Industry
Technologies used
Outcomes
Client Description
Veritas* is a financial services organisation that manages sensitive business, commercial, and financial information. The company works closely with fund managers, handling significant volumes of Personally Identifiable Information (PII) and critical data.
Operating in an environment with high data sensitivity, Veritas prioritises robust cybersecurity governance and information protection. To secure its digital assets and maintain compliance, the organisation relies on formal security frameworks, structured IT roadmaps, and tightly managed external file-sharing ecosystems like Citrix and Microsoft SharePoint.
*Veritas is an alias for the Investment Fund Manager we helped. We are using an Alias to protect their identity
The Challenge
As Veritas continued to expand its footprint in the financial services sector, the leadership team recognised the need to proactively elevate its corporate governance and cybersecurity posture. Managing sensitive commercial data and Personally Identifiable Information (PII) for fund managers required a shift from standard practices to an institutional-grade security environment.
To achieve this, the organisation faced a multi-layered strategic challenge:
- Framework Modernisation: Veritas needed to formally evaluate its data sensitivity levels and transition to a highly rigorous, SMB:1001 “Platinum” security standard to guarantee long-term data protection.
- Access Control Refinement: The business required a structured, segregated approach to auditing and managing user permissions across critical external file-sharing networks and internal collaboration platforms—specifically Citrix, ShareFile, and Microsoft SharePoint.
- Resource & Timeline Optimisation: While the organisation aimed to implement advanced security layers, it faced practical timeline constraints within the active financial quarter. Veritas needed to realistically balance immediate operational priorities—such as onboarding managed services and finalising core IT policies—with complex, long-term technical projects.
The core challenge was not just upgrading security, but engineering a pragmatic, phased strategic roadmap that aligned sophisticated data governance with the company’s realistic operational capacity.
The Solution
To address its strategic objectives without overextending its operational capacity, Veritas systematically restructured its IT governance, refined its security roadmap, and adopted a formal defence framework. The leadership team executed a pragmatic, phased approach to balance immediate administrative security goals with long-term infrastructure upgrades.
The key components of the solution included:
- Adoption of the Platinum Security Framework: After executing a comprehensive review of the organisation’s data sensitivity—specifically regarding financial PII and commercial asset exposure—Veritas officially classified its security requirement under the “SMB:1001 Platinum” framework standard. This foundational baseline was established to guide all future IT governance and information protection initiatives.
- Active Risk Mitigation Strategy: Veritas expanded its risk registry to formally account for critical vulnerabilities, including potential data breaches affecting fund managers and potential access interruptions to critical file-sharing platforms during deal periods. The company adopted “mitigation” as its default risk management posture for these items.
- Resource-Aligned Strategic Rescheduling: Acknowledging the short timeframe remaining in the current quarter, the team shifted complex implementations—such as full technology alignment to the Platinum framework—to future quarters. High-priority operational tasks were pushed to a realistic third-quarter timeline to ensure proper execution.
- System Isolation and Access Control Restructuring: Veritas isolated its file-sharing security tasks by separating Microsoft SharePoint access controls from internal ShareFile workflows. Audits for both platforms were synchronised to execute at the end of the financial year to minimise business disruption. Additionally, immediate priority was placed on data retention controls, including automated deletion policies for aged files.
- Policy Finalisation and Operational Focus: The immediate workload was streamlined to focus heavily on finalising core IT policy sign-offs and completing managed services onboarding baselines. The company also updated its project plan to align onboarding and offboarding documentation with the new IT policies, to integrate mobile device management, and to initiate a cybersecurity insurance review to ensure robust coverage for social engineering.
The Outcome
By re-engineering its security strategy and aligning its operational roadmap with available resource constraints, Veritas successfully established a rigorous, sustainable governance model that protected its critical assets without disrupting daily business operations.
The positive outcomes achieved from this initiative included:
- Defined a Premium Security Baseline: The organisation officially adopted the “SMB:1001 Platinum” security framework standard. This decision provided a clear, sophisticated benchmark for all future IT infrastructure, ensuring the comprehensive protection of sensitive customer PII and commercial data.
- Mitigated Core Security Risks: Veritas proactively expanded its risk registry to account for data breaches and critical system access issues, establishing an active mitigation posture to protect fund manager data and preserve operational continuity during high-stakes deal periods.
- Optimised Resource Deployment: By shifting intensive, complex technical projects—such as full framework alignment—to future quarters, the company prevented team burnout and ensured the IT department remained focused on immediate, high-impact goals.
- Streamlined Immediate Compliance and Governance: The simplified quarterly roadmap allowed the team to successfully prioritise core IT policy sign-offs, update onboarding and offboarding documentation, and complete critical managed services baselines.
- Established a Predictable, Multi-Year Security Roadmap: Veritas successfully mapped out its long-term strategic evolution. This clear timeline slated file-sharing audits for the end of the financial year, deferred advanced mobile device management and insurance reviews to the third quarter, reserved application whitelisting and incident response planning for the fourth quarter, and securely positioned penetration testing for early 2027.
Schedule a call
You are only 3 steps away from IT Peace of Mind
We help your team be more productive and your business be more profitable
