In order to drastically reduce the own IT costs an enterprise developed a fundamental sourcing strategy with the help of renowned consulting firms. On closer examination of these sourcing concepts it very quickly became apparent that essential security issues had been ignored.

Security aspects of a global sourcing strategy

Sector

Industry

Project sponsor

CIO

Challenge

  • Massive cost pressure across the complete IT organization
  • Extensive in-house document management, collaboration and messaging solutions
  • Already designed managed service and cloud solutions could not be realized due to lacking data security and compliance measures

Reasons

  • Completely heterogeneous solutions, no harmonized structures
  • Lacking documentation
  • In part completely neglected security aspects
  • Generally no standardized security concept, no IT security focused architecture
  • Unconsolidated documents, data inventories etc. of the subsidiaries in various countries

Vision

  • Implementation of a mostly standardized security concept with industry-specific and regional aspects
  • Active and responsive security management meeting the legal requirements in the respective countries
  • Cost savings and at the same time more efficient, powerful and flexible IT structures

Our contribution

  • Security audit
  • Identification and analysis of security aspects in the overall strategy
  • Risk and security process analyses as well as related evaluations
  • Gap analysis as well as elaboration of metrics for the evaluation and deduction of the protection requirements within the scope of the overall strategy
  • Suggestion of individual solution scenarios as well as recommendations and prioritization of measures
  • Development of appropriate tendering models and passages

Results

  • Adjustment of the overall IT strategy taking into account essential IT security requirements
  • Establishing the basis for a later ISO 27001 certification according to BSI standard
  • Initiation and prioritization of security measures which have resulted in an economically viable and appropriately secure solution
  • Further action to elaborate and implement a comprehensive security concept

Managing complexity

„Priorities of Insentis are strategy development, personal coaching and targeted management of large projects in complex situations.“

Dr. Roland Schütz, EVP Information Management & CIO Deutsche Lufthansa AG, about the cooperation with Insentis GmbH (in german language)


We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.