Real engagements. Real outcomes. No marketing fiction.
Every case study on this page represents a real client engagement — a real problem, a real architectural decision and a measurable outcome. Client names are withheld by agreement. Everything else is exactly as it happened.
Financial Services
Manufacturing
Maritime
Government
Industrial
Technology
Financial Services · Identity Governance · Microsoft Entra ID · SCIM · Hybrid Identity · JML Process)
A Greek financial institution was managing its entire joiner, mover and leaver process manually — slow, error-prone and consistently flagged in internal and external audit findings. Access provisioning took days. De-provisioning was inconsistent and incomplete. Stale accounts belonging to former employees and contractors remained active long after departure — each one a potential entry point for credential-based attack.
Auditors requesting access data faced a time-consuming, manual exercise that produced point-in-time snapshots rather than accurate current state. The compliance team had no continuous visibility into who had access to what across cloud and on-premise applications. Every audit cycle began with a scramble to assemble access data that should have been available on demand.
The situation:
The institution needed a fully automated identity lifecycle across both cloud and on-premise applications — without disrupting live operations or compromising the audit trail that regulators required. The solution had to integrate with existing HR systems, provision and de-provision access automatically across all applications, and give auditors real-time access data on demand. Critically it had to be operationally sustainable for the internal IT team responsible for maintaining it after implementation.
What we did:
We redesigned the complete IGA process on Microsoft Entra ID — implementing automated provisioning and de-provisioning workflows using SCIM integration for cloud applications and Entra writeback for on-premise resources.
Role-based access control was redesigned from the ground up. Birthright access rules were defined and enforced from the moment a new identity was created — employees, contractors and partners each receiving only the access their role required. Nothing more.
Mover scenarios were automated to adjust access rights immediately and completely on role change — eliminating the privilege creep that had accumulated over years of manual transitions. Leaver de-provisioning was made fully programmatic — triggered automatically, removing all access across cloud and on-premise systems simultaneously. No manual dependency. No visibility gap. No stale accounts.
Continuous access reviews were implemented to maintain ongoing compliance posture between audit cycles — giving the compliance team real-time visibility into the access state of every identity in the environment.
The outcome:
· Automated provisioning eliminated the manual access backlog entirely — end-users received correct access on day one without waiting for manual processing
· De-provisioning became immediate and programmatic — no stale accounts, no orphaned access rights, no former employee credentials remaining active
· Auditors retrieve accurate, current access data within minutes — not days of manual assembly
· Compliance posture is continuously evaluated in real time — not reconstructed at each audit cycle
· Audit findings related to access governance were eliminated
· IT team operational burden reduced significantly — access management became a governed, automated process rather than a manual daily task
--------------------------------------------------------------------------------
Maritime · Azure Architecture · Infrastructure Assessment · Landing Zone Design · Security Hardening
A global maritime group operating across multiple international jurisdictions was preparing to move a critical workload to Azure production. Before go-live, the organisation wanted an independent assessment of their Azure security posture — not a vendor-led review, but an objective, architecture-level evaluation of whether the environment was ready to host production workloads securely.
The situation:
The stakes were significant. A maritime operator running critical workloads on a misconfigured cloud environment faces risks that extend far beyond data loss — operational disruption, cargo management failures and regulatory consequences across multiple jurisdictions. Getting the security foundations right before production was not optional. It was a business continuity requirement.
What we did:
Nimbus Cyber conducted a comprehensive Azure Security Optimisation Assessment using a combination of automated posture evaluation, manual configuration review and best-practice benchmarking against Microsoft Defender for Cloud, CIS guidelines and Azure Well-Architected security principles.
The assessment evaluated risk holistically across six domains:
Identity & Access Management — every identity with access to the Azure environment reviewed. Over-permissioned roles, standing admin access, orphaned accounts and unreviewed service principals identified and prioritised. This domain produced the highest concentration of critical findings — consistent with what we see across every cloud environment we assess.
Network Security — network architecture reviewed against Zero Trust principles. Exposure points identified, segmentation gaps documented and misconfigured network security controls flagged for immediate remediation.
Data Protection — data exposure risks assessed across storage accounts, databases and connected services. Encryption posture and sensitivity controls evaluated against the organisation's data classification requirements.
Workload Configuration — compute resources, container services and platform components reviewed against secure-by-default and defence-in-depth principles. Default configurations that had never been hardened were identified across multiple services.
Governance & Compliance — cloud governance framework assessed for completeness and operational maturity. Policy enforcement, resource tagging, cost management controls and compliance monitoring coverage evaluated.
