The client spun off from a larger organization, as part of a private equity transaction, with an intention to unlock its full potential and foster accelerated growth. The resultant carved-out entity offers a suite of cloud-based solutions that safeguard any business’s digital infrastructure and online presence. They are a popular choice for companies who want reliable and secure services.
The spin-off process created a new portfolio company for the private equity firm, with the opportunity to start its next growth phase. But this process put immense pressure on the portfolio company to stand up within 100 days. As part of the stand-up process, the portfolio company had to set up various business operations and fortify its information and security framework within the transaction service agreement (TSA) time frame.
The client knew that more than third-party support, they needed a strategic partner who could guide them through the challenges.
Client’s Challenge
The client wanted to safeguard its operations from cyber threats and regulatory compliance challenges. The challenges included keeping pace with the evolving threat landscape and maintaining compliance with various regulations and standards despite having a dedicated security team. As a result, the client was at risk of costly security breaches and regulatory fines.
The first task was to comply with Payment Card Industry Data Security Standard (PCI DSS) in accordance with a Governance, Risk and Compliance (GRC) framework. Then the client wanted to set up a Security Operation Center (SoC) in Hyderabad, India, which would monitor 24/7 and respond to cyber incidents on all their environments, on-premises and cloud security infrastructure.
The client rose to the challenge of this daunting task by relying on Aeries’s specialized team, which had two decades of experience.
The Aeries Solution
Understanding the scope of client requirements, the team at Aeries divided the project into several phases.
- Assessment: Aeries conducted an assessment to understand the client’s security requirements – the assets they want to protect, existing security, compliance practices, and areas of improvement.
- Design: Aeries’s scope of work included designing a customized GRC framework and setting up the client’s SoC from scratch based on their previous findings.
- Implementation: Aeries worked with the client’s cyber security team and implemented the following procedures.
A. GRC Framework
- Aeries diligently followed industry best practices outlined in NIST, PCI, and ISO standards as they implemented 54 policies and 70 procedures through the Jira tool. This proactive stance significantly contributed to the client’s success in managing risks effectively.
- Created a cyber committee for monthly reporting and implemented the Customer Security Assurance program to secure clients’ data.
- To measure success, the Aeries team established KRAs and KPIs that monitored the program’s effectiveness and identified areas of improvement.
B. SoC Set-Up
- Aeries used a cloud-native Security Information and Event Management (SIEM) system with auto-scaling capabilities to monitor and analyze cyber threats while managing thresholds in real time.
- The team at Aeries established an Incident Response (IR) process that aligned with the compliance guidelines of PCI. This process included setting up Vulnerability Assessment and Penetration Testing (VAPT) using PCI ASV tools to detect potential threats and vulnerabilities.
- To adopt the latest technologies and keep pace with the evolving security landscape, Aeries utilized Technology Adoption Program (TAP) initiatives to ensure that the client’s SoC remained ahead of the curve.
- Aeries set and met the 15-minute SLA target to respond to all incidents and alerts. This enabled the client to swiftly identify, investigate, and remediate potential security incidents thereby reducing overall exposure to risk.
The commitment to the client resulted in Aeries creating a secure IT environment that enabled the implementation of a robust GRC program and setting up a SoC within 2 months.
- Monitoring and Maintenance: Aeries continues to provide monitoring and maintenance services to ensure that the client’s GRC and SoC remain effective and updated.
Results
Conclusion
The successful implementation of a GRC framework and setting up of the SoC by Aeries was a game-changer for the client. The GRC program and SoC provided the client with the tools, expertise, and confidence to manage risks and comply with regulations with confidence.