Capricorn Energy tightens security with Microsoft-first partner
Oil & gas leader improves NIST rating and reduces risk.
Published: 8th June 2023
Headquartered in Edinburgh, UK, Capricorn Energy is one of Europe’s leading independent upstream energy companies with a history stretching back to 1980. The international business has an outstanding track record of discovering and extracting oil and gas from locations in Europe, the Americas, Asia and Africa.
During more than five years of collaboration, Capricorn Energy and Quorum Cyber have grown together, steadily strengthening the energy company’s cyber security within budget and reducing their risk exposure while they’ve operated in challenging offshore environments around the globe.
In 2020, the company was ready to entrust Quorum Cyber’s Security Operations Centre (SOC) team to provide its Microsoft Sentinel Managed Detection & Response (MDR) service for three years.
Microsoft security top of the wish-list
One attraction for Capricorn Energy was to partner with a company based in the same city for relatively easy access to Quorum Cyber’s growing team of experts. Another big plus was to work with a Microsoft-only cyber security specialist that continually invested in its employees’ training and development alongside its day-to-day focus on safeguarding the energy firm’s complex and ever-evolving IT system.
“Being a Microsoft-first cyber security company is really important for us and one of the key things that mattered when we searched for a partner,” explains Nick Mier, Group Head of Information Technology and Cyber Security for Capricorn Energy. “We are very much Microsoft-first when it comes to security and that’s one of the key things that Quorum Cyber has. It’s essential to us that they manage their security via Microsoft Sentinel.”
In addition to the MDR service, which the SOC team runs 24/7, 365 days a year, Quorum Cyber provides vulnerability management and phishing simulation services and Security Director as-a-Service.
Education is key
While Quorum Cyber’s team members have deep experience in Microsoft Security technologies, at its heart cyber security is really about risk management and, therefore, very much about people. That’s why educating customers’ employees is so important and why this has been a key focus during the relationship.
“Our team members are now very cyber aware,” adds Nick. “Improved education in cyber awareness has definitely come through the partnership, although there’s always more to do.”
As part of their contract, Capricorn Energy benefits from receiving regular service reviews, useful and timely threat intelligence reports, vulnerability management meetings, and practical advice to improve their quality of signals and data quality.
Achieving cyber maturity
“While we’ve been maturing as a company, our relationship has matured along the way, so that’s definitely been beneficial,” says David Malone, Capricorn Energy’s IT Service Delivery Manager. “Over the last 18 months we’ve had a seismic shift in terms of the maturity of the relationship and that’s good for both parties.”
Despite the steady improvement in their security posture, the company is determined not to let their guard down in an increasingly unpredictable digital environment. “Going forward, our goals are to achieve a higher score in the US National Institute of Standards and Technology (NIST) cyber security framework by the end of 2024 and to focus on automation,” Nick says. “While partnering with Quorum Cyber we’ve doubled our score in the past three years. We also aim to tighten up on data security and insider risk.”