Case Study – Cybersecurity | Global Insurer
Our client is an Australian company providing financial services nationwide as well as in 26 other countries. The client is also ranked among the world’s top general insurers.
Their large workforce (over 11,000) and international customer base makes them an attractive target for cyber attack. As an Australian company and APRA regulated entity, they are also required to comply with a number of regulatory and statutory obligations.
The lifeblood of their business and internal and external communications are all dependent on secure and reliable technology and information.
The client has traditionally operated a multi-vendor environment as well as a large internal technology workforce. Their technology and related services footprint is also globally distributed.
Client objectives and challenges
Increasingly complex and difficult business environment
Like many of its peers, our client has undergone significant business changes and transformation, and as a result, has needed to review its previous strategies, and has sought to leverage trusted partners to support them through a quickly evolving business landscape and a number of new risks. This led to a great deal of innovation and collaborative, creative problem solving from the Client and its business partners.
Pressure to contain costs and still demonstrate strong performance
In addition to the already complex business environment, as an ASX listed company, our client has continued to have the business imperative and responsibility to contain (and reduce) its operational costs, while continuing to deliver on its commitments to its stakeholders. After establishing many of the foundation security controls, they have recently directed attention and investment towards agile, flexible and adaptable security services such as ours.
Innovation and rapid pace of technology change
Technology, the associated new capabilities and the threats applicable to these have increased in accordance with the fast pace of technology and service innovation. Many of the technology improvements that have had such a positive impact on productivity (such as Cloud Services and Mobility) have introduced new risks that must be addressed.
Obligations to clients and others around the protection of information
Australian and International legislation and regulation around the protection of information have led to a more transparent and proactive approach to security. This highlighted the need for demonstrable security controls that were both effective and measurable to address the ever increasing threat of cyber attack.
Remote and offshore services
Whilst there are obvious benefits to remote and offshore services, this has also introduced additional points of potential security vulnerability and risk. With the COVID 19 pandemic, the remote workforces of many businesses have been adversely impacted. Cultural and technological differences have also introduced security and risk challenges of their own.
Obtaining and retaining security knowledge and expertise
As one of the most sought after skills, cybersecurity has become increasingly difficult to resource. Many organisations, including our client had been forced to rely on expensive contractors and address internal skills gaps through career pathing such as internships. The revolving door of security had led to problems of knowledge continuity and key person dependencies.
Orro supported the client initially by delivering security architecture and consultative services. The services were established to augment the existing team and to support them in their security maturity journey.
As part of the security maturity journey, Orro documented the service related team functions and proceeded to deliver these for the Australian Region, remotely out of its global Security Operations Centre at a cost saving to the client.
Orro services were then further expanded by delivering security assurance services, security project support, security governance and security leadership within the organisations. Following the loss of a number of key security personnel, Orro also supported the client with security resource augmentation, including key roles such as Security Operations Team Lead. As part of taking on Security Operations responsibilities for a period of time, our on-site security Analyst resources took it upon themselves to document Standard Operating Procedures.
The services delivered by Orro from its Security Operations Centre evolved into the Global Security Service Desk service which delivers 24×7 security governance and assurance on business as usual security requests raised by business users across all of the client’s regions.
Orro’s focus was initially to flexibly deliver a number of discrete security services. As the services were delivered, we continually sought opportunities to increase the value of services to the client. In addition, we invested in resources that, over time, became much more familiar with the Client and its business to the point that the Client requested that they be embedded within their own team.
Our role in this environment was to provide security strategic advice and guidance, assessment, monitoring, investigation, control validation and incident response.
Our services supported the client in establishing a security capability that they could build on to meet their requirements. We also helped them catalogue their applications and build an assurance program to meet their business, compliance and regulatory requirements. In addition, Orro established a security service to meet governance and assurance requirements as part of the security service desk service.
Our client considers Orro to be an important partner in delivering BAU Governance and Assurance activities to enable internal teams to concentrate on higher value project related tasks.
On behalf of our Client, Orro:
- established a consistent security services engagement point for BAU Security Requests.
- enabled the development of numerous improvements within the Risk and Governance Team.
- supported the Client’s various regulatory and risk management requirements and outcomes.
- delivered visibility of the state of cyber security controls within the organisation applications.
- enabled identification of security vulnerabilities within applications and infrastructure.
- enabled greater prioritisation of security issues and reduction in complexity through standardised governance processes and consistent reporting.
- reduced operational security overheads through utilisation of retained knowledge and simplification of security project support
- simplified the process of project engagement of security resources and helped standardised the project artefacts delivered by the security team.
- enabled the ability to scale up and down as well as refocus / redirect effort where and when it was required.
- a Gartner recognised managed security service provider.
- ISO27001 Certified and the scope of our certification includes all processes and procedures.
- a true 24x7x365 Cyber Security Services Provider.
- Australian based with follow the sun services.
- flexible, creative and robust without the overheads of international suppliers.
- experienced, security cleared and qualified.
- focused on Security; our Clients are part of a trusted community that shapes everything we do.
- our services from our Cyber SOCs located in Sydney, Melbourne and London.
- deep & broad security expertise across a range of industries.
- incremental and modular service delivery to flex up and flex down as Client needs evolve.
- One Team working collaboratively with our Clients who have access to all our capabilities.
Asia/Pacific Context: ‘Magic Quadrant for Managed Security Services, Worldwide’ Published: 27 April 2018 ID: G00345198
Analyst(s): Sid Deshpande, Craig Lawson, Rajpreet Kaur
Founded in 1999, [Orro] is a pure-play security company that provides managed security, consulting and assurance services. Its client base is predominantly in Australia today, and it specializes in general-purpose MSS, along with offering consulting services that support customers’ security operations requirements. [Orro] offers management capability for a wide range of network security and threat management functions. It also supports more granular service deliverables than many larger providers by being able to provide out-tasking and overflow support on top of the more standardized MSS SLA-based management and monitoring of security products. [Orro] is able to compete with larger competitors because of its flexible service delivery options and its ability to customize service delivery for a wide range of customer requirements. [Orro] operates out of four locations (Australia [Brisbane, Melbourne and Sydney] and London, the U.K.), with two SOCs in Sydney and Melbourne.