Posted on

Lightstream’s Rapid Risk Profile helps clients protect what matters

Through security threat evaluation and expert recommendations, you can better understand your risks and meet your key security objectives

Business Challenges

Many organizations and their security teams are in desperate need for quick ways to evaluate the security threats associated with their accounts, identity & access management, logging, networking, storage and monitoring. With lean teams and lack of crucial security talent in the marketplace, Lightstream’s Rapid Risk Profile is solving some of the most challenging organizational security concerns.

Understanding Risk
Most businesses don’t know where to start when it comes to guaranteeing their cloud environments are optimized and completely secure. Lightstream provides a Rapid Risk Profile assessment to clients to improve their cloud environments.

Protecting What Matters
No matter where you do business, you want to connect your business assets, protect what matters and continually innovate and optimize.

Achieving Efficient Regulatory Compliance
Clients need to determine compliance within industry standard frameworks or regulatory compliance controls. Compliance reporting can be time consuming. However, businesses using Prisma Cloud benefit from a 90% reduction in the time it takes to conduct that reporting.

The Lightstream Solution

Risk detection is an easy and seamless process with Rapid Risk Profile. Discovery and mitigation timelines speed up, while Lightstream gains a full understanding of your environment in order to offer customized expert solutions for your organization’s needs.

Low-Touch, Low-Risk Assessment
Lightstream’s Rapid Risk Profile assessment is a low-touch, low-risk profile that supports up to three production accounts across a maximum of three public cloud platforms with real-time delivery. When you decide to complete the Lifestream Rapid Risk Profile, you’ll begin with a single one-hour remote meeting with the Lightstream Security Team. This assessment allows for Lightstream to complete the analysis without ever accessing your data during or after the session.

Quick Evaluation
The assessment quickly evaluates security threats associated with a client’s account, identity and access management, logging, networking, storage and monitoring. It provides a compliance summary report of the client’s environment against the Center for Internet Security (CIS) Critical Security Controls (CSC) framework.

Identify Gaps & Remediation
The assessment immediately identifies gaps within a client’s cyber security profile. The client then goes through a remediation process. Lightstream offers a variety of best-in-class solutions.

Four-Phase Approach
After completing the assessment, Lightstream offers a four-phase approach to implement a secure cloud environment.

  1. Define outcomes required.
  2. Create comprehensive plan and design tangible architecture that provides initial remediation.
  3. Create cloud platform that allows for secure deployment of applications in the cloud.
  4. Review will be delivered with hand-off and knowledge transfer to all key players.

Ongoing Monitoring & Support
The Lightstream team doesn’t stop there. Once the Rapid Risk Profile is completed and the four-phase approach is implemented, Lightstream is with you to continually monitor and manage your code security and cloud environment with our managed services options. Our team of highly trained experts will help you effectively balance risk and business outcomes.

Business Outcomes

Seamless Process
Risk detection is an easy and seamless process with Rapid Risk Profile. Discovery and mitigation timelines speed up, while Lightstream gains a full understanding of your environment in order to offer customized expert solutions for your cloud needs.

Top Security & Compliance
With Lightstream’s Cloud Managed Services (CMS), clients will have top security and compliance issues audited against best practices.

Reduced Financial Impact
Lightstream brings expert engineering support while reviewing the client’s cloud environment and making recommendations to reduce the financial impact of their cloud environment.

Risk Detection Made Easy with Lightstream Rapid Risk Profile
Our services platform and team of highly trained cloud, security, and networking experts will help you to effectively balance risk and business outcomes. The Lightstream Rapid Risk Profile is completed in a single one-hour web meeting with our security team. All access to your environment is performed by you. Lightstream has no access to your data during or after the analysis session. If you’re ready to get started, contact us for your complimentary assessment.

Posted on

Lightstream’s Zero Trust Security Model prevents breaches and ransomware attacks

The 5-Step Model to Implementing Zero Trust

Strategic approach protects critical assets and reduces impact on any attacked areas

Business Challenges

A cyberattack or data breach is a nightmare scenario for every business or corporation. As cyberattacks become more automated and complex, IT and security departments face an event overload, lack of time and increasing staff cost. Once a data breach occurs, the clock is ticking.

Pressure to Respond Faster
Network administrators must be concerned with protecting their organizations from outsider threats, insider threats and malware. There is pressure to respond faster and mitigate threats before damage occurs.