Monitoring & Detection — logging coverage, detection capability and operational readiness assessed. Backup, disaster recovery and lifecycle management reviewed for completeness and tested recoverability.
Controls that were partially implemented or inconsistently applied were treated as providing reduced — not eliminated — protection. Every finding was categorised by severity and mapped to business impact, considering both likelihood of exploitation and potential consequences to confidentiality, integrity, availability and regulatory compliance.
A prioritised findings report and structured remediation roadmap were delivered — every finding ranked by severity and business impact with clear ownership, realistic timelines and measurable outcomes.
The outcome:
· Overall cloud security posture improved by over 45% within weeks of the assessment
· Critical workload launched into a hardened, governed production environment — not a default-configured one
· Identity and access findings — the highest-risk category — fully remediated before go-live
· Remediation roadmap provided clear sequencing for the internal team — no ambiguity about what to fix first and why
· Organisation entered production with confidence in their security posture rather than discovering risks after launch
· Assessment findings provided a baseline for ongoing security posture monitoring and continuous improvement
Manufacturing & Industry · Zero Trust · Cloud RBAC · Privileged Access · MDM · Patch Management · Entra PIM
A Greek manufacturing group had accumulated years of uncontrolled Azure role assignments — no least-privilege discipline, no governance model and widespread standing admin access across the cloud estate. RBAC had grown organically through project-by-project access grants that were never reviewed, never scoped correctly and never removed when no longer needed.
At the same time, the organisation's endpoint estate of over 1,000 devices had no modern device management framework in place. Patch management was manual, inconsistent and dangerously slow — leaving systems exposed to known vulnerabilities for weeks or months after patches were available. The combination of ungoverned cloud access and an unpatched endpoint estate created a risk profile that was both wide and deep.
The situation:
The organisation needed three things simultaneously — a governed cloud access model built on Zero Trust principles, elimination of standing privileges across all administrative roles, and a modern device management and patch automation framework that could operate at global scale across a diverse endpoint estate. Each workstream was significant on its own. Delivering all three in a coordinated sequence without disrupting global manufacturing operations required precise architecture and disciplined implementation.
What we did:
Cloud RBAC Redesign & Zero Trust Implementation
We conducted a full assessment of the existing Azure RBAC model — mapping every role assignment, identifying over-permissioned accounts, orphaned assignments and standing admin access that had never been governed. The existing model was redesigned from the ground up against least-privilege principles.
All privileged users were moved to Microsoft Entra Privileged Identity Management — eliminating standing admin access entirely. Just-In-Time access controls were implemented across all administrative roles with approval workflows, justification requirements and automatic expiry. No admin account retained permanent elevated access after implementation.
A Zero Trust access model was designed and implemented — every privileged action time-bound, purpose-driven and fully auditable. The resulting architecture passed subsequent internal audit review without findings.
Modern MDM Deployment — 1,000 Endpoints
We designed and deployed a modern Mobile Device Management solution across the organisation's full 1,000-device estate — fully aligned with Zero Trust security principles. Device compliance policies were implemented as a condition of access — no compliant device, no access to corporate resources regardless of user credentials.
Automated Patch Management
We implemented automated patch management covering both Microsoft and third-party applications across the entire endpoint estate. Using heavy automation and a structured patch sequencing model, the time to patch systems was reduced from weeks or months to a matter of days — dramatically closing the vulnerability exposure window that attackers rely on between public disclosure and exploitation.
The outcome:
· Standing privileges eliminated across the entire Azure cloud estate — all administrative access moved to Just-In-Time via Entra PIM
· Zero Trust access model implemented and passed internal audit review without findings
· Modern MDM solution deployed across 1,000 endpoints — fully aligned with Zero Trust security principles
· Device compliance enforced as a condition of access — ungoverned devices cannot reach corporate resources
· Automated patch management implemented for Microsoft and third-party applications across the entire estate
· Time to patch systems reduced from weeks or months to days — vulnerability exposure window dramatically reduced
· Global manufacturing operations maintained throughout implementation — no operational disruption
Recognise your situation in one of these cases? Let's talk about yours.
Every engagement starts with a conversation. If any of these cases reflects a challenge your organisation is facing — or one you want to avoid — book a free Security Discovery Call with Kostas. No generic advice. No templated assessment. A focused discussion about your specific situation and what the right approach looks like for your environment.
A focused conversation about your security situation. No commitment required. Available in English and Greek across Europe.