Southampton City Council

Southampton City Council was aware of its identity security gaps, and the IT team recognised the need for a solution that could extend MFA across on-prem systems. They also wanted to move away from physical tokens and gain much-needed visibility into service accounts.

As a long-standing security partner, BlueFort Security played a key role in introducing Silverfort. Following initial discussions, a guided POC quickly demonstrated how Silverfort could modernise and consolidate the Council’s authentication approach, while extending protection across Active Directory and other critical systems. The ability to secure authentications without requiring infrastructure changes proved particularly compelling.

After completing the POC, Southampton City Council worked with BlueFort Security’s services team to deploy Silverfort across its hybrid environment. With BlueFort’s support, the rollout for major integrations, including remote desktop, hypervisor systems, infrastructure, and historic remote access systems, was completed in just a matter of days. It allowed Southampton City Council to enforce MFA credentials on all required systems with minimal effort, immediately reducing the council’s exposure to ransomware and lateral movement.

“From an admin perspective, it was just turn it on and go. Once we got a grip on it, Silverfort was really straightforward. We deployed Silverfort on some of our systems in no time. We just updated the rule, removed the old 2FA, and integrated seamlessly. The same was true with what we thought would be complicated systems, where replacing Microsoft MFA with Silverfort took about half a day. Even networking equipment integration moved across easily once we tied it into AD authentication,” said the Infrastructure and Security Lead.

Another key priority for Southampton City Council was cleaning up service accounts. Silverfort discovered a substantial number of dormant accounts and provided end-to-end visibility into how and where they were being used, helping the team reduce the risk of misuse.

Southampton City Council has made Silverfort a cornerstone of its identity-security strategy. Beyond securing privileged access to critical resources, the team embedded Silverfort in ransomware playbooks, enabling incident response teams to block authentication attempts instantly in the event of a breach.

Southampton City Council also plans to continue refining service account management, progressing towards broader gMSA adoption and ensuring ownership and control remain in place. In the event of mergers with neighbouring councils, Southampton is confident it has a clean and resilient identity-security foundation that can scale to meet future demands.

BlueFort is the UK’s leading Security Solutions Provider (SSP), trusted since 2007 to help organisations operate securely in an increasingly complex digital world. We protect hundreds of organisations and millions of users through solutions aligned with globally recognised security and compliance frameworks — from NIST, ISO 27001, and Cyber Essentials Plus to CIS Controls, NIS2, SOC 2, DORA and the UK’s NCSC guidelines. Our expertise begins with robust identity and access management and advanced cloud security, then extends across the full landscape of cybersecurity, including operational technology (OT) security, data protection, threat detection and response, compliance, and the safe adoption of AI tools. BlueFort Security is a trusted cybersecurity partner and a Crown Commercial Services and G-Cloud 14 supplier.

Silverfort secures every dimension of identity. They are the first to deliver an end-to-end identity-security platform that is easy to deploy and won’t disrupt business operations, resulting in better security outcomes with less work. Discover every identity across every environment, analyse exposures to reduce your attack surfaces, and enforce security controls inline to stop lateral movement, ransomware, and other identity threats.