Project Details

Hybrid Access & Security Modernization

Client: National Education Nonprofit Organization
Location: Ontario HQ + Distributed Remote Staff Across Canada
Duration: 4 Weeks | Team Size: 2 Network & Security Engineers

Overview:

To support a growing remote workforce and improve compliance posture, this project involved a complete redesign of the client’s remote access infrastructure. The goal was to enable secure hybrid work across a distributed team of educators, administrators, and support staff—while aligning with PIPEDA compliance and enforcing strong authentication and endpoint security standards.

Key Deliverables:

  • SSL VPN Implementation via FortiGate with RBAC Enforcement:
    Configured FortiGate SSL VPN to support secure remote access, with role-based access controls (RBAC) mapped to Entra ID (Azure AD) groups. This ensured that staff could only access the resources relevant to their roles.
  • MFA Enforcement with FortiAuthenticator + Azure AD Integration:
    Integrated FortiAuthenticator to enforce multi-factor authentication (MFA) across all remote access attempts, leveraging Azure AD identities and existing security workflows.
  • Endpoint Hardening via Microsoft Intune:
    Applied security baselines through Microsoft Intune for all devices connecting to corporate resources. Policies enforced BitLocker encryption, firewall activation, Windows Defender status, and patch compliance.
  • User Security Awareness Program (KnowBe4):
    Deployed a full phishing simulation and training program using KnowBe4, targeting all remote staff. Included tailored training modules and periodic simulated phishing campaigns to improve security awareness.
  • FortiAnalyzer Integration for Real-Time Alerting:
    Integrated FortiAnalyzer with VPN and firewall logs, setting up automated email alerts for unusual login patterns, geolocation mismatches, and brute force attempts.

Business Impact:

  • 100% of staff onboarded to the new hybrid access platform with no downtime or service disruption.
  • Achieved compliance alignment with PIPEDA, with enforceable access controls, endpoint protection, and user awareness training.
  • Improved threat detection and incident response via unified visibility across VPN, firewall, and endpoint telemetry.
  • Strengthened remote work posture, enabling the organization to confidently scale hybrid work long-term.

© Copyright 2025 Techbison All Rights Reserved

Designed & Developed By Convirzon