Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Buyer Ratings Guide
The ALM Vanguard: Cybersecurity Consulting 2019
October 2019
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
Laura BeckerAnalyst, Management Consulting ResearchT +1 212-457-9179 [email protected]
Author
For more information, visit the ALM Intelligence website at www.alm.com/intelligence/industries-we-serve/consulting-industry/
© 2019 ALM Media Properties, LLC 2
Buyer Ratings Guide
Contents
Overview 3
ALM Vanguard of Cybersecurity Consulting Providers 6
Competitive Landscape 7
Provider Capability Rankings 9
Rating Level Summaries 10
Leader Assessments 11
Provider Capability Ratings 12
Best in Class Providers 13
Provider Briefs 14
Definitions 16
Methodology 19
About ALM Intelligence 20
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 3
Buyer Ratings Guide
OverviewCapability Drivers
Cybersecurity consulting capabilities and go-to-market strategies are evolving at a rapid pace. In fact, the speed of change over
the last year is simply incredible with many major consulting firms re-branding their approach to meet the changing market
dynamics. There has been a recognition across the board that there is no way to prevent a cyber attack and that the only
hope is to minimize cyber risks. In addition, as organizations employ emerging technologies that increase connectivity both
internally and with their external customers, the need for confidence in data protection is at the front of their minds. If end-user
customer data is breached, an organization’s brand reputation is affected greatly. Therefore, both building cyber resilience (cyber
risk management) and designing for digital trust (protection of data) are at the core of thinking and necessary capabilities for
consulting firms, who seek to provide their clients with deep capabilities in these areas. Cyber is now viewed as a business enabler,
moving from complying with various regulations (i.e., GDPR, California Consumer Privacy Act, China Cybersecurity Law, NY DFS
among others) to the current complexity driven by the digital economy. Trust in identity, products and services continue to gain
importance for all organizations with new risks being generated by the increased value of data and disruptive technologies with
unknown security and privacy impacts. Cybersecurity must become part of the integrated fabric of every client organization,
embedded in all business strategies from consumers, supply chains, third party partners, brand management, M&A and more.
Trust in identity and in products and services will continue to gain in importance for executing safe and reliable business as
new producers, consumers, and new enterprise stewards of data and commerce experience emerge. New risks are being
generated by the increased value of data, and new and disruptive technologies are being tested with unknown security and
privacy ramifications. Cybersecurity must fully evolve away from its legacy technology and operations function to become
part of the fabric of integrated, enterprise risk management and create strategic risk and value-add business outcomes. The
fabric of cybersecurity and privacy must be embedded in all business strategies – from supply chain and partner strategies,
to digital marketing and brand management, acquisitions and divestitures and legal affairs.
Many of the leading consulting firms have reorganized their approaches to rely more on process and less on tools. Technology
is by all accounts only about 20% of the cybersecurity game. People, process and technology (having talent, agility, and the
right solutions) and cultural change, training and digital upskilling are essential ingredients for security success. Leading
providers have developed approaches that are intended to reach stakeholders from the Board/C-suite, the CISO and CMO,
CDO, CRO, CIO and other business function leaders who all need to participate to create a cyber resilient organization.
Innovative approaches now include co-development with clients to create the right approach for the clients’ business needs
and those that will add the most value-added outcomes.
Additionally, leading providers are creating partner ecosystems on the technology side to bring in the best tools necessary
without using their own time and resources to reinvent the wheel. The consulting firms can apply API layers on top of existing
tools to customize for their clients. There is an efficiency in the ecosystem concept that was not there before. The leading
consulting firms also see that the market for cybersecurity providers is highly fragmented, including the Big Four, Managed
Security Service Providers (MSSPs), Technology Global Service Providers, boutique firms and other new entrants with some
going downstream with service offerings and others going upstream; some providers focus on business strategy embedding
cybersecurity to enhance outcomes, while others focus on security strategy to create value-added business outcomes.
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 4
Buyer Ratings Guide
There is a bubble of technology tool providers at the moment due to explosive growth in this space. There may be a vendor
consolidation and tool rationalization in the near future that will affect the market. The larger firms are already making
significant acquisitions and alliances.
