It is often said that madness is doing the same thing over and over and expecting different results. So why has the corporate world continued to work in the same way across IT, compliance, and security departments when all the evidence – spiraling costs, a skills shortage, the never-ending stream of data breaches – indicates that the current system of separating these three intrinsically intertwined disciplines is not working. This is not just a question of collaboration, but one of trust. PGI.com points out five of the most common “dysfunctions of team collaboration,” discussed by leadership and business author Patrick Lencioni:
- Absence of trust
- Fear of conflict
- Lack of commitment
- Avoidance of accountability
- Inattention to results
The current failure of collaboration is felt nowhere more keenly than in the security/compliance/IT space. The three departments with interconnected remits in this area – Security, IT and compliance – plus the associated vendors which every company outsources elements of their work to, have been a case study in the failure of the multi-sourcing model. [CE2]
What is the multi-sourcing model?
When we talk about a multi-sourcing model, we are talking about splitting IT, Security, and Compliance into 3 distinctly separated departments. While these departments are interrelated and codependent, they retain their own distinctive ownership of specific issues, despite these issues often impacting every department. This creates an increasingly complex and convoluted workflow, amongst each of these departments and their respective vendors. Meetings in such a setup are inefficient at best, and completely ineffective at worst. According to work-flow provider Unito, each poorly-executed meeting makes a team lose an average of 10 hours due to unclear goals and scattered efforts. What’s more:
The implications of these findings are very clear: poor coordination between cybersecurity[CE4] , compliance, and IT teams costs time, creating risk and exposure for the client organizations, particularly in the face of an active breach event.
The Basics: What is MCCP+?
Traditionally, cybersecurity is provided by one organization, compliance by another and each work independently. However, in the interests of promoting a unified, centralized approach to the intertwined disciplines of cybersecurity and compliance, at Cerberus Sentinel we bring both under one roof and harness the power of collaboration to deliver a better solution for our customer[CE5] .
The concept of MCCP [CE6] arose from the ashes of the outdated Managed Security Service Provider (MSSP) structure. The roots of MSSP date back to the 1990s, a time before the need to comply with a host of various data security and cybersecurity compliance regulations. Many organizations are hiring governance, risk and compliance (GRC) consultants or executives, but this must not come at the expense of a comprehensive cybersecurity program.
By combining the separate, but connected, disciplines of compliance and cybersecurity, Cerberus Sentinel arrived at the concept of the Managed Cybersecurity and Compliance Provider.
IT Services: adding the +:
With the addition of IT in the collaborative tent of MCCP we offer a unified triumvirate [CE7] to solve business needs with the highest level of security, efficiency, and effectiveness, thereby delivering the highest possible value to our customer. This is not just a repositioning from our perspective; we are responding to feedback from our customers with a fundamentally different approach that creates customer delight.
We recently began working with a healthcare organization who needed a comprehensive audit of their security posture following the departure of a long-serving IT manager. Once we had completed our initial penetration test, the concerns of the company were not alleviated but exacerbated, so we remained in place in order to provide a fully integrated service to their IT infrastructure, both from an IT and a security perspective. It is these kinds of experiences that lead us to believe MCCP+ is such a necessary evolution of our company journey.
The MCCP+ Venn diagram of success:
Managed Cybersecurity: From endpoints and networks to databases and applications, we monitor, manage, and protect the tools and systems you rely on to run your business. This can include the Protection and Monitoring of:
- and more…
Managed compliance: The complex rules and regulations governing how you run your business will no longer be a constant burden on your overstretched compliance team. With our continuous monitoring, we’ll ensure you don’t run afoul of your obligations. This will include the implantation and monitoring of:
Managed IT: The backbone of your communications, teamwork, and business operations should be out of sight and out of mind; it just needs to work. We handle that, including the administration of support of:
- and more…
- The opportunity to work with a ‘one-stop shop’ for all your security needs. We can provide our customers with one point of contact – and crucially, one bill – which encompasses all their compliance, cybersecurity and IT needs.
- A program working at 100% maximum operational efficiency. By managing the entire workload associated with compliance, cybersecurity and IT [CE9] deployment and support, the MCCP+ offering will work to eliminate the costly, time consuming and laborious work of introducing, managing and stacking a series of internal teams and/or service providers to provide the full suite of necessary services: with a single relationship, Cerberus Sentinel has that covered.
- Maximized efficacy: Not only will we be working as a lean, centralized support team on your behalf, but without the need to work across various stakeholders and corporate structures, we will be able to better understand and distill our customers aims into actionable and focused next steps, across each of the three portions of our Venn diagram.
- Maximized value: By sharing information and resources across our three vectors, we can offer our customers a program which maximizes the value in their investment.
[CE1]We ned to deine this.
[CE2]Not sue what this is saying
[CE3]This is true regardless, so not sure how relates to these 3 things
[CE4]We said security earlier – need to be consistent.
[CE6]Is it MCCP or MCCP+
[CE8]Recommend consistent use of commas and Security vs Cybersecurity
[CE9]Recommend we order these like MCCP order and make consistent