The focus in this case study is on an international customer of SecurityGate.io in the chemical industry. They are a global leader in manufacturing specialty PVC used in the construction, automobile, and medical industries.
They also produce caustic soda, vinyl chloride, and tin tetrachloride, which are widely used across the chemical industry. They have chosen to keep their name abstracted for security and privacy.
The company realized that their OT assessments were not as consistent or easily measured as those of other companies under the parent owner who had already standardized their operations with SecurityGate.io.
Most of the company’s assessments were done in person, with the data entered into spreadsheets, only to later be collated into PowerPoint presentations for the executive team. This created a high degree of variance in the responses and an incredible amount of lag time between when the data was collected and when leaders could see the assessment results.
The company’s Operational Technology (OT) cybersecurity team knew that there were specific challenges that they needed help with overcoming. Among the concerns they brought to SecurityGate.io were:
Consistency is where SecurityGate.io was able to immediately assist them. In short order, the risk management team had access to an assessment platform with automated workflows, turnkey questions specific to their industry, and a configurable module builder where they could build custom assessment questionnaires.
SecurityGate.io delivered a consistent experience across teams—no longer did they have to worry about the personality of the assessor affecting the data-gathering process.
Assessment insights could be quickly gathered and analyzed in an online dashboard so that the team could better understand their OT risk posture.
Rather than completing an extended assessment in one sitting, the teams could answer online questions as their schedule permitted, making the SecurityGate.io assessment process stress-free.
The risk manager noted that now, their teams can spend time on their assigned assessments whenever it’s convenient for them. No longer do they have to stress out and complete the entire assessment in one day. Instead, they can answer as many questions as they can and, if work comes up, continue on the assessment the next day.
One of the biggest advantages to running OT assessments through SecurityGate.io is that the platform ensures that all employees who participate in the assessment are thinking critically about cybersecurity at their site.
“Before, when we operated on in-person assessments, many of our OT employees were tempted to just sit back in a conference room and give the occasional answer. Most of the time, there was one person who was the default speaker for the group and spoke 90 percent of the time,” they said. “But with SecurityGate.io, when an individual has to complete the online assessment themselves, they’re forced to think about OT security in a far more comprehensive way.”
Another advantage is that they are now able to run all site assessments concurrently. Having an online platform means the company doesn’t have to wait for one location’s assessment to be completed before starting the next. SecurityGate.io has turned a once multiyear process into one that takes a small fraction of the time.
Being an international company, most of their employees do not primarily speak English. And with some industry terms being difficult to translate from English to other languages, they noticed that some members of the team were getting confused.
To overcome this problem, the SecurityGate.io team worked closely with them to make sure that both the assessment questions and tech-support information were accurately translated. This decreased the confusion around certain questions and helped them get the best information back, in the timeliest manner possible.
Bill is SecurityGate.io’s Chief Information Security Officer. Prior to joining the company he was Vice President and Chief Security Officer for North American Electric Reliability Corporation (NERC). Bill had a distinguished career in the Navy where he flew Tomcats and Super Hornets. He has a computer science degree from the U.S. Naval Academy where he later became the Deputy Director of Character Development and Training and taught courses in cybersecurity. Bill has a master’s degree in International Relations from Auburn Montgomery, and a master’s degree in Military Operational Art and Science from the Air Command and Staff College.