The evolution of the consulting firms’ approach is being driven by external market forces, and the leading providers are
shaping their service delivery models to account for these major market impacts to effectively guide clients. The leading
consulting firms continue to develop innovative methodologies, frameworks, approaches, products and services given the
capability drivers affecting client demand.
Ability to refresh service offerings frequently with a sprint approach. Leading consulting firms realize that consulting is
changing because of disruptions from digital technology. Reactivity and point solutions are no longer the answer. Consulting
providers must go in with a proactive approach to instill cyber resilience and digital trust across the enterprise and throughout its
culture. Many consulting firms, just over the last year, have changed their service profiles. Traditionally, consulting offerings might
be viable for 10 years. That is no longer the case, with leading providers refreshing their service portfolios every 18-24 months
to differentiate themselves from the competition. In addition, agility and speed to market are essential, as is the shortened time
frame for project completion. What might have been a two-to-three year engagement must now be completed in 18 months.
Some leading consulting firms are going to market with almost pre-packaged IP and technology solutions through ecosystem
partners that can be customized to the client’s specific needs in order to create change quickly and efficiently.
In addition, to the service portfolio, many leading providers have also revised their pricing models focusing more on
subscriptions, retainers, outcome-based, as-a-service and other options in addition to the more traditional fixed fee and time
and materials models.
Ability to understand and shape the role of the modern CISO. The modern CISO must view cyber as a business enabler and
step out of the technology function role as a standalone entity. With technology embedded throughout the enterprise, CISOs
must have extensive technical knowledge, risk management knowledge, governance knowledge and communicate training
and awareness across the organization, including the C-suite and Board, all the way down to the lowest level employee and
customers (endpoint security). In many cases, the CMO, CIO, CFO or CDO is involved in the cybersecurity work as well and
the CISO needs to co-exist with all business leaders and drive the process. Consulting firms are finding that larger clients
have CISOs in place (many with these skills), but other organizations are finding it difficult to find the right talent for this
role. Consulting firms are offering a virtual CISO (vCISO) or data protection officer for staff augmentation purposes as well as
working on training and upskilling for the role internally as necessary.
Ability to provide cybersecurity upskilling to address skill gaps and talent shortages. Leading consulting firms are well
aware of skill shortages that are both driving client demand for services and leading them to develop in-house talent to
ensure a sufficient talent pipeline for client projects. There are several ways that leading providers are doing this. One is to
enter into academic partnerships with leading universities to build the next generation of diverse cybersecurity skills and
talent. The other method is to create diversity and inclusion programs to garner new talent. PwC, for instance, is a founder
OverviewCapability Drivers
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 5
Buyer Ratings Guide
of the CEO Action for Diversity and Inclusion. KPMG has a Women of Risk community and many leading firms are hiring top
level talent from government agencies.
Ability to assist clients with OT/ICS exposure – the next “big thing.” Many leading consulting providers see OT (operational
technology) and ICS (Industrial Control Systems) as the next big attack surface for potential cybersecurity threats while
maintaining focus on the Internet of Things. Because of increasing global connectivity, cybersecurity attacks on industrial
systems are a major threat and would cause significant organizational losses and production downtime, as well as the fact
that system downtime might affect larger communities. Leading providers are focused on developing security capabilities in
this area. For example, Accenture developed a 3D value chain, adding interoperability to create a replica of the client’s value
chain with OT and ICS to see how to embed security and build resilience and digital trust. In addition, the firm has opened a
Cyber Range in Houston specifically geared to OT/ICS testing.
Ability to provide value-added managed security services and as-a-service next generation solutions with emerging technologies. Managed security services and as-a-service offerings are a significant component of leading firms’ offerings as
many organizations are looking to consulting firms to fill this role with their existing depth and expertise. Managed Detection
Response (MDR), in particular, is seen as a high growth area in which many consulting firms are investing. MDR is the next
generation of advanced managed security service, providing threat intelligence, threat hunting, security monitoring, incident
analysis, and incident response. These often employ emerging technologies such as AI, machine learning and analytics to
automate, investigate and contain threats and orchestrate responses with dedicated security analysts monitoring for threats.
