By using this web site you accept our use of cookies. More information about cookies
Accept
Infopulse - Expert Software Engineering, Infrastructure Management Services
By using this web site you accept our use of cookies. More information about cookies
Accept
Infopulse - Expert Software Engineering, Infrastructure Management Services
Infopulse - Expert Software Engineering, Infrastructure Management Services
reCAPTCHA

    Send message Please fill in this quick form and we will send you a free quote shortly.
    * Required fields
    Your privacy is important to us. We will never share your data.

      Subscribe to our updates Be among the first to get exclusive content on IT insights, innovations, and best practices.
      * Required fields
      Your privacy is important to us. We will never share your data.

        Subscribe to our New career opportunities Please fill in this quick form to be among the first to receive our updates.
        * Required fields
        Your privacy is important to us. We will never share your data.
        reCAPTCHA
        * Required fields
        Your privacy is important to us. We will never share your data.
        

          Photo of Ivan Musiienko Send an email to Ivan Musiienko Please fill in this quick form to contact our expert directly.
          * Required fields
          Your privacy is important to us. We will never share your data.

            Download ebook Please fill in this quick form
            * Required fields
            Your privacy is important to us. We will never share your data.

              Read the Full Case Study Don't miss the most interesting part of the story!
              Submit this quick form to see the rest and to freely access all case studies on our website.
              * Required fields
              Your privacy is important to us. We will never share your data.
              Infopulse - Expert Software Engineering, Infrastructure Management Services

              Multifactor authentication service on Azure for DTEK

              Implementing a cloud-based MFA for Ukraine’s largest energy holding company

              Client: DTEK
              Industry: Energy
              Location: Ukraine
              Employees: 70,000+
              Website:  

              Client background

              DTEK is the largest private national investor in Ukraine that develops business in the energy sector. DTEK companies produce natural gas, coal, and alternative energy sources. Founded in 2005, the company is a subsidiary of  . DTEK helps modernize the energy industry in the country, increasing its efficiency, reliability, and safety. Using modern digital and informational technology, DTEK executes systemic digital transformation for all the company’s main production and administrative processes.

              Business Challenge

              As many companies try to maintain business resilience in the times of COVID-19, they have to make adjustments during the period of extreme disruption and react to that situation. A large corporation, DTEK is not an exception. The organization wanted to strengthen authentication to IT services, especially considering the pandemic and the need for employees to work remotely. To lower the likelihood of security incidents, Infopulse and DTEK considered two solutions: Azure AD Multi-Factor Authentication and passwordless login. The two proposed scenarios would meet the client’s security requirements, allowing for different levels of access for different employee roles. Depending on the scenario, the client’s associates would be able to use either MFA or passwordless login or even both technologies in one single scenario.

              Furthermore, not all applications had MFA support and direct integration with Azure AD. Infopulse tested a number of options and found a possibility to integrate various types and application classes under one roof. Besides, Infopulse and DTEK needed to find a fitting key solution so that our client could satisfy all the security requirements for both MFA and passwordless authentication. Finally, taking into account the restrictions introduced by the pandemic in 2020, the joint delivery team had to figure out how to realize the whole project scope without meeting face-to-face.

              Solution

              It was essential for DTEK that their admins would not have to use any passwords in the remote admin scenario. Password hashes can be easily compromised by malicious parties – and with admin rights, they would have full access to any IT system. Therefore, after conducting comprehensive research of the market, we came up with the solution to utilize token keys.

              Furthermore, using keys or MFA, access to the following components of IT infrastructure becomes easy for admins and users:

              • Windows Hello for Business
              • Office 365 apps
              • The applications supporting MFA and allowing integration with Azure AD

              Additionally, the associates would need to access a number of IT services with MFA: Microsoft 365, business applications (SAP, Salesforce), and on-premises applications in virtualized infrastructure. Infopulse suggested using FIDO2 tokens for access to M365 consoles and admin portals as well as configured a number of components to guarantee the smooth performance of Windows Hello for Business.

              Oleksii Morozov, Head of system infrastructure at IT Infrastructure department, DTEK - 1

              As a result of our collaboration, DTEK and Infopulse implemented a solution for user authentication and secure access to information resources and the company’s infrastructure. In addition, we lowered the risks of unauthorized access. Thanks to Infopulse, we have grown the technical expertise of our in-house team in administration, access policies setup, and Microsoft Azure MFA service monitoring. – Oleksii Morozov, Head of system infrastructure at IT Infrastructure department, DTEK

               

              A joint Infopulse-DTEK team took a comprehensive approach and came up with the following solutions to meet the customer’s requirements:

              • Increased security level of accounts. When working remotely, associates connect to the customer’s IT services outside of the controlled environment. Thus, the protection of accounts, especially privileged ones, became a pressing matter for the customer that it tackled with the help of Infopulse.
              • Implemented conditional access. Now, the client can control scenarios that might or might not require two-step authentication, for instance, when an authentication request comes from a controlled network segment.
              • Access Log for better analytics. The client can view who accessed the system using two-factor authentication and analyze this data.
              • Extended MFA functionality. In addition to using off-the-shelf MFA configuration, the client can now also connect cloud applications, which can be integrated with Azure AD and on-premises applications depending on the authentication scenario.
              • Offered a multi-layered protection mechanism to privileged account owners.
              • Realized MFA and passwordless authentication in hybrid applications that the client has today and secured an opportunity to apply these methods with new applications in the future.
              • Leveled up identity protection, creating a solid foundation to upscale security across the whole IT landscape.
              • Created a set of tech documentation that supports the main project deliverables:
                • Solution architecture
                • Service passport
                • User guide
                • Admin guide.
              • Conducted onboarding sessions and knowledge transfer workshops to introduce users to the implemented system.

              Our team is honored to have worked hand in hand with the DTEK IT department, a team of high-caliber professionals. Together, we built synergies between our IT teams, established trust and rapport, sharing both challenges and success. As a result, we created a robust, reliable solution to suit the current authentication needs of DTEK – a solid foundation to meet future security demands. – Nikolay Romantsov, Delivery Manager, Cloud Managed Services and Solutions, Infopulse

              Technologies:

              Azure AD, ADDS, AD FS, NPS, ADCS (PKI), FIDO2 keys, M365.
              Azure AD services: MFA, SSPR, Conditional Access, Apps and Apps Proxy, Identity Protection.

              Business Value

              Infopulse helped DTEK address a number of security challenges. The joint tech team created a powerful multifold authentication system, allowing our client to set up the necessary access levels for varied roles of users.

              Dmytro Osyka, CIO, DTEK - 1

              Business IT security is one of the most important parts of running a modern company. At DTEK we cannot afford to lose sensitive information, compromise access to the company’s important files, or decrease employee productivity. With the help of the Infopulse team, we implemented modern technical solutions, including Azure AD Multi-Factor Authentication and passwordless login, taking our security to the next level. It’s a win-win for our IT security team, our employees, our company, and our clients at large. – Dmytro Osyka, CIO, DTEK

              Within 6 months, through the joint efforts of the two expert teams, DTEK and Infopulse successfully orchestrated the project delivery and accounted for all the associated risks, which allowed our client to smoothly upgrade the security of their IT services:

              • Adoption of recommended information security measures in line with existing industry standards for user authentication
              • Increased identity protection without security trade-offs
              • Identity and company’s assets theft prevention
              • Improved another aspect of collaboration with IT assets through a fully-fledged user authentication solution.

              Download Case Study in PDF format