Case study by Jason Snuggs, IT Manager - Energy Power Systems Australia
Energy Power Systems Australia is part of the Caterpillar network.
As such, we supply Cat® engines, diesel and gas generators, renewable power options, and customised full turn-key engineered power solutions to multiple industries in Australia, Papua New Guinea and the Solomon Islands.
As part of the Caterpillar global network, we’re accountable to our international partners, our state-based dealer partners, suppliers and of course our clients, which range from utilities, health and education, to oil and gas, mining and resources, marine and manufacturing. Ensuring our data and IT systems are secure is, understandably, an imperative.
When I joined the organisation over two years ago, the existing infrastructure was ageing. We immediately set about refreshing systems and addressing issues to ensure we had a reasonable IT platform from which we could operate.
Once we’d improved the overall IT environment, the next stage was to conduct a security audit. Our goal was pretty straight forward. While we had no major concerns, we wanted to be sure we were protected against security breaches, data loss and so on. We also wanted to gain an understanding of how we could, as a small team, best manage our environment internally going forward.
The Selection Process
We discussed the need for a security audit with a few vendors and quite quickly settled on The Missing Link. We felt confident that David, Melody and the team were genuine – they had the in-depth, specialist knowledge we were looking for and weren’t just sales blustering.
Importantly, the proposal that The Missing Link presented, demonstrated a clear process and, while the commercial component was secondary to ensuring they had the required capabilities, we felt they were very transparent and reasonable with their costs.
We’ve now been working with The Missing Link for almost a year and it has been a straightforward relationship from day one. David and Melody are really easy to get along with, and the technical team is very helpful – I’m not a highly technical security expert, but they are able to communicate about the projects in lay terms that make sense to me.
The security audit itself went smoothly and we were happy with the process and timing of the reports. While there were no surprises, there was one area that we’d been concerned about and they confirmed it needed attention. Impressively, rather than waiting until the end of the audit to tell us about this, they informed us on the spot. We were able to investigate our options and then have it resolved within 24 hours. It’s that type of proactive thinking that benefits our business and sets The Missing Link apart from many others.
Coming out of the audit was definitely a relief – while we had a lot of assumptions about areas that needed to be addressed, we had no definitive facts. Even though the audit identified issues that needed to be fixed, which in turn increased our internal workload, we were happy to know what we needed to do to further protect our company’s IT security.
There’s no doubt that regular security audits help with business development. Our Managing Director was keen on the process being completed, and The Missing Link helped us to understand specific areas and finish the project on time.
Having completed a successful security audit and taken action accordingly, we’re now in a good place to further develop our security strategy moving forward, thanks to The Missing Link. Security audits will now become at least an annual undertaking.