Book a strategy Call

Unlock this content

To unlock this content please submit the form.

Yes, I want to unlock this content

Securing EKWB’s Digital Frontiers

EKWB is a global leader in high-performance liquid cooling, with 150+ employees operating across the EU, US, China, and Serbia. As international growth accelerated, their IT systems evolved organically – creating fragmented environments, unmonitored access, and over 100,000 exposed customer records that no one knew existed.

Get a Demo

Incident Response for EKWB

100,000+ Exposed Records Discovered and Secured

Benchmarked conducted a full security assessment of EKWB’s digital infrastructure in under three weeks – uncovering critical vulnerabilities across identity management, cloud platforms, and data governance that had accumulated silently during years of rapid international expansion.

KEY RESULTS:

100,000+ Exposed Records Secured Previously untraceable lead and customer records found in unencrypted spreadsheets, unmanaged CRM exports, and personal devices — now identified, classified, and protected.

4 Regions → 1 Identity System Siloed IT environments across the EU, US, China, and Serbia consolidated into a single centralized identity and access governance framework through Microsoft Entra ID.

30+ SaaS Tools Mapped & Rationalized A sprawling, undocumented application ecosystem — from AWS and Salesforce to MailerLite and Trello — fully mapped, integrated into SSO, and brought under policy enforcement.

How We Uncovered What No One Knew Was Exposed

EKWB designs and manufactures some of the world's most advanced liquid cooling systems. Their products are sold globally, their engineering is world-class, and their brand carries authority in a demanding technical market.

But behind the product, their IT infrastructure told a different story.

The Problem

Growth Without Governance

EKWB scaled fast - from a Slovenian startup to a multi-region operation spanning four countries. At every stage, teams adopted whatever tools worked: AWS here, Office 365 there, Google Sheets for leads, Salesforce for some sales teams, MailerLite for marketing, Asana for project management. No one designed this ecosystem. It just happened.

Incident Reponse:

By the time Benchmarked was engaged, the consequences were serious:

  • No centralized identity governance. Employees were onboarded and offboarded in isolated systems. When someone left, their access often wasn't revoked - across any platform.
  • Shared administrator accounts with generic passwords. Critical business functions - including sales, support, and cloud infrastructure - were accessed through common email inboxes with no individual accountability.
  • Zero MFA enforcement. AWS, Office 365, Magento, Salesforce, MailerLite, Asana - all accessible with a password alone. No conditional access. No risk-based authentication.
  • 100,000+ customer and lead records exposed. Sensitive data sat in unencrypted Google Sheets, unmanaged CRM exports, and on personal devices - with no classification, no access controls, and no audit trail. A GDPR and CCPA liability hiding in plain sight.
  • No security monitoring. No SIEM. No threat detection. No audit logging. If an account was compromised, no one would know.
  • 30+ SaaS applications with no central visibility. Duplicate tools, orphaned subscriptions, and shadow IT across every department.

This wasn't negligence. It was the predictable result of fast growth without a security-first operating model. And it left EKWB exposed to data breaches, regulatory penalties, reputational damage, and account hijacking - all at once.

The Real Risk

Everything Was on the Line

Together, these gaps created a compound risk that extended well beyond IT:

  • Data breach exposure - 100,000+ records with no encryption, no access controls, and no visibility into who had touched them
  • Regulatory non-compliance - GDPR and CCPA violations waiting to be triggered by a single incident or audit
  • Privileged account takeover - shared admin credentials across production systems meant one compromised password could cascade across the entire infrastructure
  • Operational disruption - no standardized onboarding or offboarding meant new hires waited days for access while former employees retained it indefinitely
  • Brand and customer trust - EKWB's reputation as a premium, engineering-driven brand was underpinned by digital infrastructure that didn't match the standard

The Solution

Security-First Realignment in Under Three Weeks

Benchmarked deployed a focused assessment team that moved fast — completing a full security audit, application mapping, identity governance review, and remediation roadmap in under three weeks.

This wasn't a generic checklist. Every recommendation was tailored to EKWB's actual workflows, team structure, and budget.

1: Identity & Access Governance

  • Designed and proposed a centralized identity framework built on Microsoft Entra ID - replacing fragmented, region-specific identity systems with a single management plane
  • Full audit and revocation of all unauthorized and shared credentials
  • Mandatory MFA enforcement across 100% of critical platforms: AWS, Office 365, Magento, Salesforce, and all integrated SaaS tools
  • Centralized account provisioning and deprovisioning — eliminating the gap between HR actions and system access
  • Role-based access controls (RBAC) implemented to enforce least-privilege principles across all environments

4: Threat Detection & Security Monitoring

  • Configured Microsoft Sentinel for real-time monitoring of authentication anomalies, privilege escalations, and suspicious activity across AWS, O365, and Magento
  • Established baseline behavioral analytics to detect deviation from normal access patterns
  • Deployed Microsoft Defender for Endpoint across all managed devices
  • Implemented endpoint compliance policies through Microsoft Intune — bringing all devices under policy enforcement

5: Cloud Governance & Cost Optimization

  • Deployed Azure Policy for resource governance — preventing unauthorized service deployment and resource sprawl
  • Implemented budget alerts, consumption reporting, and cost allocation tagging
  • Delivered Azure cost optimization recommendations that contributed to measurable infrastructure savings

2: Data Discovery & Classification

  • Identified and catalogued 100,000+ exposed customer and lead records across unmanaged spreadsheets, CRM exports, and personal devices
  • Mapped data flows across all business units and regions to establish a clear picture of where sensitive information resided
  • Introduced Data Loss Prevention (DLP) tooling to prevent future uncontrolled data sprawl
  • Provided a clear path toward GDPR and CCPA compliance readiness

3: Application Ecosystem Mapping & Rationalization

  • Mapped 30+ SaaS applications across all departments — identifying redundancies, orphaned subscriptions, and ungoverned tools
  • Integrated third-party services (Salesforce, MailerLite, Trello, Asana) into Entra SSO with conditional access policies
  • Eliminated duplicate tools and unnecessary licenses — contributing to a 35% reduction in IT costs
  • Created a living application inventory with ownership, access policies, and renewal tracking
EKWB

The Results

  • 100,000+ previously exposed records identified, classified, and secured — eliminating a critical GDPR/CCPA liability
  • 4 regional IT environments consolidated into a single identity and access management framework via Microsoft Entra ID
  • All shared administrator accounts eliminated — replaced with individual, MFA-protected, role-based access across every critical platform
  • 30+ SaaS applications mapped, rationalized, and integrated into centralized SSO with conditional access
  • 35% reduction in IT costs through tool consolidation, license optimization, and cloud governance
  • Real-time threat visibility established via Microsoft Sentinel — replacing zero monitoring with continuous detection
  • Endpoint compliance enforced across all devices through Intune — bringing unmanaged hardware under policy control
  • Onboarding/offboarding standardized — from days of manual setup and forgotten revocations to automated, zero-touch provisioning
  • Full assessment, mapping, and remediation roadmap delivered in under 3 weeks

Talk to a benchmarked Expert

logo-disney
logo-sidra
33
logo-ejet
22
logo-inn
logo-margento
logo-rmi
Book a free strategy call
false

↳ Cyber Control

Take control over your Cyber Security, Compliance & IT

↳ Cyber MBA

Build awareness, strengthen human defense, and develop cyber talent.

↳ Cyber Partner

Co-build new products and ventures. Turn ideas into scalable businesses with speed and precision.

↳ Explore All Divisions

Explore our ecosystem of solutions.
Book a strategy Call