systems was having on employees.
Chris Boardman, Natural Power’s Active Directory system administrator, worked with the My1Login team to implement the IAM solution. “My1Login was extremely easy to install and our first user was up and running in less than one hour”. My1Login is largely cloud-based, with minimal on-premise requirements, accelerating time-to-value benefits. Callum McLean, Head of Innovation and Data, also recognised this, highlighting that “My1Login required low effort from our IT team to implement, which was a key consideration when choosing the solution”.
Chris followed “It was also a significant benefit having the My1Login team on-site during installation and I was delighted with the support provided. It’s great working with a company that cares enough to attend on-site”.
IT Support Manager, Calum Rodgers, was responsible for rolling out My1Login to the end-users and commented that “It was extremely easy to provision our users with Single Sign-On access as My1Login’s Active Directory integration made it as simple as adding someone to a security group”.
Benefits
Callum McLean, who headed up the project, explained “My1Login enabled us to eliminate a number of password-related security risks with granular audit trails around identities and application access. We also now have a much clearer picture of Shadow IT systems in-use. There are definite benefits to both security and speed of access to applications.
My1Login has helped us identify around 600 business applications in-use and 100% of these are now integrated with My1Login’s IAM solution, providing Single Sign-on for these apps that is seamlessly linked to users’ AD profiles. I personally use it all the time and my users love it”.
Wider user feedback about My1Login has been extremely positive since deployment as it’s intuitive to use and doesn’t require intensive training. Calum Rodgers explained “We literally told the users the solution was being deployed and left them to it and everyone adopted it with little assistance from IT. The feedback received from users has been great and they can access applications faster thanks to the automatic login provided by My1Login.”
Why My1Login?
Callum McLean, Head of Innovation and Data at Natural Power explains the three key reasons for selecting My1Login over competitors: “the security model, ease of use and the fact My1Login is UK-based. My1Login’s Identity & Access Management solution has enabled us to add an additional level of security to protect client data – something that’s extremely important to us as our customers are at the heart of our business”.
“My1Login’s security architecture was key in our purchase decision. Unlike other IAM solutions, My1Login uses client-side encryption meaning they do not have access to the encryption keys and even they cannot decrypt and access our data – a significant consideration when choosing an IDaaS solution. This is a huge increase in security compared to other IAM vendors who send ‘secure’ data to their servers in plain text, before encrypting”.
Conclusion
Callum McLean successfully executed his IAM strategy for Natural Power by leveraging My1Login to move identities to the cloud. Callum explains “I made a strategic choice to buy from My1Login because their security model is a step change from others in the industry and because their technical expertise and support is UK-based. My1Login’s IAM is easy to use, addressed numerous cyber security challenges and enabled our employees to log into applications more quickly. I would highly recommend My1Login’s IAM solution”.