In-house Talent Shortages
Cybersecurity is becoming increasingly difficult to manage in-house. Many IT and security departments have a shortage of trained and experienced security analysts.

Security Strategies Need to be Adaptable
The traditional security model is vulnerable. Organizations need a more advanced security strategy to reduce the time, cost and complexity of investigating and responding to security events and analyzing the root cause. Businesses need to lower risks and their impacts and achieve a higher return on investment for their cybersecurity spend.

The Zero-Trust Solution: Never Trust. Always Verify.

Lightstream takes the old phrase “trust, but verify” and flips it on its head with the Zero Trust Readiness Assessment. This is for businesses that don’t know where to start and is a strategic approach that helps prevent data breaches.

The Zero Trust Assessment Process
STEP 1: To begin, the Zero Trust Readiness Assessment looks at three organizational groups:

  1. Strategic
  2. Managerial
  3. Operations

STEP 2: Based on the results, Lightstream assesses gaps to develop a plan. It offers best-in-class solutions with deep integration of the platform across leading vendors including Palo Alto Networks, Fortinet, Cisco, Amazon Web Services, Azure, Google and VMware. Our endpoint protection is based on Palo Alto Networks Traps to block security breaches and ransomware attacks before they compromise endpoints. It also builds on the revolutionary Palo Alto Networks Cortex XDR to provide Lifestream analysts and forensic specialists with threat intelligence, logs and data.

STEP 3: Within one week of completing the Zero Trust Readiness Assessment, you’ll receive a strategic advisory report. It will offer future improvements in the areas of strategic, managerial and operational levels. With that roadmap, you’ll have insight into your progress and next steps.

Addressing security challenges requires a fundamental shift in managed security services. Lightstream’s approach to cyber defense is focused on prevention and based on Zero Trust. Lightstream delivers the next generation of cloud-based security services in prevention, detection, response, forensics and threat-hunting.

Business Outcomes: Protect Your Critical Assets

The average cost of a data breach in the United States is $9.44 million[1]. Organizations with a Zero Trust security approach can potentially save $1.5 million compared to those that don’t, according to IBM Security’s “The Cost of a Data Breach Report.”[2]  With Lightstream’s Zero Trust Readiness Assessment, businesses can protect their critical assets and quickly reduce impacts of a cyberattack.

Make More Informed Security Decisions
The Zero Trust Readiness Assessment helps businesses make informed decisions about required actions, budgets and how to allocate resources. It’s developed using Zero Trust principles and enables execution of a quick and seamless strategy.

Ensure More Clarity Security Solution Implementation and Maintenance
Lightstream provides long-term and short-term recommendations to implement the Zero Trust model. Organizations also get clarity on how to implement and maintain their security policy with Zero Trust.

Get 24/7 Access to Elite Security Experts
Lightstream’s Zero Trust Readiness Assessment gives organizations 24/7 access to an elite team of security professionals – saving you time and money. You’re not alone on the path to better security.

What’s Next? Contact Lightstream
If you’re not quite sure where to begin when it comes to securing critical assets and creating a long-term security solution, Lightstream is here to help. You can start today with our Zero Trust Readiness Assessment. Contact us here.

 

 

[1] https://www.ibm.com/reports/data-breach

[2] https://www.securitymagazine.com/articles/98486-435-million-the-average-cost-of-a-data-breach

Posted on

Lightstream closes major security gaps and provides efficient system for benefits brokerage and HR services firm

Lightstream Cloud Checker paves the way for better customer service and alleviates strain on team

Business Challenge

A benefits brokerage and HR services firm specializing in integrated technology solutions for small businesses had two main needs: More efficient systems and closing gaps in security. The firm focuses on providing the best benefits, HR and compliance management services on the market. Its signature concept is its integrated technology solution, which can manage an organization’s HR needs from recruitment to retirement.

Massive Strain on team
The benefits brokerage and HR services firm employs 80+ people and has an annual revenue of over $17 million but their growth in the last couple of years exploded which meant its cloud infrastructure was getting more complex. This put a massive strain on the team to manage the system and it became increasingly more involved and time consuming.

Gaps in Security
The other major concern involved security. The firm needed to find any gaps that put sensitive information at risk, including individuals’ medical histories.

You need somebody looking at your security environment on an ongoing basis. Lightstream does that for hundreds of customers. We have competencies and multiple cloud platforms. That’s what we do.