Rather than simply sending alerts to IT at an organization as has traditionally been the case, MDR can act on the threat itself.
These services can be customized to the specific organization to provide support services in the areas of IT, OT and ICS.
Accenture, Booz Allen Hamilton, Crowe, EY, IBM, Mandiant, R9B, and Secureworks are particularly focused on this, and EY’s
September acquisition of Elevated Prompt Solutions Inc. is an example of the firm’s attempt to expand this offering for next
generation Managed Detection and Response (MDR) services.
OverviewCapability Drivers
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 6
Buyer Ratings Guide
ALM Vanguard of Cybersecurity Consulting Providers
LEADERS
CHALLENGERS
Low
Hig
hLo
w
CONTENDER S
Dep
th o
f Con
sulti
ng C
apab
ilitie
s
Breadth of Consulting Capabilities
DeloittePwC
EY
Secureworks
Accenture
McKinsey & Company
Capgemini
KPMG
West Monroe Partners
BCG
OptivHerjavec Group
CGI
R9B (root9B)
Crowe LLP IBM
Booz Allen Hamilton
Cognizant
FTI Consulting
Mandiant, a FireEye company
CrossCountry Consulting
Bain & Company
Protiviti
HighSource: ALM Intelligence
Source: ALM Intelligence
The ALM Vanguard of Cybersecurity Consulting Providers assesses firms in terms of their relative ability to create impact for
their clients. For this, the ALM Vanguard displays the relative position of the providers featured in this report, deemed capable
in Cybersecurity consulting, based on an evaluation of their overall capabilities according to a consistent set of criteria.
Capability depth denotes a provider’s capacity to get results for clients, while capability breadth indicates its ability to deploy
that capacity across multiple client scenarios.
Consulting is distinctive from other industries because of the variety of client contexts that providers encounter in terms of
ambitions, needs, and abilities that alter what it takes to create impact. As providers seek to deploy their capacity to create
client impact (depth) across industry sectors, geographic regions, and interfaces with adjacent functional and technical
capabilities (breadth), they increase the complexity of their engagement models. The downward slope of the lines that
separate the tiers of the market captures the trade-off between low-complexity engagement models (designed to maximize
the capacity to create impact for a narrow set of client applications) and high-complexity engagement models (made to
maximize deployability and create impact for a wide variety of client applications).
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 7
Buyer Ratings Guide
Competitive Landscape
The rapidly changing market dynamics create pressure for consulting providers to continuously up their game. Consulting
firms are constantly refreshing their branding and service portfolios to stay ahead of the curve with new service capabilities,
managed services and as-a-service models. Emerging technologies (including advanced analytics, AI, machine learning,
RPA and automation) all play a big role in the advancement and depth of capabilities. In addition to rebranding, consulting
providers must deliver results faster than ever. The sprint approach means cutting down project time and measuring results
in a meaningful way.
The market for delivering cybersecurity consulting capabilities is highly fragmented among the Big Four, traditional strategy-
first firms, global technology/security firms, cyber risk management focused firms, MSSPs, and thousands of technology
vendors. The explosion of technology vendors will ultimately lead to a consolidation, which is already being seen in many
acquisitions, joint ventures and partnerships.
In addition, there is a significant difference in approach from many of these firms as some lead with a business strategy first
mentality and embedding cybersecurity to create better business outcomes while others lead with a cyber first mentality –
creating cyber risk management strategies that align with existing business strategies for enhanced outcomes. But both
approaches attempt to accomplish the same ultimate goal in cybersecurity, which is focusing on cyber resilience and digital
trust for clients.
