Case Study

How This Company Eliminated Spreadsheet Based Assessments

About the company

The focus in this case study is on an international customer of SecurityGate.io in the chemical industry. They are a global leader in manufacturing specialty PVC used in the construction, automobile, and medical industries.

They also produce caustic soda, vinyl chloride, and tin tetrachloride, which are widely used across the chemical industry. They have chosen to keep their name abstracted for security and privacy.

Like many, they were depending on spreadsheets.

The company realized that their OT assessments were not as consistent or easily measured as those of other companies under the parent owner who had already standardized their operations with SecurityGate.io.

Most of the company’s assessments were done in person, with the data entered into spreadsheets, only to later be collated into PowerPoint presentations for the executive team. This created a high degree of variance in the responses and an incredible amount of lag time between when the data was collected and when leaders could see the assessment results.

“We had different papers, different documents for all sites, different assessment questions. Every questionnaire looked different.”

OT Risk Management Leader

The Challenges

The company’s Operational Technology (OT) cybersecurity team knew that there were specific challenges that they needed help with overcoming. Among the concerns they brought to SecurityGate.io were:

A lack of conformity and uniformity in assessment questions

Variance in OT assessment based on the location and person taking questions

Visibility into which teams had completed the assessments and which teams were still in progress

How the SecurityGate.io platform provided clarity

Consistency is where SecurityGate.io was able to immediately assist them. In short order, the risk management team had access to an assessment platform with automated workflows, turnkey questions specific to their industry, and a configurable module builder where they could build custom assessment questionnaires.

Standardization

SecurityGate.io delivered a consistent experience across teams—no longer did they have to worry about the personality of the assessor affecting the data-gathering process.

Instant Insights

Assessment insights could be quickly gathered and analyzed in an online dashboard so that the team could better understand their OT risk posture.

Reduced Team Impact

Rather than completing an extended assessment in one sitting, the teams could answer online questions as their schedule permitted, making the SecurityGate.io assessment process stress-free.

The risk manager noted that now, their teams can spend time on their assigned assessments whenever it’s convenient for them. No longer do they have to stress out and complete the entire assessment in one day. Instead, they can answer as many questions as they can and, if work comes up, continue on the assessment the next day.

“SecurityGate.io has been an effective platform to complete an OT cybersecurity assessment in a short time. It was particularly helpful that the assessment was accessible at multiple sites—we no longer had to rely on performing it in person.”

OT Risk Management Leader

How does the company know SecurityGate.io is working for them?

One of the biggest advantages to running OT assessments through SecurityGate.io is that the platform ensures that all employees who participate in the assessment are thinking critically about cybersecurity at their site.

“Before, when we operated on in-person assessments, many of our OT employees were tempted to just sit back in a conference room and give the occasional answer. Most of the time, there was one person who was the default speaker for the group and spoke 90 percent of the time,” they said. “But with SecurityGate.io, when an individual has to complete the online assessment themselves, they’re forced to think about OT security in a far more comprehensive way.”

Another advantage is that they are now able to run all site assessments concurrently. Having an online platform means the company doesn’t have to wait for one location’s assessment to be completed before starting the next. SecurityGate.io has turned a once multiyear process into one that takes a small fraction of the time.

Not lost in translation – How SecurityGate.io went the extra mile

Being an international company, most of their employees do not primarily speak English. And with some industry terms being difficult to translate from English to other languages, they noticed that some members of the team were getting confused.

To overcome this problem, the SecurityGate.io team worked closely with them to make sure that both the assessment questions and tech-support information were accurately translated. This decreased the confusion around certain questions and helped them get the best information back, in the timeliest manner possible.

#DeleteTheSpreadsheet

Become a leader in digital transformation. See how SecurityGate.io can improve your ICS cybersecurity and risk management efforts.