CustomersMorgan Sindall Group

Morgan Sindall Group

Securing a perimeterless organisation

Netskope enables us to meet our employees’ expectations of an optimal user experience (better than the one they get on their own home IT) in the safest possible manner.

—Neil Binnie, Group Head of Information Security and Compliance at Morgan Sindall
Morgan Sindall Group - customer quote

The on-premise model no longer made sense as we moved towards increased remote working. If we equip employees with laptops and invest in cloud computing, then it’s logical that the workforce should be able to access the things they need to do their job from anywhere.

—Neil Binnie, Group Head of Information Security and Compliance at Morgan Sindall
Morgan Sindall Group - customer quote

Profile

Industry
Morgan Sindall Group - construction
Region
Morgan Sindall group - region
Employees
Morgan Sindall Group - Employees
Revenue
Morgan Sindall Group - Revenue

 

Morgan Sindall Group plc is a leading UK construction and regeneration group with revenue of c£3bn, employing around 6,600 employees, and operating in the public, regulated, and private sectors. It operates through five divisions of Construction and Infrastructure, Fit Out, Property Services, Partnership Housing, and Urban Regeneration.

6 min read

Summary

Challenges

  • Avoiding network hairpinning, bandwidth issues, and delays
  • Supporting the move to cloud applications
  • Improving visibility and security control

Solutions

  • Netskope Next-Generation Secure Web Gateway (NG-SWG)
  • Netskope Cloud Access Security Broker (CASB)
  • Netskope Cloud Confidence Index (CCI)

Results

  • Safe data sharing for third-party collaboration
  • Detailed visibility of risk exposure, informing policy and decisions
  • Security and data protection for both sanctioned and unsanctioned apps

 

Morgan Sindall Group - case study banner

 

How to architect security to enable the organisation to realise the full benefits of cloud applications

According to McKinsey, the construction industry is second only to agriculture 6,600 in the reluctance with which it has embraced digital transformation, a fact which seems incongruous with the collaborative and dynamic nature of the industry. Neil Binnie, Group Head of Information Security and Compliance at Morgan Sindall, has worked within the industry for many years and describes his role as “protecting the company, helping walk the line between going too far and not going far enough” as it determines the best practices to achieve the productivity and cost benefits of digital transformation within the tight regulations in which it must operate.

The challenge that Binnie and the team faced was that while the group had embraced new cloud application models—using Microsoft 365 among other things—it was still using dated on-premise appliances for security.

Binnie explains, “Our web gateways were designed for a different architectural approach. They also gave us limited levels of visibility and control. The on-premise model no longer made sense as we moved towards increased remote working. If we equip employees with laptops and invest in cloud computing, then it’s logical that the workforce should be able to access the things they need to do their job from anywhere. But if the data traffic is having to hairpin back to the data centre for security then they remain tethered, subject to bandwidth issues and delays.”

Binnie continues, “We knew we wanted to move to an internet-based SaaS model for our web security and so the initial RFP focused on cloud Secure Web Gateways.”

As the RFP progressed, Netskope emerged as the clear frontrunner. Binnie comments, “As well as the technical functionality, we had other requirements for the companies in the RFP. We needed them to prove long- term stability and a strong UK and European presence. While these requirements knocked other companies out of the process, Netskope sailed through.”

Although the RFP had started off as a Secure Web Gateway (SWG) requirement, during the process it became apparent that the ability to combine SWG with CASB and DLP functionality would be a huge advantage.

Binnie continues, “Gartner’s SASE vision really aligned to our business challenges. We have a hybrid environment and ultimately need a security approach which can handle a constantly shifting perimeter. The integrated approach also has huge benefits on a tactical, day-to-day management basis. I don’t like gaps as it can be hard to identify who is responsible for things, but if your security follows the data wherever it goes, then those gaps disappear.”

 

Real-time threat and data protection, within the cloud

Netskope was built within the cloud to address the needs of a world in which cloud is pervasive and security needs to follow data wherever it goes. The Netskope Security Cloud provides unrivalled visibility, and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device.

