Our Security and Managed Services teams audited the implementation of Microsoft Active Directory across all HSH properties’ migration to Cloud Computing

About Hongkong & Shanghai Hotels

The Hongkong & Shanghai Hotels, Limited (HSH) was incorporated in 1866 and is listed on The Stock Exchange of Hong Kong (00045).

HSH is the holding company of a Group which is engaged in the ownership, development and management of prestigious hotel, commercial and residential properties in key locations in Asia, the United States and Europe, as well as the provision of transport, club management and other services.

The hotel portfolio of the Group comprises The Peninsula Hotels in Hong Kong, Shanghai, Beijing, New York, Chicago, Beverly Hills, Tokyo, Bangkok, Manila and Paris (opening in 2013).

The property portfolio of the Group includes The Repulse Bay Complex, The Peak Tower and The Peak Tramways, St. John’s Building, The Landmark in Ho Chi Minh City, Vietnam and the
Thai Country Club in Bangkok, Thailand.

Challenge

The HongKong and Shanghai Hotels Limited (HSH) have recently implemented their Cloud Computing strategy on their IT infrastructure. One part of the implementation is to place Microsoft’s Active Directory (AD) authentication solution between the Data Centers, in both the US and Hong Kong and in individual hotels for failover capability.

HSH contracted NetSwitch to provide an audit for the AD solution to review for discrepancies on the implementation compared to the original design and identify any potential security risks from deployment.

HSH also wanted recommendations on policy/security standardization for integration in end-user devices, cloud applications and access management.

Solution

Netswitch reviewed the blue print against Microsoft best practices implementation to identify any potential issues, verified current implementation plans against the design blue print to identify any gaps, verified current topology to ensure the current infrastructure can sustain future growth to on premises and cloud services, and verified policies and procedures to identify any security deficiencies that may exist.

We also ran domain diagnostics, analyzing the state of domain controllers in a forest and reporting any errors resulting from the implementation, verified replication and network connectivity among domain controllers and conducted performance evaluation on the replication schedule, verified trust relationships with the federation service for cloud services, and security implementation and policies to insure against intrusion and wrongful user rights escalation.

Our team also evaluated and performed real world testing against high availability implementation and usability during a network outage event on remote sites, and provided reports on the audited gap analysis and recommendations to mitigation.

Value

As Active Directory is a significant function of authentication, Netswitch provided our expertise to ensure the “Blue Print” was deployed according to the guideline by Microsoft, and provided additional recommendations to enhance their security, focusing on the Domain Controllers and Active Directory to align with HSH’s Cloud Strategy.