— Jim Cassell, Lightstream CEO

 

The Lightstream Solution

Lightstream Cloud Checker performed a thorough review of the firm’s existing infrastructure. It found several points of vulnerability. Through our solutions, the firm’s cloud infrastructure is now layered with security.

Expert-Level Education
Lightstream was also able to educate the firm on the benefits of Amazon Web Services (AWS). Its knowledge allows for this firm to function safely and with confidence because of the AWS installation.

Consistent Checkpoints and Transparent Communication
The partnership didn’t end at installation. Lightstream and the benefits brokerage meet monthly to review data generated by Cloud Checker to identify opportunities with and threats to the firm’s security and ways to better utilize AWS.

We love working with them. They’re very sharp. Any time we have questions, [we get] immediate answers. Peace of mind. We’re not alone, we feel like we’re covered.

— Director of Software Engineering, Global HR Services Firm

 

Business Outcomes

Better Customer Service and Decreased Employee Strain
Lightstream’s Cloud Checker solution paved the way for this firm to better serve its customers because its workers are no longer strained by a cumbersome cloud infrastructure. It also helped fortify the firm’s security to protect personal information and maintain trust with their clients.

Cost Transparency and Allocation
The cost is shared across departments. Lightstream provides the firm with a financial review with tagging so it’s able to link its use of AWS to specific operations within the organization. It’s a powerful visual tool that also adds depth as an expense, because rather than seeing one large, lump single sum amount owed, the cost is broken down as it is allocated across different departments.

Cost Savings and Optimization
The solutions implemented not only save costs but ensure continued optimization. Each month, our Lightstream team provides a server usage report that allows the client to turn off any unused servers and optimize what’s in play.

Next-Level Data Protection
No business wants to be publicizing to the world that it lost customers’ data. Lightstream’s monthly, in-depth system check identifies weaknesses and vulnerabilities to ensure continued improvements to security strategies, in real-time.

What’s Next? Partner With Lightstream

Innovative companies like yours need secure and interconnected cloud and network foundations. But building those can be a complex process. That’s where Lightstream comes in. Our expert team is ready to help your organization stay at the forefront of your industry. Contact us today about Lightstream Cloud Checker and how it can tighten security and create transparency for opportunities.

Posted on

Ransomware Attacks Now Targeting School Systems

Ransomware Attacks Targeting Schools

Ransomware attacks are nothing new. Thousands of businesses have fallen prey to malicious attackers for decades, paying billions in ransom and disrupting operations from a few days to a few months. And that number is only growing.

According to FortiGuard Lab’s 2021 Ransomware Survey Report, ransomware attacks have increased by almost 1,100% year-over-year. While we most often associate attacks with banks and mega-corporations, the truth is ransomware attacks are no longer for the enterprise only. K-12 and higher education institutions appear to be the latest victims, seemingly fueled by the 2019 COVID pandemic.

The COVID Impact on Ransomware Attacks

The COVID pandemic of 2019 disrupted our lives, how we learn, and our approach to work. As the world was forced to go remote, many organizations weren’t prepared for the shift to remote working and virtual learning. And neither were their security systems and teams.

The Information Systems Audit and Control Association (ISACA) explains how the threat landscape expandedwhen unprepared businesses and schools had to go remote to adapt to the pandemic. Employees, teachers, students, and consumers did everything remotely—shopping, teaching, learning, and working.

School systems became more digitally connected than ever before, using platforms like Zoom and Google Classroom to teach students virtually. And attacks like “Zoom-bombing,” where uninvited guests gain control of screens and disrupt classes, became more commonplace. With such a vast threat landscape, the vulnerabilities were virtually limitless.

The 2022 Labor Day weekend ransomware attack on the Los Angeles Unified School District (LAUSD)—the second-largest U.S. school district—is yet another example. Whether they’re attacking one of the largest districts in the country or a small, budget-challenged school district, school ransomware attacks spread far and wide. But the attacks are especially tough on smaller, poorer schools that lacked the resources and didn’t prepare for the immediate shift and technical requirements for remote teaching.

“School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cybercriminals can still put school districts with robust cybersecurity programs at risk. K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers.” – FBI and CISA bulletin

But the LAUSD attack is far from the only educational institution impacted. The surge in ransomware attacks on schools has been so profound that President Joe Biden signed the K-12 Cybersecurity Act of 2021 into law to strengthen cybersecurity in schools. The act “directed CISA to work with teachers, school administrators, and private sector firms to develop recommendations and an online toolkit that can help schools improve their security, from securing student data to security challenges with remote learning.”

