Improving Security Maturity through Cloud Migration

SITUATION

A local branch of a global Insurance company was subjected to an audit from their mother company. The audit showed that the level of security maturity that was lower than the target ambition. As a result of this, the local branch expressed a wish to migrate their cloud solution to a hosting provider, ascertain and improve their level of security maturity to an appropriate level, and, in parallel, mitigate the findings of the audit report.

WHAT LEVEL7
DID

The client had grouped their security needs and assigned each of these a target “Common Maturity Model Integration” CMMI score for security maturity. As the cloud solution of the Client was moved to their chosen hosting provider, we established metrics based on the (CMMI) model in order to be able to ascertain the “as-is” for the various groups. We then compared these to the wished-for “to-be” as expressed by the Client. To further help with the measuring by making it more fine-grained, we mapped the Clients wishes, expressed by a CMMI score, to the areas and controls of the CIS18 Framework. The improvement of the maturity level of the various groups were then scheduled according to the mitigation dates of the (related) audit findings, in order to run both things in parallel.

RESULTS

Mapped the grouping of demands as set by the client to the CIS18 areas
Further refined the above mapping to include CIS18 controls
Mapped the grouping of demands as set by the client to align with the mitigation of the audit findings
Scheduled the improvement of the security level for the various groups to best support the above