LeadersThe striking thing about the leaders is that almost every single one has refreshed their service portfolio over the last year. All
of these leading firms are focused on how to create value-added business outcomes for their clients and have measurement
systems/KPIs in place to provide the ROI and messaging to their client. Each firm works to embed security across the enterprise,
whether its starting point is with the Board and C-suite or with the CISO – all important stakeholders across business functions
are involved in the process. Additionally, all of these providers have deep relationships with technology vendors to bring in
needed depth as necessary. Some lead with a business strategy first approach, such as McKinsey & Company, while others are
coming from more of a security, cyber risk vantage point such as Accenture Security and Booz Allen Hamilton. The two leading
firms Deloitte and PwC particularly shine because they provide end-to-end holistic approaches. Deloitte’s Imagine, Deliver
and Run paradigm and evolving storefront of capabilities is very much in tune with the next generation of market needs.
Deloitte is working to co-develop, innovative solutions for clients and providing an Enterprise Value Delivery methodology to
ensure that agile and secdevops streamlines projects for rapid delivery and solid outcomes.
PwC’s One Firm, BXT (business, experience, technology) approach ensures strong client relationships and a holistic, integrated
delivery model across lines of service with the goal of addressing an organization’s strategic risk aligned with business
strategy. Cybersecurity is one of six firm-wide platforms. In 2019, investments were made in Labs and Experience centers and
onshore and offshore delivery center, acquiring talent in emerging technologies (AI, machine learning, analytics), co-source
and managed services and expansion of all service offerings.
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 8
Buyer Ratings Guide
Competitive Landscape
A new leader entrant is Kroll, a division of Duff & Phelps. Kroll brings a cyber risk management approach to clients around five
pillars of a “defensible security strategy.” The focus is on governance, policies, procedures, infrastructure, standards, people
and training. The firm provides actionable security insights with the belief that technology only accounts for 20% of the issue.
Traditionally more of a “response shop,” Kroll now goes to market with significantly more proactive offerings, and clients on
the buy-side find the firm to excel at both technical work as well as internal communications with management.
ChallengersMany of the firms in the Challenger differ only slightly from the Leaders, perhaps in their lack of an end-to-end approach, their
size and geographic reach or their focus on specific areas (such as managed services and incident response). Clearly, firms
like Herjavec, Optiv, IBM, Secureworks and Coalfire have deep expertise on the technology side and can skillfully respond
to events and investigate and detect incidents and threat intelligence. On the other end of the spectrum, BCG has built
strong assessment capabilities, thought leadership, and workshops to create awareness at the highest levels in the firm of the
importance of cybersecurity. BCG’s Platinion subsidiary does architecture design and works with CAST for lower level technical
work. FTI is putting together a deep bench of cybersecurity experts (many from the government), and is also focusing on ICS
in the near term as an emerging area. CrossCountry Consulting is a smaller firm with a mostly US focus, but what its relatively
small team delivers is impressive. Clients confirm that CrossCountry will go out of its way to make things work, create very
strong client relationships , and many hire CrossCountry over many of the larger, better known firms.
ContendersThe contender category firms all provide solid cybersecurity capabilities but currently do not share the same depth or
breadth in capabilities as their counterparts. In addition, these firms do not seem to be making the same level of investment
in their cybersecurity capabilities and may not be refreshing their offerings as frequently. Mandiant is seen by many as mostly
an incident response firm and R9B is focused on threat hunting. West Monroe Partners, focused on mid-sized firms and
headquartered in Chicago, does a great deal of work for private equity (due diligence pre and post) with a focused accelerator
for this purpose, Cybersecurity Advisory for Private Equity (CAPE).
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 9
Buyer Ratings Guide
Provider Capability Rankings
The figures below indicate the change in consulting providers’ ranks in terms of their overall capability depth, breadth, and
client impact. (See the Definitions section of this report for a detailed breakdown of underlying capabilities.) Ranking position
number one denotes the top-ranked provider.
