City of Gold Coast chooses Enosys to improve cybersecurity visibility
Brisbane, Australia – November 30, 2018
About City of Gold Coast
The Gold Coast is located south of Queensland's capital, Brisbane, in the state's south east. It is the second-largest local government in Australia, home to more than 550,000 people. The City of Gold Coast employs more than 3,900 staff and provides a range of services, activities, and facilities for residents and visitors. Most recently, the Gold Coast hosted the 2018 Commonwealth Games.
Increasing risk of cyberthreats required a strong response
With cyberattacks and cyberthreats increasing throughout the world, the City of Gold Coast needed to proactively and strategically manage its cybersecurity measures to minimise the risk of a successful attack. The lead-up to the Commonwealth Games, which were held on the Gold Coast in the first two weeks of April, 2018, provided an ideal opportunity for the City to update its security platform.
Matthew Walker, information technology security advisor, City of Gold Coast, said, "The City of Gold Coast encompasses a number of different business areas that provide different services. Each critical business unit needs a strong security posture. In the lead-up to the Commonwealth Games our mantra was simple: we needed to know if a cyberattack happened in any of our critical environments and we needed to be able to respond immediately if an attack occurred."
This requirement encompassed two key capabilities: threat identification and monitoring; and incident response. With these objectives clear, the City went to market with a tender according to its stringent procurement requirements.
The City aimed to improve security across the entire organisation
Following an internal audit in 2014, the City was aware of the opportunity to improve its cybersecurity posture as the host location for the 2018 Commonwealth Games. Over the next few years, the business conducted numerous discussions to narrow down and agree on the required approach to solving this challenge. With executive support, the City's cybersecurity team was empowered to develop a multiyear program that would improve security across the entire organisation.
Walker explained, "Failing to put a comprehensive solution in place would have meant taking the risk that the City would have limited visibility into cyberthreats, and would therefore be unable to act proactively to protect its interests. The City needed a solution that would deliver visibility into its different networks so we could prioritise the areas that needed the strongest protection. This would help direct defensive resources to the right areas."
Following an open tender process, the City chose a handful of vendors to provide a suite of cybersecurity products and services that would work together to monitor and detect cyberthreats within the City's critical information technology and operational technology networks.
The City chose Enosys Solutions to provide visibility, monitoring, and detection tools and ongoing security operations for three years. Enosys was successful in the City's procurement process based on its response to the tender requirements, including the requirement that the provider's quality of service match the functionality of its tools.
Walker said, "The City required a partner that would work collaboratively with us in a short timeframe to achieve our goals. Furthermore, we assessed potential vendors based on their approach to clients because we needed a true partner in security, not just a vendor."
Exceptional preparation meant a tight deadline was no problem
With the 2018 Commonwealth Games looming, Enosys and the City had just three months to complete the implementation. The City had laid a strong foundation for the project over the previous years, so there were no significant internal barriers. Both organisations shared a willingness to take on risk to get the job done in time.
Walker stated, "Joint risk management was key to get the outcome we needed in time for the Games. Both teams moved quickly to put resources in place and push changes aggressively in the environment to meet critical milestones. With an immovable deadline, it was important that both teams pulled together and that's exactly what happened."
Working closely with key business unit stakeholders, the cybersecurity team implemented the Enosys cyber monitoring platform throughout the organisation. The team already had strong executive buy-in along with a clear understanding that there was a genuine business need to harden security.
"Improving the City's cybersecurity wasn't just about the Commonwealth Games. This was a long-term project and the Games provided an impetus and a hard deadline," Walker emphasised. "In fact, the discussion to begin improving cybersecurity had already started and was driven by the increasing digitalisation of business and the need for the City to strategically address the increasing risk of cyberattack."
Working with Enosys was a collaborative experience in which both teams brought essential perspectives and knowledge to the project.
According to Walker, "Enosys provided expert advice on how its services are best utilised. The City balanced that out with how the services could be implemented in the City's environment. Together, we achieved the outcome we were looking for."
There were some key lessons learned as a result of this project. Chiefly, the team learned the importance of prioritising protection since it's not possible to comprehensively protect everything in a network.
Walker said, "It's impossible to achieve perfect visibility and protection so it's essential to prioritise. That needs to be a joint discussion between IT teams, service providers, and security advisors, and it can involve some tough decisions. In the end, it comes down to risk acceptance and being aware that perfection is unattainable."
Key tactical and strategic benefits were realised as planned
Partnering with Enosys as part of the City's broader cybersecurity upgrade has delivered both tactical and strategic benefits.
Walker explained, "Tactically, we have better security visibility and better monitoring than we've ever had. We're doing more security than we've ever done before. Our knowledge of the environment has increased because we've learned more every day about how threats can impact our environment."
Another key benefit of this solution is the City's ability to contribute meaningfully to information-sharing around cyberthreats and risk management across the community due to the close collaboration with different partners and vendors on this project.
"Strategically, the aim of this project was to reduce cyber risks and we've absolutely achieved that," Walker concluded. "We have additional capability to detect and respond to cyber risks that we didn't have before. Combining the Enosys capability around monitoring and detection with other capabilities around protecting, identifying, and recovering has delivered a holistic solution that has significantly improved the City's cybersecurity posture."
About Enosys Solutions
Enosys is a cyber security solutions specialist that provides full lifecycle services for next generation security technologies to corporate and public sector businesses across Australia. Enosys improves their customers' information security risk posture by championing industry leading technologies, frameworks and a risk-based approach to critical security controls. In an ever-evolving threat landscape, Enosys' deep expertise, continuous innovation and 24x7 onshore Security Operation Centre deliver measurable security outcomes that protect business critical assets.
George Soumilas, Director – Managed Security Services: Contact
Disclaimer: Any trademarks, trade names or service marks used or mentioned herein belong to their respective owners.