How CBHS improved its cyber health with Sekuro's Zero Trust Strategy
HIGHLIGHTS
Challenge
- The maturity and effective implementation of information security controls at CHBS are regularly reviewed. The most recent review identified a need to streamline aspects of how the controls interacted with the business processes in order to support continued innovation, improvement, and safety.
- A need to continually enhance IT security business wide, without slowing down business processes.
Solutions
● Sekuro delivered a Zero Trust Strategy program, providing wide visibility into CBHS’s security threats and an effective means of planning.
Results
- CBHS has a clear roadmap to IT security success and adoption of “Zero Trust” in the immediate and longer term.
“Sekuro always makes our relationship feel very personal. Throughout the process it felt like the whole program was catered to our individual needs and not like it was a cookie-cutter program.”
– Nathan Hunter, IT Security and Operations Manager, CBHS
The Story
At CBHS, protecting members highly sensitive and confidential health insurance data is of paramount importance to Nathan Hunter, IT Security and Operations Manager. He had taken the organisation on a journey of implementing a wide range of modern security controls and processes but realised there were opportunities for improvement.
“Some of the existing controls and processes either created a lot of overheads or had the effect of becoming a barrier to business productivity for example when we needed to do manual security reviews of cloud apps or desktop applications before they could be used by the business,” he says.
Instead, Hunter wanted a framework that balanced a best class security strategy with the need to help staff feel enabled, rather than obstructed, and to do their jobs effectively.
Always striving to be progressive with technology and policy, Hunter and his team at CBHS felt a “Zero Trust” approach would streamline processes and controls, to enable the business and improve the overall security posture.
CBHS Health Fund
CBHS Health Fund is an Australian not for profit private health insurance fund servicing more than 250,000 Australians.
Keen to pioneer a progressive technology and policy framework within his organisation, CBHS’s IT Security and Operations Manager, Nathan Hunter, understood the reputational advantages — both with members and within the industry — of being associated with a best-of-breed IT security strategy. He chose Sekuro to implement a Zero Trust Strategy for CBHS.
Our Solution for CBHS
Having worked with Sekuro in the past and enjoyed “great outcomes,” in Hunter’s words, he reopened conversations with the Sekuro team to learn about its Zero Trust Strategy program. The assessment focuses across 8 key pillars for an exhaustive look at an organisation’s entire cyber security posture.
Zero Trust is based on the concept that nothing should be trusted until proven that it should be. This approach to cyber security requires organisations to continuously assess users and systems to determine if they have permission to carry out an action. The approach ultimately aims to ensure a process efficient and safe security posture.
“It sounded like it would be a very beneficial program in helping us identify our gaps and help us develop our Zero Trust strategy and roadmap,” Hunter says.
Outcomes
Sekuro conducted a Zero Trust Strategy review for the team at CBHS. According to Hunter, the assessment provided clarity on CBHS’s roadmap and highlighted brand new areas for consideration.
As well as solidifying and enhancing CBHS’s understanding of the Zero Trust framework, Sekuro’s work helped clarify and identify gaps in the existing strategy and thinking. “Now, we have identified the technologies and processes that are going to enable us to adopt a Zero Trust strategy across our entire organisation,” says Hunter.
In implementing the recommendations from the Zero Trust Strategy assessment, CBHS will have more visibility into its security threats, and have greater flexibility and agility in achieving its business goals whilst remaining secure.
Sekuro #clientforlife
Sekuro strongly believes that Zero Trust is a concept that needs to be considered across an organisation’s technology and people landscape. From that conviction, Sekuro has developed our own Zero Trust Strategy which focuses across 8 key pillars for an exhaustive look at your organisation’s entire cyber security posture.
