The Organisation

A national membership association, Governance Institute of Australia (GIA) is a leading governance and risk management authority, equipping over 8,000 member organisations with the tools to drive better governance within their organisation. Since 1891, the organisation has offered a range of short courses, certificates, and postgraduate studies to help further the knowledge and education of the fast-growing governance and risk management profession. ​​

The Need

As the peak body for many corporations in Australia that look up to them for governance and risk management guidance, GIA wanted to ensure that the organisation’s IT systems and operations were as reliable, resilient, and secure as possible with good technical risk mitigation controls in place. Aware of the increasing number of cyber security incidents yearly, the organisation wanted to fortify its security defences to protect its sensitive member and corporate data.

This compelled GIA to start its journey towards modernising its IT operating environment and benchmarking its current security posture against a proven cybersecurity framework. Ultimately, GIA chose the Essential Eight framework published by the Australian Cyber Security Centre (ACSC).

The Solution

Given GIA’s general organisational maturity and size, achieving compliance with Maturity Level 2 in Essential Eight was the minimum viable level that made business sense for them.

A Professional Advantage (PA) client since 2001, GIA turned to its long-time trusted technology advisor and Microsoft Cloud Solutions Partner to help it implement a systematic and gradual process for standardising and securing its IT operating environment.

Working collaboratively with GIA, PA scoped the business requirements and delivered a program of work spanning these major stages:

  1. Data centre migration of 15 on-premises servers to the Microsoft Azure cloud platform.
    These on-premises servers hosted key enterprise applications, which PA moved to Microsoft Azure. GIA’s cloud strategy encompassed ongoing app migration to Software-as-a-Service (SaaS) versions for their ERP (Sage), CRM (Microsoft Dynamics 365), and Association Management Solution (PA’s Upbeat). Other non-application workloads were transitioned to Azure’s Platform-as-a-Service (PaaS) functions (e.g. Azure Active Directory, Defender for Cloud Apps, etc).

  2. Standardising GIA’s IT operating environment.
    This included updating their users’ endpoint device operating system and enforcing device and application security and management policies by creating Microsoft Intune app deployment packages to ensure all endpoint devices complied with GIA’s corporate security policies.

  3. Ensuring the design and adoption of the necessary security controls and measures to comply with Essential Eight Maturity Level 2.
    PA, in partnership with GIA, executed a discovery and analysis process to determine the key focus areas that GIA needed to meet its minimum viable security posture of Essential Eight Maturity Level 2 compliance.

The Results

“After migrating to Microsoft Azure in 2020, we reduced our server footprint from fifteen servers down to zero by the end of 2023, which translated to incredible financial savings in the cost of operations.” said Emile Ghadiminejad, Head of Technology, Governance Institute of Australia. 

By first moving off its on-premises servers to Azure, GIA was able to consolidate and optimise its IT infrastructure and application workload resources down to zero. This reduced the total cost of ownership (TCO) and operations in a transformative economic way.

Leveraging Microsoft 365 and Azure’s robust security capabilities and aligning them with the requirements for attaining Essential Eight Maturity Level 2 enabled GIA with the following new capabilities:

  1. Use of a password manager for safekeeping of passwords.
  2. Use of multi-factor authentication as an extra layer of staff identity security.
  3. Centrally managing and patching endpoint devices and applications within Azure.
  4. Remotely wiping endpoint devices when they get lost or stolen.
  5. Minimising shadow IT by whitelisting GIA’s IT-approved enterprise applications for use by staff.
  6. Allowing just-in-time (JIT) exceptions for requests to lift the blocking of USB ports.
  7. Separate admin accounts from normal, day-to-day accounts, putting JIT access as required.
  8. Implementation of computer endpoint device ‘lock’ after 15 minutes of inactive use by their staff on their devices.
  9. Filter or block malicious or advertising content.
  10. Implementing device security and management policies to effectively manage the use of corporate and personal devices in accessing proprietary and confidential GIA organisation datasets.
  11. Adopting Bring Your Own Device (BYOD) and Data Loss Prevention (DLP) policies framework to a foundational systems level.

Both the IT operating environment standardisation and the successful achievement of Essential Eight Maturity Level 2 have proven a huge win for us as an organisation. We now have a more efficient and effective, centrally managed IT services delivery capability and have significantly improved our cyber security posture”, shared Ghadiminejad.

“We recently completed a network penetration test and finance audit, and the results for both were exceptional thanks to the security controls we had put in place with our Essential Eight project”, continued Ghadiminejad.

Ghadiminejad expressed his absolute satisfaction with Professional Advantage's work for GIA.  

“The most satisfying part of working with Professional Advantage was how they painted our cloud transformation journey's vision and the bigger picture for us as a not-for-profit association membership business. They talked us through the outputs versus outcomes, so we were clear from a business point of view what we wanted to achieve”, says Ghadiminejad.

“Not only did we achieve the original scope, but PA also implemented the foundational levels of BYOD and DLP as part of the additional value they delivered because phase one was completed in less time than expected. We got the best value for money from working with PA.”

These IT operating environment standardisation and Essential Eight security compliance uplift initiatives will go down in GIA’s history as one of the most successful IT projects of any significant scale.

It will serve as a benchmark for GIA’s future IT projects as they explore and venture into the introduction of corporate-sanctioned artificial intelligence, low-code app development, and workflow automation initiatives.

Organisation

Governance Institute of Australia

Industry

PA Product

KEY POINTS

  • GIA wanted to modernise its IT infrastructure and improve its security posture using tried-and-tested cybersecurity frameworks.

  • Professional Advantage migrated their on-premises servers to Microsoft Azure and helped GIA achieve Essential Eight Maturity Level 2.

  • GIA went from maintaining fifteen to zero on-premises servers, saving them significant maintenance and hardware refresh costs.

  • A recent network penetration test and finance audit were completed with very positive results thanks to the security controls GIA had put in place with their Essential Eight uplift project.

"PA worked with us to understand our requirements and we got excellent value for money working with them."

Emile Ghadiminejad, Head of Technology, Governance Institute of Australia

Reach out to learn how we can help you achieve more with technology.

Your information will never be shared or sold to a 3rd party,
please read our privacy policy.