Cloud security

Bapco is Bahrain’s premier oil company as well as running petrol stations across the Kingdom. As part of their transformation and modernisation plan, Bapco retail is introducing a new ERP system that can help them manage the complex workflows involved in running their petrol stations. 

Bapco have a strong desire to follow the iGA’s principles on cloud and adopt a cloud native solution. However they have a skills gap when it comes to understanding security and operational best practices for running services like ERP on the cloud. Bapco approached drie to provide technical input to their RFP for a new supplier for the ERP system, with a specific remit to help Bapco select a supplier that can deliver a secure, cost effective and operationally efficient cloud based system.

Members of the drie team worked with the Bapco team to rewrite the technical, security and cloud requirements of their RFP so that they could select a vendor that would deliver the solution they need. drie consultants drew on knowledge of the UK government’s Cloud Security Principles and the US NIST principles to identify key requirements that any cloud supplier would have to meet to deliver a solution that could secure Bapco’s sensitive customer and payments data in the system. The RFP has been issued and Bapco are selecting a supplier with the additional rigour and knowledge that drie has been able to provide in the RFP design process.

The drie team also worked closely with the Bapco team to refine and iterate on the organisation’s data security policies. The two teams worked together to devise a set of policies that provided both a data classification and control framework for data handled by Bapco but also including a practical way that Bapco could enact the policy, making it something that the organisation could more easily adopt internally.