Blog
Heavy-duty cloud infrastructure for swa
From hydroelectric power and drinking water to public transport and the internet – as municipal service providers, municipal utilities play a key role in public infrastructure and basic services. In Augsburg, this means that citizens and customers come into contact with them countless times every day. Stadtwerke Augsburg (swa) sees its mission as continuously improving the quality of life for people in and around Augsburg. To provide services of excellent quality while optimally protecting all the data generated, swa and its IT partner Skaylink have set out to build a state-of-the-art cloud infrastructure.
About 350,000 people use multiple services provided by swa every day. As the third-largest utility company in Bavaria, swa covers areas that include energy, water, transportation and other services like telecommunications. More than 2,000 employees ensure that water and biomass power plants run smoothly, expand the fiber-optic infrastructure and maintain buses and trams.
The number of digital services and apps available to customers and citizens for easy access is accordingly large. Employees also use a number of applications internally at swa: for example, one that measures the wear on tram tires in order to reduce maintenance costs. The result is a heterogeneous IT landscape with numerous interfaces. To protect this highly complex infrastructure and the data it generates in the best possible way, swa needs flexible, responsive IT that is always on the leading edge of technology. Together with Skaylink, the municipal utility tackled three main objectives:
Objective 1: Collaborate efficiently regardless of location
Within the organization, there are many people for whom flexible access to the IT infrastructure is extremely important. COVID-19 made the need for flexible solutions that also allow employees to work on the go or from home more important. swa decided to gradually move away from traditional on-premises tools and standalone solutions. The utility wanted to create a modern, digital work environment. Microsoft 365 was chosen for its wide range of tools and high level of integration with third-party solutions. The features available with the solution also matched the other two goals – migrating to the cloud and modern security from a single source.
Skaylink’s strategic approach and experience meant that the switchover was seamless and completed in no time. The basic features of the new infrastructure were in place after just six months. And that despite the fact that new apps also had to be launched or even completely reconfigured.
But the migration to Microsoft 365 was just the beginning.
Objective 2: Shift to the cloud
“We need proven models that always give us access to the latest functionalities.”
Microsoft 365 tools have become the standard in the global economy. And with their many centralized tasks, municipal utilities simply have to follow suit.
Microsoft covered all the bases we needed at swa, including excellent security tools. A total of 1,600 users and their mailboxes were migrated to the Microsoft cloud with the help of Skaylink.
Objective 3: Security from a single source
Jürgen Haßlauer, principal consultant at Skaylink, emphasized the importance of making full use of the numerous security features already included in the Microsoft 365 licenses purchased by swa. They can be used to provide significantly better protection for the environment without incurring additional costs for additional third-party products.
The first step was to set up a hybrid identity configuration. The identity information maintained in the on-premises active directory (AD) is synchronized with Entra ID Connect in Entra ID. With its single sign-on capability, Entra ID ensures that there is only one unique identity per employee, regardless of whether they are using a third-party app, joining a Microsoft Teams call remotely or using their devices for work.
It is vital to regularly and proactively check the AD configuration in terms of security. To do this, the Skaylink experts evaluated the configuration using PingCastle and Purple Knight multiple times and verified the AD password quality with DSInternals. Next, the Microsoft Defender for Identity and Microsoft Entra Password Protection for AD features included in the Microsoft 365 licenses were rolled out to provide continuous verification. Access to Microsoft 365 services is based on the zero trust principle. Conditional access rules control the use of multifactor authentication. swa implemented the Microsoft Authenticator App as part of the project. Additionally, Identity Protection analyzes potential risks (atypical/impossible travel, password spraying, leaked credentials, etc.) upon access and automatically prevents them where possible.
Corrupted accounts can be quickly and easily recognized and deactivated. “This has helped us to fend off the odd attack or two,” said Lachenmayr.
In collaboration with swa, the experts from Skaylink integrated Exchange Online into the existing mail routing architecture and configured Microsoft Defender for Office before the migration to Exchange Online. Exchange Online Protection and Defender for Office can detect threats in email attachments and prevent access to potentially malicious websites as soon as a link in an email or document is clicked. Protection against phishing attacks by e-mail has also been improved.
After migrating to M365 Exchange Online, swa switched to Microsoft Defender for Endpoint and quickly got a comprehensive overview of their large application landscape. Defender captures the entire infrastructure and inventory, quickly identifying vulnerabilities and reporting them in auto-generated reports. swa can now intervene where it is needed. Using the attack vectors highlighted by Defender, it is possible to fully retrace attack chains. “This is an enormous added value for us,” said Lachenmayr.
With Microsoft Defender for Endpoint, swa has also opted for a cloud-based virus protection solution. “An on-premises scanner can no longer meet today’s challenges,” explained Lachenmayr. Top security requires an external perspective with systematic analyses and reports. Microsoft offers high-quality solutions and the best compatibility with other providers.
Positive side effects
The new security solutions have even enabled swa to identify vulnerabilities at service providers and respond quickly to them.
Less time for more work – a familiar problem for most companies today. swa employees appreciate the freedom that Microsoft 365 offers them with Microsoft Teams, such as working from home or on the go. These tools make work easier by automating processes and supporting short lines of communication and information.
“Without Skaylink, with its experience and expertise, none of this would have worked.”
swa praises the considered approach of the cloud specialists in particular: everything was analyzed extensively in advance. Before new features were implemented, Skaylink demonstrated them in a test lab. They discussed the configuration steps and how to manage the feature. This is why it was implemented in the productive environment at swa almost without a hitch. “We invested our time well. I can recommend this strategy to everyone.”
Skaylink will also be involved in the next steps towards the cloud. In the future, swa wants to control its internal knowledge management via SharePoint Online and with the help of chatbots. But there is more: the municipal company has ambitious plans. It will use Power Apps and Power Automate to further automate processes and reduce the workload on employees accordingly. AI is also in the mix. Copilot for Microsoft 365 and Copilot Studio will be used more often.
“We want to fully exploit the potential of the technology we have,” said Lachenmayr in summary. Skaylink helps swa to do exactly that – and thus provide citizens and customers with a safe, service-oriented infrastructure..
Brief summary of the project
Organization:
Stadtwerke Augsburg (swa)
Challenges:
As the third-largest utility in Bavaria, swa and its more than 2,000 employees provide services in the areas of energy, water, mobility and communication to around 350,000 people. Smooth operations and the optimum protection of all data and infrastructures are therefore the most important issues and an ongoing concern in IT.
Solution:
The experts from Skaylink took the time to thoroughly analyze the highly complex infrastructure, making the phased transition to Microsoft 365 and unified cloud security virtually seamless. Microsoft 365 simplifies collaboration among employees and the security features help swa’s IT team to manage a secure environment.
Other successful projects from Skaylink
Asambeauty – Headless in the AWS cloud
moovin – a PropTech company in the AWS cloud
