Case Study

Setting up a Secure and Resilient IT Infrastructure in the Cloud

Laying the foundation for a cloud-first strategy to enable future technologies

Everybody who considered Europe’s energy infrastructure as safe against attacks got an eye-opener when the Nord Stream 2 natural gas pipeline erupted on the Baltic seabed: It clearly is not as safe as previously thought. With the winter looming ahead, energy service providers have to assure the security and resilience of critical infrastructure. This is not only limited to physical buildings, but must also focus on IT, especially in the light of a rising number of cyberattacks. Especially for older IT infrastructure that is difficult to modernize, migration to the cloud has proven to be a solution, severely improving security and resilience, not only in the long-term, but also in the short-term.

The Challenge

The Ukraine war constitutes a historical turning point. Besides its massive socio-economic implications, it is the first war between nation-states fought as hard in the virtual realms of the internet as it is on the open battlefield. According to a Microsoft report, the number of Russian cyber operations against networks in the Ukraine increased tenfold between December 2021 and March 2022. This trend has intensified with an increase of state-sponsored cyberattacks not only in the Ukraine, but also Europe and the US. Especially IT around critical energy infrastructure, such as power plants, pipelines or storages have moved into the focus of cyberattacks. We are observing that companies in the energy sector are challenged by this dramatically changed threat landscape, often troubled by outdated hardware, unsafe software and neglection of basic IT security design principles. While many IT security modernization projects on a infrastructure level focus on the long-term, delivering short-term improvements is required given the current threat landscape.

In addition a successful approach on IT security requires not only to secure underlying IT infrastructure and maintain critical services from cyberattacks, but also to swiftly get back in business after a successful one – or short, on IT resilience. In that respect, cloud-based architectures are at the advantage not only due to the fact, that they are not dependent on a specific set of hardware at a predefined geographic location, but also that leading cloud providers are offering a range of out-of-the-box security improvements that are fast and easy to implement.

The Approach

If a company operates its own IT infrastructure, the requirements to achieve and maintain IT security are high. The technical infrastructure must be in a modern state, regularly updated and operated by specialized experts. If these prerequisites are not met, migrating the relevant systems to the cloud is a solution that significantly improves security already in the short-term and usually requires less effort than augmenting on-premise infrastructure and workforce. To ensure this can be achieved in a timely manner we recommend the following approach:

1. Rehost applications following the lift- and shift-concept

Applications and virtual machines are rehosted from their current on-premise environments to the cloud mostly by transferring as-is copies. By utilizing this method, most of the application landscape can be migrated in a short period of time. While this does not enable the utilization of all cloud features in the first step, it provides a greatly enhanced level of security, without significantly interfering with business operations. In addition to inherently increased safety in a cloud environment, cloud hyperscalers offer a wide range of security tools, that can be used without significant implementation effort. This for example includes the usage of disaster recovery or creation of backups, significantely improving IT resilience.

2. Replatform selected “quick-win” applications

Once the business-critical applications have been rehosted to a safe cloud environment, it is advisable to adopt more cloud-native features. This is done by replatforming selected applications, for example by using managed cloud databases or scalable cloud orchestration services. Replatforming is done without affecting an application’s core architecture and therefore often requires only minor adjustments. The focus of this phase should be on applications, where the highest value add to effort ratio was identified beforehand. Replatforming reduces costs and maintenance efforts on the one hand and increases scalability and resilience on the other hand.

3. Transform to a cloud-native organisation

While the previous steps focused on realizing value in the short-term, the third step aims to maximize the organization’s innovativeness and minimize its operational cost in the long-term. This is achieved in two ways: firstly, more applications are moved to their target environments by repurchasing or refactoring applications, which includes applications that were initially neglected due to higher transformation efforts, and secondly, the company has to be transformed to a cloud-native organization by rethinking significant aspects of its operating model. This includes the move to a service-oriented IT infrastructure provision with clear and transparent infrastructure service cost and SLA-based delivery. The central IT becomes a Cloud Center of Excellence with responsibilities around platform management, governance, and automation.

The Impact

In a short time, the most relevant applications of the client have been migrated to a cloud environment. The security effect is significant, as the applications are now operated on a state-of-the-art infrastructure in the cloud, which has restored trust in IT operations. In addition, the project significantly broadened the knowledge base of the client’s employees. As operating on-premise data centers is not within the core business area of the client, it also contributed towards concentrating efforts on business challenges currently affecting the energy sector.

Looking Into the Future

Given the time pressure the migration to the cloud achieved all its goals in the shortest timeframe possible. The cloud infrastructure is a vast improvement regarding security and resilience, facilitating business continuity and disaster recovery. Also, the cloud infrastructure provides an improved operational and strategic flexibility as it removes constraints imposed by on-premise commitments and predefined geographic locations. Additionally, the easy scalability and the adaptability to embrace future technologies like big data or artificial intelligence build the foundation for future business growth. Driven by security concerns, this cloud migration has laid the foundation for a cloud-first strategy in the client’s IT.


More to Explore

Enabling the e-Mobility Evolution in Energy

In 2021, the EU Commission presented the Fit for 55 proposal. This ambitious, comprehensive set of climate policies has been compiled to ensure that a 55% reduction in greenhouse gas emissions is achieved by 2030. The EU successfully reached agreements on the proposal’s key policies, including the goal that only zero-emission cars will be sold from 2035 onwards. Meeting the 55% GHG reduction target will be a crucial milestone on the journey to achieving Net Zero by 2050, and organisations are eager to maintain momentum. Recognising the challenging nature of these targets, a multinational utility company that offers B2B and public charging services faced a key question. The organisation wanted to understand whether its proprietary B2B charging platform would be able to scale to handle the anticipated increase in B2C charging customers.

Read more
Enabling the e-Mobility Evolution in Energy

Teaming Up For Disaster Mitigation

Everybody is feeling the impact of climate change on the environment – for instance, in the form of dramatic natural disasters in areas that were previously rarely affected. As such, a catastrophic natural disaster in the heart of a Europe has severe consequences, including loss of lives and livelihood. BCG and BCG Platinion were immediately on hand to enhance resilience in a European region hit by the worst catastrophe in its recent history. The team worked with passion and deliberation to develop a sustainable and resilient concept to better deal with similar situations in the future.

Read more
Teaming Up For Disaster Mitigation

The Core & Beyond - A Tailor-Made Transformation

Replacing or keeping the legacy Core Banking System (CBS) is one of the most fundamental decisions for a financial institution to make. This strategic bet should be carefully evaluated, with three key aspects in mind: a clear view on the entire IT platform (wider than legacy CBS and its constraints), a strategic vision set within a specific time horizon, and the return on investment. For organizations with a burning platform, CBS replacement may be a necessity, but in many cases the real investment potential is located elsewhere – in areas such as data platforms, integration layers, portals, or process engines. This alternative approach leads to numerous non-trivial questions: Where does the value come from? Is legacy the real issue? Which areas to reinforce and in which order?

Read more
The Core & Beyond - A Tailor-Made Transformation