The story of how an outdated security infrastructure was reinvented to meet the business needs!
Our client is a leading global premium credit card services company in the Kingdom of Saudi Arabia. They were facing a few challenges with respect to threat management and security infrastructure. Skillmine could successfully rectify the issues and fine-tune their business processes.
If your business is dealing with a similar challenge at the moment, you might find the credit card services success story inspiring!
A little background about the firm and their pain points:
The client is the largest credit card service provider in KSA, headquartered in the USA with a revenue of 30 billion US$. The organization has been rated as the 22nd best brand in the world and employs around 50,000 people across the globe.
Throughout the years, their business has expanded but faced challenges with respect to risk management and security.
When they reached out to us, these were the key pain points they raised:
- Outdated security infrastructure that led to inability in coping with new and evolving security threats.
- Poor mechanisms of governance risk and compliance as per SAMA requirements.
- Lack of skillset and specialization to manage internal vulnerabilities and threats.
- Absence of enterprise security solutions for vulnerability management and data protection.
- Difficulty in managing the operational lifecycle of the existing security environment.
- Obsolete and non-supportable end-user computing equipment and operating systems.
- Absence of visibility/centralized view of infrastructure.
- Lack of skill up-gradation training for team members.
- Poor problem management and knowledge management.
- Ad-hoc and inconsistent service reporting and metrics.
- Poorly configured security operations and threat management.
- Multiple challenges to be rectified regarding new application rollouts of American Express to be adapted and ratified for PCI standards.
Our strategy for problem resolution was based on one principle: Looking at a comprehensive solution to cover all the challenges.
The Skillmine solution
We devised a solution based on information security consulting. The assistance of a dedicated ODC at our Bangalore facility was sought for managed security and infrastructure services. Recurring vulnerability, threat assessment, and remediation efforts were conducted from the remote ODC. A 24X7 command center was set up with relevant monitoring tools. Besides, the existing tools and features were finetuned to manage vulnerabilities in the system.
How was the solution implemented?
A 7-step process was carried out to implement the solution.
- Created a hybrid technical team of offshore and onsite team of people.
- Refreshed the entire GRC structure with IT risk, policies, processes, procedures, KPIs, and established an IT Security Council headed by the CEO to meet quarterly. This was aligned with regulatory compliancess (SAMA and NIST).
- Reconfigured and upgraded various IT security solutions for endpoint, network, database, web, email, and data security over 18 months to tighten the tech security.
- Created and implemented a SOC service to monitor security alerts and threats. Additionally, deployed brand protection mechanisms.
- Undertook quarterly VAPT exercises to remediate newer vulnerabilities. Tested policies and evidence for ISO and PCI compliance.
- Established the metrics-based dashboard for measuring the coverage and effectiveness of the IT Security posture.
- Created a comprehensive user training awareness program. Also, established the third-party audit mechanisms for AESA.
What were the benefits delivered to the client?
- Adherence to the required security posture standard like SAMA CSF NIST and PCI DSS.
- Better visibility into their devices to ensure overall security posture and compliance through implementation of data protection solutions.
- Lowered TCO for security infrastructure operation, maintenance, and incident response.
- Enabled the client to focus its resources on more strategic and tactical business requirements.
- Implemented processes and systems to ensure proactive and effective management of security infrastructure.
- Utilised the existing features and discouraged the procurement of extra tools.
- Improved availability, and efficiency and generated faster response and resolution to IT incidents resulting in lesser revenue loss.
- Improved the quality and reliability of IT infrastructure services.
Thus, Skillmine could deliver true to its promise of adding value to our customers at all stages. If you are looking for a partner to assist you in the areas of digital transformation, cybersecurity, cloud and IT infrastructure, data analytics, and data science or RPA, we’d be happy to help! Reach out to us: