As technology plays a critical role as an infrastructure within Australia, there is a continuous requirement to maintain and improve the security controls of technology. 

Due to recent security and ransomware breach events that involved major Australian corporations, it was determined that IT organisations were likely to be a target for hackers and malicious attackers. Terra Firma was commissioned by one such IT organisation to implement a ransomware defender on their vulnerable file shares servers. 

The project was established to:  

• Improve information security by reducing the likelihood for threat actors to exfiltrate data and prevent ransomware attacks. 
• Improve security reporting functionalities at the IT organisation and the ability to respond to threats in real time. 
• Comply with the IT organisation’s security governance and compliance.  
• Increase the IT organisation’s security posture, governance, and compliance. 
• Optimise and increase security controls and file recovery management in the IT organisation’s environment. 

The security breaches at major organisations in Australia increased the urgency for the IT organisation to fast-track the deployment of this project. During the initial design phases of the project, it was discovered that the IT organisation did not have sufficient bandwidth across Australia to deploy all applications.  

It was decided that the project would be split into two phases: 

Phase 1: 

• Deploy an enterprise Ransomware Cluster Application from a global security software vendor, including the vendor’s Ransomware Defender and Auditor, into production. 
• Deploy the vendor’s Disaster Recovery (DR) solution into production. 

Phase 2: 

• Deploy the vendor’s Search and Recover (S&R) program into production for storage data indexation and security. 
• Deploy Ransomware Cluster Applications, the DR solution, and S&R program into non-production testing environments. 
• Establish file backups and recoveries which enabled the IT organisation to restore impacted share drives and files from a previous state. 
• Deploy the Defender Applications onto the environment for testing purposes, quality assurance and compliance with the IT organisation’s security policies. 
• Increase the IT organisation’s security posture, governance, and compliance. 

Terra Firma was engaged to provide program and project management services to deliver both phases of the project end-to-end. The Terra Firma team worked with the IT organisation’s Storage and Design division to complete the project and ensured that each milestone in the delivery plan was met.  

The following milestones were tracked for completion across Phases 1 and 2: 

• End-to-end solution design. 
• Architecture and security requirements met the IT organisation’s standards. 
• Analysis and development of Virtual Machines (VMs) for application setup. 
• Conduct service continuity and functional test to validate the solutions. 
• Transition the solution to the IT organisation’s Storage, Security and Operation divisions for management.

Both phases of the project were run under the IT organisation’s project management handbook standards, which included an iterative agile approach combined with regular governance. Key meetings and activities included:  

• Management of projects using a hybrid waterfall/agile approach. 
• Set up and management of appropriate project governance structures. 
• Management of project scope, budget, project plan, resources, risks and issues, and communications plan. 
• Fortnightly Steering Committee meetings which included updates on status, budget, and key risks and issues. 
• Negotiation and procurement of delivery resources with partner delivery teams and vendors. 
• Oversight of vendor delivery on key objectives. 
• Engagement with business and vendor stakeholders to understand requirements and construct a solution design. 
• Work with external teams across the IT organisation to onboard security whitelisting and hardening agents (such as user-based access controls, Microsoft Defender and McAfee) on the Ransomware Defender applications that restrict access to only authorised users. 
• Coordination between security vendors and the business to enable non-project discussions on department-specific sensitivities. 
• Estimation, management, and allocation of resources across cross-functional technical and business departments. 
• Advocacy and demonstration of project best practices that were to be implemented within the IT organisation. 
• Management of the team and product backlog including sprint and program increment planning, daily stand-ups, retrospectives and showcases. 
• Work with the external security vendor to complete application installations and set-up. 
• Assist in the Minimum Viable Product deployment and BAU post-deployment process for the IT organisation. 
• Management of project closure and BAU handover. 

Terra Firma’s successful delivery of all phases of the project ensured that the IT organisation had: 

• The ability to actively monitor security vulnerabilities and threats in real time. 
• The ability to actively respond to future security vulnerabilities and threats in real time by locking out unauthorised actors. 

This resulted in the following advancements within the IT organisation’s security: 

• Improvement of the IT organisation’s security reporting functionality, compliance, and responses to threats. 
• Establishment of file backups and recoveries which allowed the IT organisation to restore impacted share drives and files back to a previous state. 
• Positioned the IT organisation for future ransomware defender upgrades and rollouts when new versions of the application are released. 
• Increased security and business resilience within the IT organisation’s security network.