Challenges
The main issue the team discovered was incomplete control over which devices and applications could access corporate resources. In particular, the lack of restrictions meant that devices that didn’t meet internal security expectations could still connect.
Related issues showed that old, unused devices and inactive user accounts were still connected to the environment. This made it hard to tell which systems and users were actually in use and which could give an attacker a hidden way in.
The review also found weaknesses in how devices and endpoints were protected during daily operations.
Some of the problems included:
- Missing security for data stored on mobile devices
- No intrusion detection or response on endpoints
- Poor controls over which apps could be installed
All of this added to the concern that the company couldn’t fully trust its devices to safely handle sensitive work.
Objectives
The client wanted a clear picture of how their systems looked from a cybercriminal’s point of view. They aimed to understand how exposed important entry points or applications were, whether user access and sessions were secure, and which vulnerabilities posed the biggest risks and needed to be fixed first. Overall, the company was looking for real-world insight into their exposure and straightforward guidance on what to fix and in what order.
Services Provided
The main service provided by CyberGlobal was a cloud security assessment, focusing on:
- Finding security weaknesses in access control
- How applications behaved
- How data could be exposed or misused
The team researched how easily critical areas could be discovered or exploited from the outside and how system settings affected the safety of sensitive operations.
Execution and Outcomes
The engagement focused on the company’s real attack surface within its cloud-managed device environment. CyberGlobal reviewed how devices were added, categorized, and given access, as well as how policies controlled which devices and apps could connect to company resources.
The engineers also looked at how access to critical systems looked from the outside by checking whether any connected device was automatically trusted or if specific conditions had to be met.
They found that devices not meeting internal security standards were still able to access company systems, and no strong security measures were in place to block them.
At the same time, the assessment reviewed the overall health of devices and user accounts.
Additional issues were flagged, including:
- Devices that were no longer in use
- Inactive user accounts
- Missing protections for stored data
- Lack of endpoint monitoring
These findings pointed to a core problem, namely that the system wasn’t doing enough to separate trusted devices from untrusted ones. The team showed how the lack of restrictions on non-compliant devices could let unapproved or poorly protected equipment open the door to unauthorized access.
By the end of the engagement, the organization had a much clearer view of its main vulnerabilities, especially around device trust and access.
Solutions
CyberGlobal recommended tightening control over which devices are allowed to access company systems. This included:
- Enforcing policies that block any device that doesn’t meet defined security standards
- Ensuring that only properly configured equipment can connect
This directly addressed the risk of non-compliant devices becoming easy entry points and helped rebuild trust in how devices are managed.
To support this, the team also advised better management of inactive devices and unused user accounts.
Regularly removing or disabling long-unused assets reduces the number of potential backdoors. This also improves visibility, making it easier to track who and what is connected at any time.
Furthermore, CyberGlobal recommended stronger security directly on the devices.
This included:
- Adding consistent protection for stored data
- Installing endpoint intrusion detection and response tools
- Restricting app installations to approved software
These steps strengthen the overall device setup, making it harder for compromised or poorly managed devices to cause deeper damage.
Together, these changes can help create a more secure, consistent environment where users and devices follow clear, enforced rules.
Results
By addressing the identified issues, the client can greatly reduce the chances of unapproved or poorly protected devices trying to access company systems. Stronger controls over devices, user accounts, and endpoint protection help to prevent unauthorized access, and boost the security of cloud-managed environments in industries that handle sensitive data.
CyberGlobal continues to be a trusted partner for organizations in Germany’s nuclear fusion sector looking to strengthen their cloud and device security. Similar firms are encouraged to assess their own security setup, check how devices and access are managed, and fix any weaknesses before they can be exploited.