Depth Breadth Client Impact
2018 2019 2018 2019 2018 20191 PwC PwC 1 Deloitte Deloitte 1 PwC Deloitte
Leaders
2 Deloitte Deloitte 2 PwC PwC 2 Deloitte PwC
3Booz Allen
Hamilton (Tied 3)
KPMG 3 EY EY 3 EY KPMG
Optiv (Tied 3) Accenture 4 KPMG KPMG 4 Booz Allen Hamilton Accenture
5 EY Booz Allen Hamilton 5 Crowe Accenture 5 KPMG EY
6 McKinsey & Company EY (Tied 6) 6 IBM CGI 6 McKinsey &
CompanyMcKinsey & Company
7 KPMG McKinsey & Company (Tied 6) 7 Booz Allen
Hamilton IBM 7 Optiv Booz Allen Hamilton
8 BCG (Tied 8) CrossCountry Consulting* 8 McKinsey &
CompanyMcKinsey & Company 8 Capgemini
Kroll, a division of Duff & Phelps*
Mandiant, a FireEye
Company (Tied 8)Kroll, a division of Duff & Phelps* 9 Capgemini Crowe 9 BCG CrossCountry
Consulting*
Challengers
10 Capgemini Herjavec Group (Tied 10) 10 Accenture Cognizant 10 Crowe BCG
11 Crowe (Tied 11) Optiv (Tied 10) 11 Cognizant Capgemini 11Mandiant,
a FireEye Company
Optiv
Protiviti (Tied11) BCG 12 BCG Kroll, a division
of Duff & Phelps* 12 Protiviti IBM
13 CGI Coalfire* 13 Bain & Company
Booz Allen Hamilton 13 CGI Crowe
14 West Monroe Partners Crowe (Tied 14) 14 CGI BCG 14 West Monroe
Partners Coalfire*
15 IBM IBM (Tied 14) 15 Protiviti Bain & Company 15 IBM Herjavec Group
16 Bain & Company FTI Consulting 16 West Monroe
Partners Optiv 16 Bain & Company FTI Consulting
17 FTI Consulting SecureWorks 17 FTI Consulting SecureWorks 17 FTI Consulting Capgemini18 Accenture Capgemini 18 SecureWorks Protiviti 18 Accenture SecureWorks
Contender
19 SecureWorksMandiant, a FireEye Company
19 Optiv Coalfire* 19 SecureWorksMandiant, a FireEye Company
20 Herjavec Group Bain & Company 20
Mandiant, a FireEye
CompanyFTI Consulting 20 Herjavec Group Bain &
Company
21 Cognizant Protiviti 21 Herjavec Group West Monroe Partners 21 Cognizant Protiviti
22 R9B West Monroe Partners 22 R9B Herjavec Group 22 R9B CGI
23 CGI 23 Mandiant, a FireEye Company 23 West Monroe
Partners
24 Cognizant 24 CrossCountry Consulting* 24 Cognizant
25 R9B 25 R9B 25 R9B*Not previously covered Source: ALM Intelligence
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 10
Buyer Ratings Guide
Rating Level Summaries
ALM Intelligence rates providers according to a three-level scale based on their relative breadth and depth of overall
capabilities. Each rating level corresponds to an area in the ALM Vanguard graphic bounded by a downward sloping line
designed to equate engagement models of different degrees of complexity.
Rating Level Providers Description
Leaders
Accenture Booz Allen Hamilton The leaders are at the top of the market in terms of their capabilities to create client impact through their depth of expertise and ability to deploy it across a range of engagement models. They are unique in their ability to independently execute a broad array of projects across the full spectrum of client contexts. They range from providers in the top quintile in terms of depth of capability for low-complexity engagement models to those that combine above average depth of capability with the ability to deploy it across high-complexity engagement models.
Deloitte EY
KPMG Kroll, a division of Duff & Phelps
McKinsey & Company PwC
Challengers
BCG Capgemini The challengers can execute end-to-end projects in low complexity engagement models or a substantial portion of project components in high-complexity engagement models. They range from those with above-average depth of capability for low-complexity engagement models to those that combine depth of capability between the bottom third and top half of the distribution, with the ability to deploy it in high complexity engagement models.
