Today’s organizations require agility and innovation to deliver seamless digital experiences—anytime, anywhere. In response, customer, employee and supplier ecosystems have become more complex, connected and open. At the same time, cyber threats and risks are growing in velocity and complexity.
Through our cybersecurity advisory services, our experts help clients navigate the new security paradigm while enabling agility, efficiency and competitive advantage.
Below, we share a few examples of how our advisory services have enabled clients to achieve their business goals through a holistic and balanced insights-led security approach.
Moving to the cloud securely and reliably
When a large aerospace and defense company sought to implement its public cloud migration strategy, data security and service reliability were of critical importance.
Based on our significant experience in third-party vendor management, as well as managing cloud environments and their related risks, the client engaged us to assist in negotiating the security management aspects of its public cloud contracts.
This included developing a standard security annex and contract clauses, analyzing cloud provider security practices, conducting negotiation workshops, and providing a residual risk assessment. For the tailored security annex, we defined criteria for selecting applicable security requirements based on service type and identified process improvements.
In addition to completing negotiations, the client now has a standard set of requirements and documented process to support future procurements that includes early involvement of the security team.
Serving as access control broker for 10+ million industrial IoT digital assets for an industry-wide service
For a large nationwide program involving the rollout of millions of industrial IoT digital assets, CGI designed, built, implemented, hosted, ran and supported the data services that lie at the heart of this program.
Our identity and access management (IAM) advisory services, along with security services enable companies to access information to improve their services and customer experiences. These IAM services are crucial to the maintenance of consumer confidence, which underpins the nationwide program and rollout.
Our solution provides a high-availability, high-resilience communication service in accordance with specifications and provides an access control function that cryptographically validates all access requests and verifies right of access against IoT registration data.
It also includes an industry-wide federated identity provider (IDP) service, enforcing federated two-factor authentication for employees of industry parties, roles and privilege assertion using SAML, and self- service management by industry party administrators. We also use this IDP service to control third-party access to industry service management systems.
In addition, the IDP service also includes effective management of privileged staff, management of risk in accordance with ISO 27005 and delivery of associated security services.
Enabling a pharmaceutical firm to achieve a balanced cybersecurity posture
A North American pharmaceutical biosciences company with a global footprint was experiencing significant business issues, particularly in the area of cybersecurity. It had no security strategy, plans or policies. As a result, its security posture was ad hoc, with critical gaps.
We conducted a cybersecurity assessment, which revealed serious gaps across a number of areas, including governance, policies and operational security implementation. To address these, we helped the firm establish a more effective cybersecurity program, tailored to its specific needs, as well as satisfy industry regulators.
The program included:
- Cybersecurity strategy
- Governance framework, mapping accountability and responsibility
- Detailed cybersecurity policies across all technical design and related business processes
- Compliance assurance and risk management framework
- Rapid implementation of CGI managed security services to provide a protective cyber envelope
Through our advice and services, the firm is well on its way to achieving a balanced and integrated cybersecurity posture that is more secure and resilient.