The client had been relying on an outdated application whitelisting solution managed by an external service provider for over a decade. They turned to us to explore the possibility of insourcing this solution, with a focus on evaluating the underlying technology, operational setup, and overall effectiveness.

We kicked off the project by thoroughly analyzing the current state of the application whitelisting solution, identifying several key issues. The existing service was incomplete, failing to cover all critical environments, struggled with integration into the company’s growing cloud infrastructure, and lacked alignment with the Cyber Defence Center's tools and SIEM. Additionally, the external provider’s service was bogged down by cumbersome processes, making incident and problem management slow and inefficient. Our analysis indicated that the service could be insourced at a lower cost while significantly improving performance. We then developed and presented a comprehensive business case to the IT leadership, outlining a strategy for insourcing that included a more modern and user-friendly solution, expanded control coverage, and a clear roadmap for the transition.

Once the plan was approved, we led the insourcing process over six months. This included replacing the technology on a one-to-one basis, setting up an internal operations team, renegotiating terms with the existing service provider, managing change within the organization, and ensuring smooth integration with existing cyber defense processes. We also expanded the technology to cover the company's evolving cloud footprint.

The transition to an insourced application whitelisting solution resulted in significant savings on service and licensing costs. The client now has a modern, user-friendly whitelisting system that offers enhanced coverage of critical cybersecurity areas. This upgrade not only streamlined operations but also improved the overall security posture of the company.