Scenarios, Challenges, Actions, Results
Business Problem: Cost of deployed security solution (SecureID MFA) was not affordable at the scale necessary to support growing remote access VPN needs. Solution: Assessment, selection and deployment of alternate solution enabling affordable MFA protection for the required and significantly broader environment.
Business problem: Xerox acquired an organization that had a different business revenue model, but that generates similar revenue volume to legacy Xerox. Business leadership wanted a single governing policy set. Solution: Working with security and business counterparts, analyze each organizations policy set against the potential adoption models resulting in costs and impacts for each delta. Took a recommended approach to leadership and upon endorsement executed the plan to deliver a single policy collection, retiring the acquired company collection after addressing those controls required to maintain expected security posture on each side.
Business problem: IT cloud direction is anecdotal and informal, making forward momentum on IT cloud security a challenge. Solution: Collaborate with IT on formal cloud strategy, and develop an adaptive, integrated enterprise-wide security strategy and associated priorities. Outcome: Creation of a security-integrated cloud adoption platform development plan and operational strategy, organization layout, reference architecture and supporting business case.
Business problem: IT committed to an aggressive data center exit timeline along with a “cloud first” principle, but without a secure target platform for lift-and-shift cloud migrations. Solution: Represent the security functional area on a team of collaborative, high performing, pro-active, right-minded engineers and service delivery managers. Over a period of 5 months we designed, developed and delivered a fully integrated, architecturally compliant cloud consumption capability for use by migration teams.
Business problem: Traditional/legacy AV products relying on malware signatures are not able to keep up with the pace and volume of emerging variants in a reasonable timeframe for certain environments, resulting in business risk of malware caused impacts. Solution: Prioritize areas in need of enhanced protection, define those areas and the standard for enhanced protection, followed by a technology assessment and product selection. Outcome: Enhanced protection rollout has commenced and is operational.
Business problem: Dramatic increases in enterprise-wide cost pressures coupled with organizational centralization and recurring acquisitions exposed a need to review the entire security portfolio for potential optimizations. Solution: Established a methodology to review tools and processes to identify unintentional overlap, misalignment, unused capacity, ineffective designs or configurations, unused licenses or features and to provide management recommendations.
Business Problem: A majority of security incidents included a direct or indirect root cause of improper human behavior. Solution: Established a comprehensive and benchmark security awareness and training program including regular training (concepts and requirements), knowledge assessment, attack simulation, newsletters, media campaigns and a corporate information security hub. Outcome: User susceptibility to attack scenarios was markedly reduced, and employee adoption of proper behaviors such as reporting suspicious activity increased significantly.