Security experts step in to fill vulnerability gap and deliver comprehensive plan

Details

For IT teams, a slight inattention to systems and organizational maintenance can quickly escalate into a significant security issue. Maintaining customized application configurations, sustaining bespoke line of business applications, and keeping system documentation current and accurate - these challenges require constant attention. Turnover of one key player on the IT team can cause any of these factors to snowball into a systems security emergency.

a close up of a padlock sitting on top of a laptop keyboard
The Challenge

IT leaders at a national specialty retailer approached senior executives with concerns regarding the state of IT. While previous IT leaders had struggled to stay caught up with IT infrastructure maintenance, they had failed to remain up to date with security patches, leaving the organization vulnerable. The current staff were reluctant to admit that, not only was the system security uncertain, but the team also lacked the expertise to determine all the vulnerabilities and - just as importantly - prioritize them. Company leaders realized they needed an external resource to assess the current state of the organization's IT and help bring the systems in line with current security best practices and standards.

The client engaged Kalles Group to gain a clear perspective on the state of their systems for full awareness of any system vulnerabilities. With this insight, the IT organization would be able to move forward to address and remediate issues according to priority and eliminate future surprises.

Our Approach:

The client had previously hired consulting groups, but they had stepped away from the engagement due to their inability to address the complexities of the systems, which included Windows servers, Linux boxes, and a combination of appliance boxes and custom-built servers. To avoid hiring yet another unqualified vendor, the client sought a consulting organization with a breadth of understanding of systems, as well as experience digging in to understand the unique needs of proprietary systems. This engagement would also require a significant amount of research to illuminate the vulnerabilities of this complicated IT structure, and dive deep to understand the specifics of those vulnerabilities.

Due to the concern for system security and the delay caused by previous failures, speed was crucial. Kalles Group was able to expedite the assembly of a team of experts to immediately begin the project.

The Kalles Group team quickly assessed the systems and developed a prioritized list of issues. This would provide the client a roadmap for navigating the needed solutions. The Kalles Group team also anticipated the needs of the business and provided a solution that not only addressed the current state of the system, but recommended simplifications that would make system security maintenance and updates much easier to manage and control going forward.

To ensure the company didn't find themselves in the same situation again, the Kalles Group team also developed and implemented a documentation framework that would record critical information about the status and configuration of the system, providing the team a holistic understanding of the system at any time.

Quotation mark icon

Kalles Group left the client teams with a shared understanding of security priorities, and a plan for bringing the system up to standard.

Our Solution

To ensure the client could move forward with confidence, Kalles Group helped IT leaders work with company business leaders to develop a strategic viewpoint on their security program. This viewpoint was customized to fit the needs of the organization, balancing business needs with security concerns. The Kalles Group team also assisted the client to communicate this viewpoint throughout the organization.

Kalles Group left the client teams with a shared understanding of security priorities, and a plan for bring the system up to standard. IT and business leaders had an agreed-upon security viewpoint that would eliminate the potential for security surprises going forward.