Case Study by Nicolas Aragnou, IT Infrastructure Manager, Kennards Hire and Daniel Haskins, IT Operations Manager, Kennards Hire.
Kennards Hire is an iconic and much-loved brand in Australia and New Zealand. With more than 190 branches, we’re the largest family-owned supplier of high quality, hire equipment.
In recent years, like many businesses, we’ve been moving our workload into the digital environment. Pretty much everything we do, except the physical, mechanical stuff, is on the computer. When you consider the number of customers we have and the number of suppliers we work with, that’s a lot of data that we need to protect.
With such a heavy reliance on technology and cloud storage, IT security has become increasingly important to our success as a business and as a brand.
With security top of mind, we wanted to validate our existing IT infrastructure to ensure it was secure as we thought and identify any vulnerabilities that needed remediation.
We also wanted to be confident that we are applying best practices and have the technology in place to mitigate the risk of an attack. Should an attack ever occur, we wanted to feel confident that we were prepared to recover with relative speed and ease.
The Selection Process
We set out to engage a company to perform a Security Controls Review, as well as an internal and external Penetration Test. We wanted them to provide us with a report of where we were currently sitting and a roadmap to achieve an optimal position within our budget and timeline.
We went to market and initially looked at five different vendors, including The Missing Link, which we’d used before. The Missing Link was the successful vendor for a number of stand out reasons.
During the initial scoping process, the account team really hit the nail on the head in terms of what we were looking to achieve. They identified additional tasks that aligned with what we were looking for that we hadn’t thought of, and their proposal met our budget.
Perhaps the real deal clincher was the values we shared.
Kennards Hire is values-led, and we like to partner with companies that share our values, which are:
One Family: treat everyone like they’re your family;
Fair Dinkum: always be up front and honest;
Taking Hire higher: work to innovate and improve the industry, and
Every Customer a Raving fan: delivering an exceptional customer experience, always.
Our account manager at The Missing Link shares all of these values – he aims to make every interaction gold; to ensure there’s clarity, understanding and honesty in every aspect of the project, and that we love what The Missing Link is doing for our business.
Our relationship with The Missing Link has been positive, right from the beginning. The scope they put forward resonated well with us – they get us, they know what we want to achieve, and that made the process smooth and easy.
Heading into the Penetration Test was a little nerve racking for some of our team – we’d done external Penetrating Testing before but never internal, and while we felt confident about our infrastructure stack, until it was tested by an expert third party, we really didn’t know what we’d find.
As it turned out, we didn’t have anything to worry about. The Penetration Testing confirmed that most areas of our security were rock solid and identified a few vulnerabilities and gaps we hadn’t thought about. At the end of the security audit and Penetration Testing, we were able to build a roadmap that made it very easy to go to the executive team and board to request the funds necessary to make change.
On a day-to-day basis, we’re in constant contact with our account manager, as we prepare for and implement changes. We feel comfortable leaning on them for anything security related.
Thinking back, there’s nothing about this project we would have changed – it’s panned out exactly as we wanted. We’ve been able to test products, the pricing has been consistent with what was proposed, and the report generated has given us a roadmap with a decent timeline.
Cyber security is the one thing we both lose sleep over – as we can control pretty much every other aspect of our remit to a point, but we can’t control an attack on our infrastructure.
Now, having worked through a Penetration Test and a Security Controls Review, and with a roadmap in place, we both have the depth of confidence in our infrastructure that we were looking for. Knowing we have experts on our side to ring at the drop of a hat for advice and help, lets us get a couple of extra hours sleep at night.
From the perspective of our company’s executive and board, having a security company review and report that we’re as secure as possible has validated that what we’re saying about our infrastructure security is accurate.