The Challenge:
When ITC Secure was first introduced to the customer, we were told by their CFO that “cyber risk is the thing that keeps me awake at night”. He also told us that he had been approached by several cyber security vendors with the promise that their “tool du jour” would solve all his problems and make his sleepless nights a thing of the past. Unfortunately, even if this silver bullet, Benadryl-inducing, security tool existed, he knew that an effective cyber security strategy would need to go beyond a simple technology fix.
He explained that, whilst there was clear impetus for change, the problem the business had was knowing where and how to initiate this change. In the eighteen months that followed the initial introduction, ITC has supported our customer through three key stages of transformation.
Stage 1 – Understanding Cyber Risk:
ITC was initially commissioned to conduct a comprehensive cyber assessment of the business. The purpose of the assessment was to help our customer identify and understand their current cyber risks and provide an insight into their existing cyber maturity. During the assessment process, ITC’s consultants engaged with stakeholders from across the business, evaluated their current technology estate for efficiency, security and resilience, and reviewed policies, procedures and standards to ensure that they understood every aspect of the business’s cyber security posture, including people, processes and technology.
At the end of the assessment, ITC produced a detailed report which outlined the business’s current state, proposed a target operating model for cyber security and clearly outlined the path for reaching the target state.
Stage 2 – Implementation:
Upon completion of the cyber assessment, our customer embarked on an ambitious cloud transformation programme, focused on migrating services to Microsoft Azure and Microsoft 365. They chose to work with a third-party cloud transformation specialist to support this journey to the cloud. In parallel, ITC was commissioned to provide an ongoing CISO-as-a-Service consultancy. Through this engagement, we helped provide oversight and assistance to ensure that cyber security was built within the foundations of our customer’s new infrastructure.
The customer was able to complete their cloud transformation programme at a remarkable speed. One of the reasons for this efficiency was the high levels of collaboration between ITC, our customer and their chosen third-party cloud transformation partner. In the world of cyber security, we know that cyber criminals work together extensively to target people and organisations. If we are to successfully defend against such adversaries, it is a necessity that “the good guys” work collectively with the same levels of commitment to achieve the common goals.
Stage 3 – Detection:
As part of our customer’s cloud transformation programme, they made investments in improving their defences against cyber threats. By adopting a defence-in-depth approach, they improved perimeter defences, tightened their identity and access management controls, trained their people and documented their cyber security policies and procedures. The final piece of the puzzle was to ensure that, in the event of a breach, they had a team of highly skilled analysts in place to respond quickly to the attack and keep the business as safe as possible.
Considering our customer’s investment in Microsoft Azure and Microsoft 365, it became evident that utilising the security tools available in the Microsoft solution stack was a sensible approach. They chose to deploy Microsoft’s Azure Sentinel SIEM platform, delivered as a fully managed service by ITC. Built within their own Azure tenant and run by ITC’s 24x7x365 Security Operations Centre, ITC’s Sentinel SIEM managed service provides our customer with confidence that the investment they have made in infrastructure and in cyber security is protected by a team of world-class security analysts.
The Outcome:
Whilst working with our customer, ITC has been privileged to witness their transformation to a clearly defined cyber security strategy with a level of cyber risk that is not only carefully understood and managed, but is also being reduced daily.
The pursuit of achieving cyber security excellence can often seem like an impossible task, but by taking a collaborative and pragmatic approach to cyber risk management, our customer was able to define and implement a strategy that will continue to protect the business and its most prized assets.
Ahead of this publication, we asked our customer’s CFO if cyber security still keeps him awake at night. His response was “It’s still near the top of the list of things I worry about, but I now get some sleep! With ITC’s help, I now feel in control, able to understand and articulate the steps we have taken to reduce risk and I’m comforted by the high quality team we have assembled around the issue if anything were to happen”.
N.B. ITC jointly agreed with our customer that this case study should remain anonymous. However, should you wish to learn more about their cyber security journey or their cloud transformation programme, they have very kindly offered to be available to provide a personal reference.