And after the LAUSD, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint bulletin warning of even further increases in attacks. That’s on top of the 1,000-plus educational institutions that have already suffered a ransomware attack since 2019.

Despite acts written into law and many warnings and bulletins, schools are still dealing with the ramifications of attacks by malicious actors.

The Implications of Ransomware on Schools

As the name implies, ransomware attacks use malware to “encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. [They] often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”

Cybersecurity Dive, an online newsletter for news on cybersecurity, breaches, and threats, shared that, on average, higher education organizations reported average remediation of $1.42 million per attack. K-12 reported an even higher $1.58 million. While these financial payouts are a huge hit to schools, they’re not the only implication of ransomware attacks:

  • Unauthorized access to personally identifiable information (PII). ISACA highlights unauthorized access to confidential information, such as names, addresses, social security numbers, and financial details as one of the most important factors to consider. If accessed by the wrong people (attackers), students (and teachers or staff) could become victims of identity theft. And schools may have lawsuits on their hands for not properly caring for the highly confidential and valuable information hackers accessed in the data breach.
  • Delays, disruptions, and restricted access. The CISA security alert discussed some of the less critical but still impactful ramifications of data breaches within schools. These include restricted access to networks and data, delays in exams, canceled classes for the day, and downtime.According to a 2022 Sophos study of 730 IT professionals in the education sector, it takes twice as long to recover after an attack than with organizations outside of the education industry. Forty percent reported it taking more than a month, 31% said between one and three months, and 9% recovered between three to six months later.
  • The new ransomware target. Education just might be the new prime target for ransomware attacks. The same Sophos study revealed that educational institutions were attacked even more in 2021 than the previous year, impacting nearly two-thirds of higher education organizations. And for K-12? Ransomware hit more than half of them. The attacks have many implications, but for higher ed, 97% of respondents said they impacted their ability to operate, which can have long-term effects, like permanently closing their doors.

How You Can Fight Back

While ransomware attacks aren’t going away anytime soon, whether you’re a 40,000-student college campus or a small rural school, there are ways to fight back. We also recommend working with a team of security professionals who can set up and continually monitor your network to help prevent and mitigate the effects of a data breach.

So, if you’re ready to combat malicious attacks, contact us today to see how Lightstream can protect your school’s data from breaches.

Posted on

Mandatory 36-Hour Breach Reporting Window for U.S. Banks

Banks required to notify

In November of 2021, the Agencies, comprised of the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the Federal Reserve Board (FRB), passed a regulation that requires banks to notify regulators no more than 36 hours after they identify that a security incident (that rises to the level of a “notification event”) has taken place. The regulation required full compliance by May 1, 2022. FDIC-supervised banks will report incidents to their case managers while banks that are regulated by the Board of Governors of the Federal Reserve System will need to inform the board. The Agencies explain though that not every data security incident is a notification event. According to the rule, a computer-security incident is “an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores or transmits. An incident requiring subsequent notification is defined as a ‘computer-security incident’ that has disrupted or degraded a banking organization’s operations and its ability to deliver services to a material portion of its customer base and business lines”

Business Impact

While this requirement from the FDIC, OCC, and the FRB is new, most banks have already been using a 72-hour protocol for reporting. But with an even tighter timeline, banking corporations are going to have to ensure they’re reporting accurate information. Roger Grimes of KnowBe4 explains that in the rush to report quickly, more corporations will probably report inaccurately, which increases the liability risk. Banks will need to first identify if a notification event has taken place, and if they determine that’s the case, they have 36 hours from then to report.

Security Impact

Financial institutions are the backbone of the U.S. economy, according to Marcus Fowler, senior vice president of strategy engagements and threats at cybersecurity AI firm Darktrace, and are one of the most targeted sectors for cybersecurity threats. By establishing a tight window for breach reporting, banks can help restrict the scale of an attack and minimize the impact, protecting the “backbone” of our economy. Attackers try to harm as many victims as possible before defenders can address the issues, so the speed of reporting is vital in combating these cyber attacks.

