The Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2024
Truphone One-Page Case Study
“We couldn’t do our jobs without SecurityScorecard.”
– Nuno Teodoro
The Challenge
Truphone believes that connectivity can be easier, smarter, and more efficient. Since 2006, they have built state of the art SIM software, intuitive management platforms, and a powerful global network to make this a reality. Truphone is one of the largest full Mobile Virtual Network Operators (MVNO) providing a wide range of technologies and services to small businesses and large multinational companies, such as Tier 1 banks and household names like Apple.
As a major provider of mobile recording, as well as other critical services for the finance sector, protecting client data is crucial. Nuno Teodoro, global Chief Information Security Officer (CISO), holds numerous and far-reaching tasks and responsibilities. Enterprise cyber risk management, partner and vendor security, pen testing, network security, data privacy and security; everything under the umbrella of risk security and compliance is under the purview of Teodoro and his five-member team. He needed an intuitive solution to help the security team streamline and scale their operations.
General Info
CompanyTruphone |
IndustryTelecommunications |
Employees200-500 |
HeadquartersLondon |
Products UsedRatings |
Use Cases
|
Why SecurityScorecardEfficiently and instantly identifies and presents critical security information related to TruPhone’s assets.
|
The Solution
Nuno Teodoro’s need for an outside-in view of Truphone’s cybersecurity posture led him to utilize SecurityScorecard’s cybersecurity ratings platform for multiple use cases:
- Truphone’s Cyber Defense Center relies on SecurityScorecard to identify potential risk within the firm’s digital assets in real-time, with continuous monitoring capabilities.
- For vendor onboarding and monitoring, SecurityScorecard provides Nuno Teodoro’s team immediate and continuous visibility into the risks posed by third-and fourth-party vendors, ensuring cyber health and reducing the need for time-consuming yearly or bi-yearly assessments.
- Truphone leverages security ratings and out-of-the-box reports as a metric in Truphone’s quarterly executive management meetings.
- Serving large financial institutions and providing critical services, such as Truphone Mobile Recording, makes Truphone a heavily audited entity. SecurityScorecard’s continuous security monitoring saves countless hours by eliminating the need for point-in-time data gathering and questionnaires in preparation for compliance audits.
“We’re logging into SecurityScorecard multiple times per day – myself, our cyber threat hunter, and our security manager who deals with vendor risk management.”
– Nuno Teodoro
The Results
Now that Nuno Teodoro relies on SecurityScorecard for continuous monitoring, there is peace of mind. “With SecurityScorecard it’s fire and forget, because we know the platform will catch everything and surface all of our assets,” said Nuno Teodoro. Having SecurityScorecard has brought benefits across all of the Security and IT team’s responsibilities, including:
- Gained a clear and prescriptive course of action with Score Planner, enabling the team to prioritize remediation and have full visibility into the process.
- Improved Truphone’s ability to win more deals and RFPs by showcasing their competitive advantage through security.
- Saved hours of time with SecurityScorecard’s “high-level” dashboard that displays the most critical and common risk issues for the company, sorted by severity, to reduce the time that would otherwise be spent manually organizing data points for the most impact.
- Increased engagement with the board and executive team with an easy-to-understand A-F rating, leading to more engaging conversations
Highlights
- DEMONSTRATES security and credibility to customers with an objective rating
- MOVES from point-in-time vendor assessments to continuous monitoring
- GENERATES engaging board reports in seconds
- IMPROVES visibility into internal assets, reduces blindspots, and augments pentests