be-nz logo
Story image

Case study: How Pattern helped SimTutor secure online education

29 Mar 2021

When online education provider SimTutor experienced a major uptick in growth, it found that many customers - especially healthcare education firms in places such as the United States - were concerned about the security and privacy of student information.

SimTutor provides a software-as-a-service (SaaS) solution designed for online healthcare education and e-learning content creators.

With a small team and a global pandemic causing a huge surge in online learning, the company realised that with growth comes many more sales and customers, all of whom need to be protected with more robust cybersecurity.

The company had also been running its services on Microsoft Azure for the past eight years, with support from Azure Security Center over the last six months.

This growth came, in part from COVID as online learning became the primary way of continuing education online. For SimTutor, it meant the company experienced a spike in product adoption, with traffic levels across the company’s Azure infrastructure spiking a whopping 20x above normal levels.

COVID, and the rapid rush to online services, provided SimTutor with a timely reminder about the importance of security.

Last year SimTutor and its US-based auditor embarked on a mission to achieve SOC-2 Type II security certification, all whilst managing a busy service period. 

SimTutor's first step was to understand its security strong points and weak points so that it could build a path to strengthening its security posture.

The company selected Pattern, an Auckland-based IT services firm that has worked with some of New Zealand's most recognisable customers such as Bay of Plenty Regional Council, Coastguard, Hutchwilco, and TR Group.

SimTutor worked closely with Pattern's team to ensure all of its Microsoft Azure cloud infrastructure was properly configured and secured in line with the SOC-2 Type II audit standards. 

Pattern used Azure Security Center to identify and remediate weaknesses in its infrastructure, ultimately achieving compliance within just three months. 

Pattern cofounder and director Jamil Geor explains, "By using Azure Security Center, we were quickly able to identify what work needed to be done in order to achieve audit compliance, and once we had achieved those goals, we were able to get through the audit process in a fraction of the time that it would typically take an organisation."

Geor says that every business needs to consider their current cybersecurity position - and it's something that needs to be regularly assessed and actively managed.

"I think a lot of small- to medium-sized businesses shy away from taking a more active approach to the security of their organisations, and I think that is a lot to do with perceived costs associated with running a full-scale security program.  The reality is that taking some basic steps to improve an organisation's security position doesn't need to be expensive, and the cost of not doing anything can be devastating to a business."

Pattern created a free cybersecurity assessment tool to help organizations identify what their current security position looks like, as well as what steps they need to start looking at to fill the gaps.

"Once a company has completed the survey, they will also receive a free one-on-one consultation to talk through their results."

Find out more about Pattern's cybersecurity self-assessment offering here.