Todd Corporation (Todd) plays a vital role in New Zealand’s infrastructure through its energy businesses, Todd Energy and Nova Energy. With such critical infrastructure, it was equally critical to evolve its cybersecurity environment in a world of rapidly evolving cyber threats. With Microsoft’s Extended Security Suite integrated across its infrastructure in a way never before seen in New Zealand, Todd now has world-class protection, enabling better planning and innovation.
The key issue Todd faced was fragmented legacy systems which made it challenging to detect and respond to emerging threats in the moment. At a time when threats were growing, that posed significant risks to the business and New Zealand’s energy infrastructure. It also meant Todd Corporation couldn’t plan effectively.
“You can only plan for things you know about,” explains Reghann Coetsee, Security Lead at Todd. “Instead, there was a lot of time and energy spent maintaining these legacy systems. We also didn’t have the functionality we needed to respond to threats immediately.”
Seeking a modern, integrated solution, Todd turned to Arinco, who had been previously recommended by Microsoft for its AI and cloud migration expertise. Arinco’s deep understanding of Microsoft’s security ecosystem made it the natural choice to lead the transformation – what Microsoft is calling one of the world’s leading security implementations of its kind.
Breaking new ground in security integration
With support from Microsoft, Arinco led Todd through the deployment of Microsoft’s Extended Security Suite, available under the E5 licence. Everything was integrated across the business to a level never before seen in New Zealand, bringing Microsoft Defender, Intune, Entra ID, and Purview tools together to offer a unified view of Todd’s entire digital estate, from identity and device management to threat detection and data governance.
“We knew this couldn’t be a one-off implementation,” says Daniel Lund, General Manager at Arinco New Zealand. “It had to be a staged, strategic uplift. By embedding our team with Todd’s, we co-developed a roadmap that was technically sound, realistic, and sustainable.”
But going bigger than anyone else had before required significant planning. Together, Arinco and the Todd team co-designed a four-year roadmap built around Zero Trust principles, reviewing policies, identifying risk gaps, and setting priorities to strengthen security posture.
“We take a long-term view, investing in infrastructure, capability, and innovation that supports our long-term strategy and sustainability objectives,” says Reghann. “If you’re only doing security, you’re going to fail at it. It has to be part of everything – from cloud to AI.”
Implementation followed an agile sprint model, with Todd’s internal engineers learning alongside Arinco’s team.
“Having that structured partnership was key,” Reghann says. “It wasn’t about throwing tools at the problem. Arinco helped us understand what we needed and how to get there, and Microsoft’s support made that roadmap achievable.”
Daniel Lund, General Manager at Arinco New Zealand
Opening the door to “eye-opening” insights
The transformation has already delivered measurable improvements.
“Being able to classify and manage sensitive information centrally was a game-changer. We secured endpoints and workstations, introduced identity controls, and uplifted the security maturity of the whole environment,” says Paul Maggs, Security Principal at Arinco.
Beyond technical gains, the project has fostered cross-functional engagement. Teams from privacy, legal, and operations now actively contribute to security decisions, creating a shared sense of ownership. Purview alone gave the team eye-opening visibility into how information was being used and shared, identifying brand-new patterns.
The implementation also gained attention from Microsoft’s global security team.
“This is a leading security implementation and a great example of a balanced approach on protection, detection and response. This will significantly enhance Todd’s cyber resilience and zero trust posture. Full credit to Arinco for their delivery – it’s a clear reflection of why they’re one of our most trusted cloud partners in New Zealand,” says a Bret Arsenault, CVP, Global Chief Security Advisor at Microsoft.
A platform for future innovation
Looking ahead, Todd sees this transformation as foundational to its wider strategy. Todd is now exploring how its security framework can support its renewable energy projects, —advancing both operational resilience and New Zealand’s net-zero ambitions.
“This was never just about deploying technology,” says Daniel from Arinco. “It’s about enabling Todd to operate with confidence, adapt to change, and lead in a complex sector.”
For Reghann and the team, cybersecurity is no longer a bolt-on.
“Security is now built into how we think about every new project – whether it’s solar, AI or automation, we’re designing with protection and performance in mind from the start.”