Customer Story

Atrium Underwriters

In the halls of Lloyd’s of London, Atrium Underwriters continue their century old data security principals by partnering with BlueFort and their cutting-edge digital security, safeguarding insurance data in the modern world.
Based in the Lloyd’s of London building, Atrium Underwriters is a long-established leading specialist insurance and reinsurance business. Operating within the Lloyd’s market and with a history dating back to the 1930s, Atrium Underwriters is security conscious to its core and data security is of paramount importance.

Key challenges

  • Adoption of cloud technologies led to limited visibility of external attack surface
  • Ability to track and see users across the network had been lost
  • Needed to consolidate a dearth of security tools, many of which were outdated and no longer needed

Overview of the situation

Organisations of every size, in every industry, and in every country are digitally transforming; all seeking enhanced agility, speed and data-driven decision-making. As part of its own digital transformation journey, Atrium put in place plans to move parts of its business away from a decades-old legacy IT estate, to a more flexible, scalable, and less expensive cloud-based infrastructure.

However, in addition to delivering the anticipated benefits, migration to the cloud also posed a number of unforeseen challenges. Modern cloud deployments are tremendously complex and typically span multiple clouds. As a result, maintaining a robust security posture in an environment that’s constantly changing was proving almost impossible. 

The combination of the shift to hybrid working and the move to a cloud infrastructure resulted in Atrium’s IT security team not only having limited visibility over its now significantly expanded external attack surface, but also losing track of and visibility of users across the network. Atrium found itself at serious risk of existing, new and unknown threats, and for an organisation that operates in a highly regulated industry, this was a critical issue that needed to be urgently addressed.

Quote marks

“Atrium is going through a lot of change so it’s great for both our IT team and our end users that we can use technology that we are familiar with and we can be assured that it’s secure. BlueFort was on hand throughout the process for any queries that we had.” 

Gary Lewis, Head of IT, Atrium Underwriters

Prioritised plan of action based on principles of discovery, validation and control identifies and tackles cyber risks

Driven by industry-standard methodologies including NIST, ISO 27001, Cyber Essentials, and Continuous Threat Exposure Management (CTEM), BlueFort’s approach is based around three pillars: cyber discovery, validation, and control. Rather than being a process with a beginning and an end, BlueFort’s approach is one of continuous cybersecurity improvement, which aims to consistently monitor, evaluate, and mitigate security risks through strategic plans and actionable security posture remediation.

The discovery phase of the methodology resulted in BlueFort’s team creating a technology-based roadmap that showed a single view of Atrium’s on-premise, cloud and hybrid environments and risks. The roadmap also included an inventory of the tools, assets and policies across its estate.

Zero Trust and IAM framework deployed

This detailed understanding of Atrium’s IT estate delivered through the roadmap enabled the BlueFort team to draw up a prioritised plan of action. Prioritisation was important because it showed Atrium where to focus first. In this case, it was closing the security gap created by unknown and potentially unauthorised user access, by deploying a zero-trust framework that provides secure access for its distributed users. Zero trust requires all users, whether in or outside Atrium’s network, to be strongly authenticated, authorised, and continuously validated for security configuration and posture, before being granted or keeping access to applications and data.

This big-picture overview of Atrium’s network also enabled it to consolidate a sprawl of security tools, many of which were out-dated and not needed, leading to unnecessary cost and complexity and the potential opening of attack vectors.

Evolve and more

Following an initial engagement, Atrium has gone on to partner with the team at BlueFort on a host of other cyber improvement projects, benefitting from its Evolve program, a cyber services platform that provides flexible and on-demand access to skills and expertise while also providing deep industry expertise to ensure security tools are operating and performing at their maximum potential.

See how BlueFort can help you simplify your cybersecurity