Client
A large philanthropic organization with over 250 staff and over $150M in revenue.
Challenge
The client turned to ARG for help improving their Security Risk Mitigation Plan to maintain the organization’s reputation. There were several aspects to this initiative, but the highest priority was to gain confidence that critical data hosted with third-party vendors was protected and to minimize the risk of a breach. The client leverages over 100 systems and 3rd party vendors and was looking for a solution provider that would allow them to be more proactive in mitigating third-party risk. Donor confidence was low because when asked how third-party risk was evaluated, the client had little visibility or confidence in how their existing MSP/MSSP providers handled it.
The right partner would be able to fill security and IT headcount gaps. The proposed security program would include managed services to own the actionable management and monitoring tasks, platforms, and tools to ensure the client’s environment and endpoints are secure.
With limited IT staff, the client focused on hiring and retaining a senior-level resource as a program and vendor manager and sought a partner to align with this organizational structure.
The resulting solution would support the organization’s efforts to protect and keep secure the corporate data of the organization and maintain the privacy of its members, supported entities, and sponsors regardless of where the data resides. The client was looking for a vendor to:
-
- Gain insight into third-party ITaaS providers’ oversight and governance of the client’s provided environments; advise on how to protect this critical data best.
- Provide both assessment and ongoing managed support of security environment.
- Deploy tools to detect and respond to a potential threat and provide proactive threat hunting.
- Incorporate donated dollars for specific technology investments.
- Deliver a deep bench of experts to ensure the client is not reliant on any one individual to secure the environment.
Solution
ARG Consultant Cassie Diehl worked with the client executive team and ARG resources to build out clearly defined requirements and documented and considered four different approaches to address them. The ARG team evaluated the Managed Security as a Service marketplace based on the identified criteria, the ability to support the existing technology investments, and the ability to support donated dollars for specific technology investments.
ARG delivered analysis of downselected qualified providers with key differentiators and year-over-year contract term analysis. The client selected a robust, cost-effective solution that delivered a formal managed risk and compliance platform to ingest data on vendors and partners to evaluate their risk profiles. They also deployed a managed SIEM / SOC for collecting logs, threat hunting, and proactive response to identified threats. Security awareness training was rolled out to the client’s staff to mitigate risk from human error further.
The solution delivers:
-
- A cohesive security framework that includes ingesting logs from cloud vendors and a comprehensive dashboard to provide visibility and management access with the provider’s support.
- Analytics on compliance to actively assess and address potential risks with critical IT partners.
- The improved visibility allows the client’s leadership to make informed strategic decisions and deliver well-documented security questionnaires to allay donors’ security concerns.
ARG can help with your technology procurement and ongoing management and support. Email info@myarg.com to find out how to add ARG’s resources to your team.