Kier builds foundation for profits

International building company Kier Group has outsourced its security management to save money and deliver a uniform security...

International building company Kier Group has outsourced its security management to save money and deliver a uniform security product across its disparate operations.

As a leading international building and civil engineering contractor, Kier Group employs 7,000 people worldwide and has an annual turnover of over £1.4bn. 

Kier’s growth has been achieved organically and by acquisition. This has led to the existence of many autonomous companies, each with its own IT system, and Kier needs complete collaboration across these national and regional companies.

Kier Group IT director Terry Walker, said, “The nature of the construction industry dictates that employees of Kier are often remote from headquarters. They often find themselves working from temporary sites with a limited IT infrastructure. 

"This can also mean working in very difficult and ‘hostile’ environments so the systems they use and the process for accessing our network must be simple, stress-free and reliable.”

Walker reveals that the previous system of a basic managed dial-up service from BT with user authentication based on standard passwords was becoming increasingly vulnerable, was difficult to manage, and would no longer scale up to the challenge.

“Our old system was vulnerable from a password usage perspective. Passwords are inherently weak as an authentication tool but it was just too difficult for us to change. 

"Our internal helpdesk were struggling to manage password resets and we knew that many users’ passwords were easy to guess, this was a major point of vulnerability,” said Walker.

After comparing the costs and overheads of managing an in-house RSA SecurID token system against a fully managed RSA service from Signify, Kier decided the managed service route was the only viable way to go.

Walker said, “With an in-house authentication service we realised we would need to train our already overstretched IT team on new technology, and we’d have the logistical burden of rolling out security solutions to a widespread user base and also the need to provide those users with ongoing 24x7 support. 

"It would have been a challenge for us to offer this when we should be concentrating on ‘our day jobs’."

This article was part of Computer Weekly's managed services business channel, sponsored by Computacenter.


Read more on IT risk management