Take Action

  1. Review the FDIC’s examples of notification events and set up parameters around what is and what isn’t a notification event
  2. Review incident response and business continuity plans to ensure compliance with the new reporting requirement

Recommendations

Lightstream recommends reviewing the new requirements and examining current policies and processes to ensure you’re compliant. Prioritize security by identifying what is a security incident and if that incident is a notification event. Use a comprehensive vulnerability management program to protect your banking corporation. We can help. Our full-stack vulnerability management programs keep you ahead of emerging threats and attackers.

 Read the full bulletin

Posted on

VMWare Infrastructure Actively Exploited to Compromise Organizations

VMWare Infrastructure Actively Exploited to Compromise Organizations

VMWare Infrastructure Actively Exploited to Compromise Organizations. CISA, the Cybersecurity and Infrastructure Security Agency, has issued an emergency directive highlighting an escalation of successful attacks against commonly deployed enterprise components of VMWare virtual infrastructure. The directive points to an escalation of successful attack against a series of VMWare vulnerabilities that are exploited independently, or in combination, to fully compromise VMWare infrastructure in these organizations. While VMWare has issued patches for these vulnerabilities, attackers have quickly reverse engineered them to develop and weaponize exploits now appearing in the wild.

The attacks highlighted require network access, but successful attackers have utilized 3rd party network access and web exposed servers to compromise vulnerable VMWare components and gain full access.

Business Impact

Exploitation of this set of vulnerabilities gives attackers complete control over the VMWare virtual infrastructure. This means that critical business systems can be manipulated, destroyed, or silently monitored by attackers. If your organization depends on VMWare components highlighted below your business is likely at risk of compromise.

Security Impact

The CVE numbers for the critically impacted vulnerabilities are CVE-2022-22954, CVE-2022-22960, CVE-2022-22972, CVE-2022-22973; however, the primary point of attack has been CVE-2022-22954 which has a CVSS score of 9.8 (originally published 4/11/22) and results in a potential Remote Code Execution (RCE). It is recommended that any exposed components to the Internet should be assumed compromised and disconnected/investigated immediately. VMWare customers should also immediately deploy additional monitoring of their VMWare infrastructure and monitor for IOCs.

VMWare Infrastructure Actively Exploited to Compromise Organizations Urgent Actions Required

  1. Identify VMWare Workspace ONE Access and Identity Manager infrastructure, scan for vulnerabilities
  2. Disconnect/investigate infrastructure with missing patches exposed to the Internet, or 3rd party access
  3. Urgently apply missing patches described above in VMWare infrastructure, monitor for compromise

Recommendations

The vulnerabilities are present in the following VMWare components: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. These should be placed under heightened security monitoring, patches urgently applied (if not already done) and threat hunt activity should be initiated using the available Indicators of Compromise (IOCs). This situation highlights the criticality of operating a vulnerability management program.

 Read the full bulletin

Posted on

Millions of Log4j vulnerable systems still unpatched

Log4j vulnerability unpatched

A recent survey by Qualys and published in SC Magazine suggests that after over 3 months, millions of Log4j vulnerable systems still unpatched, roughly 1 in 3 devices and installations that were affected by the Log4j vulnerability are still unpatched. This number amounts to roughly 22 million vulnerable application installations — and it should be noted that these are just the devices that are readily accessible from the Internet.

Log4j reached critical status towards the end of 2021 when it was discovered that a feature its platform could allow an unauthenticated attacker to take complete control over a remote system. The vulnerability was classified in CVE-2021-44228, and has been extensively discussed in cyber security as well as in a published flash with guidance from the government’s cyber security agency, CISA, who published guidance.

Business Impact

This Log4Shell vulnerability, as it’s been colloquially named, impacts business systems exposed to the Internet (and systems connected to them) and can result in compromise of system and data integrity, as well as complete take-over of a system or platform generating severe operational and financial business impact.

Security Impact

Using this vulnerability, attackers without credentials or otherwise
legitimate access can exploit this weakness in Log4j to issue system-level
commands, corrupting, disabling, or taking over a system. Subverted systems can
then be used to deploy ransomware or attack protected, critical systems and exfiltrate sensitive data from organizations bypassing security controls.

Urgent Actions Required

  1. Scan all systems, on-premise and in the cloud, with a reliable vulnerability scanner
  2. Triage all identified vulnerabilities, prioritize internet-accessible systems and connected devices
  3. Patch Log4j vulnerabilities with the highest priority – closing any open vulnerabilities

Recommendations

Lightstream recommends operating a comprehensive vulnerability management program and prioritizing issues like Log4j vulnerabilities as business-critical fixes.

