Improving security measures within a leading oil company

As one of the world’s leading oil exploration and production companies, the Kuwait Oil Company Ltd. (KOC) was aware of increasing cyber threats and security issues troubling similar companies in the region. KOC wanted to ensure that their IT infrastructure and ecosystem was robust enough to withstand any present and future threats or attacks by conducting security health checks to mitigate or eliminate these risks. By engaging Microsoft Consulting Services – MEA, the company had a Microsoft product Security Assessment performed, including a roadmap to strengthen their security.

Business Needs
The oil industry is one of Kuwait’s most vital industries, contributing to a major portion of its GDP. The state-owned Kuwait Oil Company Ltd. (KOC) was already aware of cyber-attacks hitting other oil exploration and production companies in the region. Although it had not been directly exposed to any risks or attacks, KOC didn’t have a full picture regarding its level of vulnerability.

kuwait-oil-company-4The company wanted not only to avoid a situation wherein they would be susceptible to attack, but also to get an assessment as to where the company was in terms of security in relation to the security risks that they face. They also wanted to improve their overall security, as well as help in prioritizing what they should invest and what actions they should take in order to minimize or eliminate their risks.

“At KOC, we wanted to initiate a proactive and strategic move to ensure that all known security gaps and issues would be resolved or closed. We didn’t want to end up in a situation where we have a security breach at the company which we could have avoided if we had done something about it,” says Ghada Barakat, who works as a Senior Systems Analyst at the firm. “It’s also important to stress that we were not looking for an ad-hoc solution. What we wanted was a complete assessment and roadmap for our Microsoft environment.”

“Microsoft Consulting Services MEA has proven to be a trusted partner for more than 20 years. They have demonstrated to be a very reliable and professional implementing partner, one that the company could definitely rely on. Considering that this was a very important and critical project for us, we wanted to have the best experts to help us,” said Ghada Barakat.

To ensure that nothing was left to chance, many MCS-MEA consultants with different competencies were assigned to the project. Ashraf Khader was designated as the Enterprise Architect and worked with KOC to align their business needs, objectives and drivers into IT enablers. He also worked with the firm to have a plan for the Security Program which was executed by other MCS-MEA Architects, Consultants and Premier team. Security Architect Fernando Cima, Database Architect Esendal Yasin, Senior PFE Ali Makahleh and Waleed Dallah (TAM) covering Security Assessments for Database, Active Directory, SharePoint and Exchange environments.

The Premier team was responsible for performing health checks for Microsoft products and technologies that have been deployed at KOC‘s premises.

As an initial step, security architects from MCS-MEA performed a Security Assessment Review (SAR) at the company. This provides a snapshot on how the company is managing their security from several aspects, such as: technology, processes, people and organization. It also includes a roadmap containing actions that the company needs to execute in order to manage their risks and improve their security, both short-term and long-term.

Once the review (SAR) has been completed and the roadmap detailing what actions that needs to take place is presented to the company, MCS then partners with the firm to execute the roadmap. Consequently, several activities have been initiated with a view to strengthening the overall security program at KOC.

The initiative has proven to be a success for the company.

Determining the Current Security Maturity Level
“We have always wondered how protected we were from cyber-attacks. Because of this initiative, we now have a clear picture of our current level of exposure, including our current level of defense,” said Ghada Barakat, a Senior Systems Analyst at the KOC.

Robust Security Strategy
The results of the Security Assessment Review (SAR) helped to produce a detailed roadmap that will minimize the company’s risks of attacks.

“After the Security Assessment Review (SAR) performed by MCS-MEA, they came up with suggestions on how we can improve our security. We decided to have this assessment performed. Simply because there were some issues that were already known to the company, but there were also other issues that they found out which we otherwise would not have been able to detect on our own. MCS-MEA’s security review has been a big help by identifying the security gaps and issues. They also came up with a realistic remediation plan on how to close these issues,” explained Ghada Barakat.
Applicable to Other Industries

As KOC has benefited tremendously from this project, the solution is not only beneficial to the oil industry. The security response offerings of MCS-MEA can also be applied to other industries.

Increased Efficiency
By implementing this project, the company has not only enabled it to be secure – but also to stay secure. “Because of the efforts and expertise of MCS-MEA, we have ensured and enhanced the overall Microsoft environment security in our company,” concludes Ghada Barakat, a Senior Systems Analyst at the Kuwait Oil Company.