Infrastructure assessment results in risk mitigation for international NGO

Infrastructure assessment results in risk mitigation for international NGO
Trigent is in the top one or two percent of software companies I've worked with for support ... and quality of work.
– Chief Information Officer

About the client

The client is an international, non-governmental organization focused on human rights, and law enforcement. The global organization works to combat sex trafficking, child sexual assault, cybersex trafficking, forced labor, slavery, and addresses the citizenship rights of minorities.

Business challenges

  • Committed to protecting the vulnerable from violence and oppression, the client relies on its complex computing and network infrastructure to store, access and secure highly confidential data. With nearly 20 field offices handling information of a volatile nature, which in the wrong hands could cause severe repercussions, the client wanted to ensure that the network system was always secure to prevent security breaches.
  • As a not-for-profit organization, the client constantly endeavored to control operational costs and therefore wanted to identify and enumerate any defunct configurations and unused/legacy equipment that could be decommissioned.
  • The client's nature of work meant sudden, untoward incidences, cropping up anywhere across the world. When these incidences happened, the client had to be sure of seamless communication in real time from its head office to the location of the disturbance. The network at such times had to be up and available. The client wanted to identify ways and methods to improve existing performance, reliability and security across its platforms and services.
  • The organization works with governmental bodies in different countries, and its work nature requires careful information handling and sharing. Additional security measures were needed, but in the current infrastructure, the client was not sure how and where to begin the process of added security.
  • The client engaged Trigent to discover, assess and document the organization's computing and network infrastructure along with other technology components to provide a 360-degree inventory of all its systems, applications and processes.

Business solution

Trigent followed a systemic process to review the entire infrastructure with 'new eyes,' to provide assessment and recommendations on technology projects, upgrades, and modernizations.

This information would help the client to generate budgetary estimates for any required replacement hardware, software, licensing, and professional services. It would also help to identify single points of failure in field office infrastructures such as single server hardware, storage, internet connection, etc. which would affect security and performance.

The consulting assignment spotlighted high-risk findings detailed below:

  • The client's central network server should ideally be the backbone support for multiple virtual machines across its offices. However, the client had two VMware servers in two different geographical locations. With different versions and lack of maintenance, Trigent confirmed that the client's network was extremely vulnerable for data leakage.
  • Trigent identified that the lack of server maintenance was also the reason for operational hiccups such as frequent breakdowns and interruptions in service.
  • Trigent's unearthed the basis for operational delays and found that it emerged from connectivity issues between VMWare hosts and storage networks.
  • Trigent's engineers found that the client's critical infrastructures such as VMWare server virtualization and VMware ESXi 5.5 were nearing their term end. If they were not immediately supported or renewed, the entire foundation would fail to lead to a collapse in IT systems across all offices.
  • Even though the client's work was highly confidential, its portals were not protected which resulted in data vulnerability. Data exposure and security breach were imminent due to lack of multi-factor authentication for sensitive and confidential information.
  • Not only were some of the critical servers and systems outdated, but there was also absolutely no documentation or data recovery process in place. There was also no offsite backup storage which meant that the client's entire infrastructure and network could come to a sudden halt at any time.
  • Siloed infrastructure monitoring and management tools leading to inefficient operations management.

Client benefits

  • The application should be hosted in two different data centers or the cloud to ensure uninterrupted service and a foolproof data recovery plan.
  • Trigent recommended consolidation of all databases currently running on 24 different servers into one primary database for data management. A consolidation of the databases would help in information access, and data analytics, along with seamless communication.
  • Trigent urged the client to separate the primary data center from the DR data centers. This separation would help to maximize security.
  • Keeping business needs in mind, Trigent recommended to the client that they follow Information Technology Infrastructure Library (ITIL) framework. This would help to systematically align IT service management and help the client to manage risk, strengthen customer relations, establish cost-effective practices. It would help to build a stable IT environment to pave the way for growth scale, and change.
  • Trigent recommended the client to follow the ISO 27001 framework for information security by documenting policies, procedures and processes.

The detailed consulting assignment conducted by Trigent, led to a long term engagement with the client offering services ranging from application modernization, to cloud transformation and business intelligence.

  • Industry

    Not for Profit

  • Business Value
    Business value:
    • Uninterrupted service and foolproof data recovery plan
    • Seamless access and communication from consolidation of databases
    • Stable IT environment for long-term growth, scale and change