If your organization does not have a functional vulnerability management program, Lightstream can help – we operate full-stack vulnerability management programs for our customers, keeping you ahead of emerging threats and attackers.

 Read the full bulletin

Posted on

Tepco Glass Migrates to Azure, Increasing Reliability and Setting the Stage for Future IT Modernization

Faced with aging on-premises servers and an unsupported operating system, Tepco Glass moves all applications to Microsoft Azure with help from Lightstream.

Business Challenge

Tepco Glass is one of the top glass and glazing contractors in the United States. Founded in 1982, the Dallas-based company specializes in commercial glazing and architectural design, as well as the installation of curtain walls, window walls, storefronts, entrances, motor operable windows, glass railings, and other façade enclosures.

When the COVID-19 pandemic hit, the construction industry stalled. Many projects were postponed, delayed, or canceled. And the global slowdown cascaded to suppliers and contractors, including Tepco, negatively affecting revenues and cash flow.

Although business was slow and cash flow was tight, Tepco’s business did not stop. The company continued to operate, serving its customers and addressing operational challenges. One challenge they faced involved the company’s IT infrastructure.

Tepco’s core business applications ran on Windows Server 2008 R2 servers located in the company’s small data center in Dallas. The hardware was over five years old, and Tepco’s IT manager was concerned that the aging hardware could lead to equipment failures. In addition, Windows Server 2008 R2 had reached end of life, and the company was no longer receiving support from Microsoft.

Solution

Company executives knew they needed to address the issues. But given the economic realities during the pandemic—business slowdown, a global microchip shortage, and supply chain constraints—they did not want to incur a large capital outlay to purchase new hardware and upgrade to a supported operating system.

They decided to explore the cloud. Moving to the cloud would eliminate the need to refresh hardware. And Microsoft offered an added incentive: if they migrated their Windows Server 2008 R2 environments to Microsoft Azure, the company would receive an additional 36 months of extended security updates for free.

The solution seemed viable, but the company wanted to ensure that it would work. Tepco’s IT manager knew one of Lightstream’s account executives from a previous working relationship, and reached out for help.

The first step was to assess the plan. Lightstream linked Tepco’s VMware environment to Azure Migration to evaluate the feasibility of moving it to Azure. This showed that the migration was viable and that Tepco could save money over the long term. Tepco’s executives were pleased with the findings and approved the project.

Over a period of 12 weeks, Lightstream experts worked with Tepco to plan, configure, and test their Azure environment. Finally, when all testing had been completed and issues resolved, Lightstream moved all of Tepco’s core applications from on-premise servers into the new environment. For ongoing support and optimization of their Azure environment, Tepco will use Lightstream Cloud Managed Services (CMS).

Business Outcomes

Increased Reliability and Availability

Tepco Glass has four locations—two in Dallas, one in Carrollton, Texas, and one in Oklahoma City—as well as other remote users who need access to applications. The Dallas headquarters is located in a section of the Dallas area that doesn’t have the most reliable power or internet service. Consequently, when the headquarters site suffered a power or internet outage, no one could connect from any locations, and their business was disrupted.

By moving all applications to Azure, Tepco no longer has this problem. Even if the Dallas location experiences an outage, users from the other sites are not affected. They can continue working without interruption.

Shift to a Consumption-based Operating Model

Tepco no longer maintains on-premise server hardware. By moving to Azure, they eliminated the need for large capital outlays in the future to address product upgrades and hardware refreshes. And they now have a more predictable operating expense model for IT.

Better Positioned for Future IT Modernization

Tepco is no longer limited by their data center environment. With all server infrastructure now in Azure, they have more flexibility, making it simpler for them to pursue future modernization efforts like virtual desktop infrastructure (VDI) and others. For example, with all workload in Azure, they don’t need to buy high-end gaming computers for people to do product designs anymore—the heavy processing can now be done in the cloud.

Ongoing Infrastructure Management and Cloud Optimization

By moving to Azure, Tepco no longer has to worry about infrastructure management. Lightstream Cloud Managed Services supports the company’s infrastructure, ensuring servers are patched and maintained, and oversees the company’s Azure environment to make sure it is optimized both for cost and performance.