Cleanaway tidies up endpoint security

Australian waste, recycling, and resource recovery services company Cleanaway Waste Management is consolidating its sprawling mix of cyber security tools in response to a rapidly changing threat landscape.

Image credit: Cleanaway

According to Cleanaway’s chief security officer James Court, the company’s global expansion has altered its threat exposure, and he has also witnessed a recent significant change in threat actor behaviour. These factors have forced a rethink of how Cleanaway protects an environment that includes well over 15,000 assets.

“Up until recently (threat actor activity) was all about gaining access to systems and ransomware,” Court said. 

“But now it is purely destructive. We’ve had to pause and ask if we have the right business continuity and resiliency processes in place.”

This story is part of the 2026 iTnews State of Security report. Read it for free here.

Cleanaway operates a highly distributed and mixed technology environment, including corporate IT and mobile devices (many of which are fitted directly to its fleet of 4800 trucks), as well as numerous unmanaged devices, and operational technology (OT) assets including fuel bowsers and weather stations.

Court said that while thousands of endpoints were covered by modern detection and response tools, a subset of devices remained difficult to secure using standard approaches.

Although Cleanaway was not included under the Security of Critical Infrastructure (SOCI) Act of 2018, Court said the company’s involvement in complex supply chains, particularly in industries such as healthcare, meant he was sensitive to third party risk. The company’s endpoint challenge had also been further complicated by the company’s expansion into New Zealand and the Middle East.

According to Court, this complexity has led the company to take a layered approach.

“One endpoint capability doesn’t tick all of the boxes for us,” Court said. 

“There is a varying mix of technologies we use, so not one (cyber) capability fits every situation for us.”

Cleanaway’s platform currently includes endpoint protection from CrowdStrike and Microsoft, as well as OT protection from Claroty.

While its cybersecurity stack has consisted of more than 20 suppliers, Court said this was being consolidated around five strategic vendors. While this would deliver cost and efficiency benefits, Court said the company would maintain its commitment to defence in depth and would carefully examine how these changes influenced its long-term security posture.

“I hate platform-isation, because it locks you into a vendor, and you then have to think about their roadmap,” Court said. 

“But we need to do more with less - it’s not going to be an endless, bottomless bucket of money.”

Court said Cleanaway was also 18 months into a Zero Trust transformation, with investments in identity and access management (IAM) and SD-WAN connectivity. Critical to this work has been its investment in identity as a key tool for endpoint threat management, with Court warning that organisations that failed to implement mature IAM programs faced significant blind spots, especially where endpoint agents could not be deployed.

“You can’t separate identity from the endpoint now,” Court said. 

“You have to look at them together, because there can be important context that you miss otherwise.”