Case Study

How This Company Eliminated Spreadsheet Based Assessments

chemical company

About the company

The focus in this case study is on an international customer of SecurityGate.io in the chemical industry. They are a global leader in manufacturing specialty PVC used in the construction, automobile, and medical industries.

They also produce caustic soda, vinyl chloride, and tin tetrachloride, which are widely used across the chemical industry. They have chosen to keep their name abstracted for security and privacy.

Like many, they were depending on spreadsheets.

The company realized that their OT assessments were not as consistent or easily measured as those of other companies under the parent owner who had already standardized their operations with SecurityGate.io.

Most of the company’s assessments were done in person, with the data entered into spreadsheets, only to later be collated into PowerPoint presentations for the executive team. This created a high degree of variance in the responses and an incredible amount of lag time between when the data was collected and when leaders could see the assessment results.

“We had different papers, different documents for all sites, different assessment questions. Every questionnaire looked different.”​
anonymous member
OT Risk Management Leader

The Challenges

The company’s Operational Technology (OT) cybersecurity team knew that there were specific challenges that they needed help with overcoming. Among the concerns they brought to SecurityGate.io were:

  • A lack of conformity and uniformity in assessment questions
  • Variance in OT assessment based on the location and person taking questions
  • Visibility into which teams had completed the assessments and which teams were still in progress

How the SecurityGate.io platform provided clarity

Consistency is where SecurityGate.io was able to immediately assist them. In short order, the risk management team had access to an assessment platform with automated workflows, turnkey questions specific to their industry, and a configurable module builder where they could build custom assessment questionnaires.

choose a framework

Standardization

SecurityGate.io delivered a consistent experience across teams—no longer did they have to worry about the personality of the assessor affecting the data-gathering process.

securitygate.io dashboard

Instant Insights

Assessment insights could be quickly gathered and analyzed in an online dashboard so that the team could better understand their OT risk posture.

Reduced Team Impact

Rather than completing an extended assessment in one sitting, the teams could answer online questions as their schedule permitted, making the SecurityGate.io assessment process stress-free.

The risk manager noted that now, their teams can spend time on their assigned assessments whenever it’s convenient for them. No longer do they have to stress out and complete the entire assessment in one day. Instead, they can answer as many questions as they can and, if work comes up, continue on the assessment the next day.

“SecurityGate.io has been an effective platform to complete an OT cybersecurity assessment in a short time. It was particularly helpful that the assessment was accessible at multiple sites—we no longer had to rely on performing it in person.”
anonymous member
OT Risk Management Leader

How does the company know SecurityGate.io is working for them?

One of the biggest advantages to running OT assessments through SecurityGate.io is that the platform ensures that all employees who participate in the assessment are thinking critically about cybersecurity at their site.

“Before, when we operated on in-person assessments, many of our OT employees were tempted to just sit back in a conference room and give the occasional answer. Most of the time, there was one person who was the default speaker for the group and spoke 90 percent of the time,” they said. “But with SecurityGate.io, when an individual has to complete the online assessment themselves, they’re forced to think about OT security in a far more comprehensive way.”

Another advantage is that they are now able to run all site assessments concurrently. Having an online platform means the company doesn’t have to wait for one location’s assessment to be completed before starting the next. SecurityGate.io has turned a once multiyear process into one that takes a small fraction of the time.

Not lost in translation – How SecurityGate.io went the extra mile

Being an international company, most of their employees do not primarily speak English. And with some industry terms being difficult to translate from English to other languages, they noticed that some members of the team were getting confused.

To overcome this problem, the SecurityGate.io team worked closely with them to make sure that both the assessment questions and tech-support information were accurately translated. This decreased the confusion around certain questions and helped them get the best information back, in the timeliest manner possible.

#DeleteTheSpreadsheet

Become a leader in digital transformation. See how SecurityGate.io can improve your ICS cybersecurity and risk management efforts.

Contact Us

Bill is SecurityGate.io’s Chief Information Security Officer. Prior to joining the company he was Vice President and Chief Security Officer for North American Electric Reliability Corporation (NERC). Bill had a distinguished career in the Navy where he flew Tomcats and Super Hornets. He has a computer science degree from the U.S. Naval Academy where he later became the Deputy Director of Character Development and Training and taught courses in cybersecurity. Bill has a master’s degree in International Relations from Auburn Montgomery, and a master’s degree in Military Operational Art and Science from the Air Command and Staff College.