Providing line of sight into both sanctioned apps (such as Microsoft 365) and unsanctioned apps, Netskope enables Morgan Sindall’s businesses to achieve real insights and take granular, policy-based action to mitigate cloud and web risks, protect sensitive data, and stop online threats.

Morgan Sindall selected the Netskope Next-Generation Secure Web Gateway for consistent inline threat and data protection on traffic to and from sanctioned and unsanctioned applications and web, as well as Netskope Cloud Access Security Broker (CASB) capabilities for threat and data protection on data at rest in sanctioned applications.

Binnie speaks highly of the Netskope team, “During the tender process, Netskope demonstrated a really good level of engagement. They understood our challenges and they were collaborative in designing the best approach to solve them. This continued during the implementation, when the professional services team were highly proactive, knowledgeable and helpful. No implementation is without the odd curveball—in our case it was an issue around geo-IP locations—but this was solved by Netskope without difficulty.”

 

Safe, collaborative working—anywhere

The nature of Morgan Sindall’s business is highly collaborative, working on projects with partners, contractors, regulators, and other third parties. If security controls hinder this collaboration and productivity then, Binnie explains, he has failed in his role: “The day-to-day business of Morgan Sindall companies requires timely and safe collaboration and the sharing of data to bring different people together on projects.” This means that, rather than taking a heavy-handed and dictatorial approach to policy, the approach is one of education, guidance, and the provision of information to inform good decisions.

Binnie explains, “With Netskope we are able to better understand what applications and cloud services teams are using, and then use the Netskope CCI [Cloud Confidence Index] to assess the risk exposure of certain behaviours. We can see if teams are choosing to make use of applications that we determine to be suboptimal in their security credentials and then we can provide both automated and manual educational ‘nudges’ to encourage different behaviours and habits.”

Morgan Sindall does not want to lock down web usage for employees, and is very keen to avoid operating as a “big brother” overseer. Employees are allowed to use social media at work and via work devices, and Netskope now enables that to happen with oversight of patterns of data movement and anomalous traffic to ensure the organisation does not suffer from malicious or accidental data leakage. Netskope integrates with Morgan Sindall’s SIEM, creating insightful reporting and analytics which can be shared both upwards into the group management and back down with IT business partners and line managers within the component businesses.

Binnie adds, “Netskope enables us to meet our employees’ expectations of an optimal user experience (better than the one they get on their own home IT) in the safest possible manner.”

2020 has provided an uncharted landscape for many IT teams to navigate, with remote working occurring at unprecedented levels and minimal opportunity to prepare. Binnie was grateful for Netskope and the work that had been done ahead of lockdowns and temporary office evacuations. Binnie comments, “The very next day after sending home our office based staff, the entire workforce was online, with access to everything they needed and no scalability or bandwidth problems. Because Netskope puts our security workflows into the cloud, there was no need to backhaul data traffic to our data centres and no undue pressure loaded into those network connections.” Baseline user behaviours changed overnight with the workforce working from home. Binnie explains, “In the UK, suddenly BBC iPlayer became our biggest source of incoming data traffic. We would never have predicted that, but in hindsight it is obvious that individuals would put some digital radio on through their laptop while they work at home alone. If we hadn’t already moved away from on-premise SWGs ahead of lockdown then all of that data traffic would have been hairpinned back to our data centres for security purposes.”

Following the initial implementation, Netskope assigned Morgan Sindall a Customer Service Manager (CSM) whose role it is to ensure that Binnie and his team are getting everything that they can from their Netskope investment. Binnie explains the role and relationship, “Our CSM has a scheduled check-in with us fortnightly and we all use this time to evaluate the estate, tune and tweak policies and settings, and drive continual improvements to our implementation. These conversations are not about Netskope upselling to us, and they work very well to ensure we know about the new functionality that is being added all the time to the service. We are ISO accredited and Netskope’s CSM approach fits into our ‘Plan, Do, Check, Act’ model which is a component of that ISO standard.”

 

Download

Morgan Sindall Group - case study
Morgan Sindall Group

Download the case study

Accelerate your security program with the SASE leader.