PreviousNext

“Somniac have done an incredible job through the extremely tough times over the last few years, the formation of the new organisation and more recently defining, justifying and steering our modernisation programme. You’ve been an enormous support to me and many others and, without sounding trite, there is absolutely no way that we would be where we are without you. You’ve been incredible colleagues and friends, consistently providing support, advice and pragmatism in the face of sometimes incredible pressure and adversity. It has been an absolute privilege to work with all of you.”

-CISO, UK Government

“It has been an absolute pleasure having the team from Somniac support us with a business critical, cloud migration project. They have been really involved and supportive all the way through and have felt like part of the team rather than an external resource. It has been really reassuring to always have them there to discuss ideas and get their expert advice on best practice to ensure that the migration was completed in a secure and controlled fashion. Nothing has been too much trouble and they were always available to us. We could not have done it without them.”

Lee Osborne, Head of Technology Innovation, HCFX

Case Study – Market Leading Boutique Financial Company

Somniac Security successfully developed a modernisation program for a leading boutique financial services company, reducing costs, increasing security and migrating to cloud-based Microsoft M365 to remove reliance on legacy infrastructure.

The company suffered a series of service outages due to reliance on outdated on-premise server infrastructure.

Although the outages were short, losing access to the information held on the server was causing the company significant challenges including continuous interruption to remote staff.  Additionally, the legacy infrastructure required costly maintenance and supporting network services, resulting in a high cost of ownership.

To understand the company’s business goals, data requirements and infrastructure landscape, Somniac ran a comprehensive discovery workshop.  The resulting analysis enabled Somniac to provide the company with expertise and guidance around the potential challenges the company may face to migrate their existing legacy services to the Microsoft Office 365 environment whilst significantly increasing their security posture.

Phase Two centred around helping the entirety of the company understand the benefits of cloud services – involving Marketing, Human Resources, and Finance as well as the Tech teams. Somniac facilitated a two-day planning and training workshop, during which the company’s Tech team gained a better understanding of the technologies involved. Somniac ensured the team were fully involved with the decision-making process, guaranteeing that the design and implementation plans created by Somniac were achievable and appropriate for their organisation.

Throughout the program Somniac provided hands on, onsite technical expertise while providing project direction and oversight through regular sessions – ensuring the project was delivered on time and within budget. When issues were discovered, the team had Somniac’s problem-solving expertise at hand, enabling the completion of the migration without significant delay.

Somniac Security played a vital role in the company’s initiative to enhance infrastructure availability by helping to transition to secure cloud operations. By removing their reliance on the on-premise server infrastructure, the company reduced costs and technological complexity while easing the administrative burden on their in-house support team.

The partnership with Somniac also resulted in improved operational capabilities, allowing global remote workers staff to access company data and information reliably, securely and efficiently.

The company is now fully able to leverage the operational capabilities of the Microsoft 365 environment, driving their business forward in an ever-challenging environment.

Can Somniac help you materially improve your security posture? – get in touch

Case Study – SaaS Security Start-up

Somniac Security worked with a leading SaaS security provider to uplift their security posture leading to SOC2 and HIPAA compliance.

As a SaaS security provider, expectations of security best practice are high, and increasingly prospective clients were expecting them to demonstrate their commitment to cyber security through SOC 2 and HIPAA compliance.

As a growing start-up their systems, processes and procedures had grown organically and were in need of an uplift. There were also a number of controls that needed to be reviewed and remediated.

Somniac kicked off the engagement by making an inventory of all their systems, processes and policies, and any other security related collateral and artefacts that the company was using. Information was gathered from all parts of the business via conversations and interviews with staff across the organisation, discovery tooling and research.

By performing a gap analysis across the existing policies, we documented that although they had cyber policies, which were being used and enforced, they didn’t necessarily support the needs of the organisation. The analysis demonstrated that the scope needed to be updated to be applicable to where the company had grown to be. We also identified where some critical processes, such as the Joiners, Movers and Leavers process (JML) could be improved. Early during the engagement, it was decided that a SOC 2 Type 2 report was the core compliance framework that the provider needed to align to. Being a SaaS platform headquartered in the US, SOC 2 certification was essential as it provided the necessary security compliance, mirroring the importance of ISO 27001 in Europe. Later in the engagement HIPAA was also included as much of the groundwork for SOC 2 had already been completed so the additional costs to achieve HIPAA were minimal.

The Somniac team worked closely with the client to optimise their policies, processes and cyber controls to ensure they were aligned with their requirements. For example the JML processes were reviewed and updated to ensure that all systems were included, additional steps where added which captured that new starters had consumed the security policies and completed their security awareness training. Checks were also added to ensure the JML process was being effectively enforced. Uplifting processes in this way demonstrated good cyber practice and ensured they obtained their SOC 2 compliance.

After the Somniac team had completed their review and remediation work against the SaaS provider’s security management system, controls and policies – the external auditor was engaged. Following the review and sampling of the evidence, the external auditor issued the SOC2 Type 2 Report demonstrating the clients compliance whilst also maintaining Somniac’s 100% track record.

Since the audit was completed, the team at Somniac have provided periodic check-ins with the client, where we have observed that processes, procedures and policies continue to be followed resulting in a marked improvement in the client’s security posture.

By engaging with the team at Somniac, the vendor is leveraging an experienced, objective third party who are to provide an honest account of their cyber measures. Somniac was able to guide the client to take actionable steps to improve their cyber posture and processes, enabling them to achieve industry recognised compliance standards – which has in turn has made their products more marketable, to potential new and existing clients, by providing confidence that their services and data remain secure.

Can Somniac help you materially improve your security posture? – get in touch