Coalfire CrossCountry Consulting
Crowe FTI Consulting
Herjavec Group IBM
Optiv Secureworks
Contenders
Bain & Company CGI The contenders can execute a substantial portion of projects in low-complexity engagement models or a single phase or project instance in high-complexity engagement models. They range from those with average depth of capability for low-complexity engagement models to those that combine depth of capability in the bottom third of the distribution with the ability to deploy it in high-complexity engagement models.
Cognizant Mandiant, a FireEye Company
Protiviti R9B (root9B)
West Monroe Partners
Source: ALM Intelligence
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 11
Buyer Ratings Guide
Leader Assessments
The ALM Vanguard of Cybersecurity Consulting Providers comprises the following Leaders.
Leaders Strengths
Deloitte
Deloitte’s Global Cyber Risk Services new go-to-market approach is that of Imagine, Deliver, Run. The focus is on simplifying the approach to cybersecurity by creating secure businesses, processes and controls, viewing cyber as the business enabler (Imagine) and enhancing and embedding needed technology through a strong ecosystem of partners. Deloitte’s storefront evolves as the market gets broader and deeper. The firm brings not just the cyber team to projects but other parts of the firm including industry expertise, risk side evaluation (M&A), human capital (culture/change management/workforce of the future) and more to create an integrated client experience. Current cyber capability focuses include Threat Intelligence 2.0, IoT (Cybersphere), Cloud, and Digital Identity. Cybersphere is Deloitte’s new destination in Washington, DC and Madrid utilized to explore a clients’ cyber challenges and to create, test and secure the future’s IoT innovations while working collaboratively to co-create the best business outcomes for clients.
Deloitte’s Enterprise Value Delivery (EVD) method, underpinned by agile and DevSecOps streamlines projects and includes templates, sample deliverables and accelerators.
Source: ALM Intelligence
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 12
Buyer Ratings Guide
The table below provides detailed capability ratings for Cybersecurity consulting providers. (See the Definitions section of this report for explanations of the capabilities.)
Provider Capability Ratings
Legend: Very Strong Strong Moderate Weak None
Provider Capabilities: Cybersecurity Consulting Discovery Design Delivery
Needs Assessment
External Market Insight
Internal Client Insight Strategy Operating
SystemManagement
SystemProject
ManagementClient
Capability Development
Enabling Tools
Accenture
Bain & Company
Booz Allen Hamilton
BCG
Capgemini
CGI
Coalfire
Cognizant
CrossCountry Consulting
Crowe
Deloitte
EY
FTI Consulting
Herjavec Group
IBM
KPMG
Kroll, a division of Duff & Phelps
Mandiant, a FireEye Company
McKinsey & Company
Optiv
Protiviti
PwC
R9B (root9B)
SecureWorks
West Monroe Partners
Source: ALM Intelligence
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 13
Buyer Ratings Guide
Best in Class Providers
Providers identified as best in class evidence deep capabilities in specific areas of Cybersecurity consulting and stand out from
their peers for their highly effective and often innovative consulting approaches and service delivery.
Capability Areas Provider Strengths
Operating System Deloitte
Deloitte’s new Imagine, Deliver and Run methodology provides the firm with a path to deploy client assets and processes once the strategy (Imagine) phase is completed. The Deliver phase is an iterative process that involves shaping the business model, branding and platforms to market-ready concepts. These are then tested for fit, agility and validity. During the Run phase, the implementation of agile operations begins at scale to create the business outcomes intended by the strategy (Imagine phase) with continuous learning and seeking areas of improvement at its core. Deloitte’s new Cybersphere provides a collaborative space to work on these initiatives with the client through all phases to ensure that the right assets and processes are deployed to implement the strategy.
Source: ALM Intelligence
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 14
Buyer Ratings Guide
Provider Briefs
Leaders DeloitteApproach Deloitte’s Global Cyber Risk Services are adapting to changing market dynamics with an approach that has moved from compliance to risk and now
to adapt to the complexity of the market with cyber embedded across all business functions, processes and controls. Deloitte’s new methodology is that of Imagine, Deliver, Run. The focus is on simplifying the approach to cybersecurity by creating secure businesses, processes and controls (Strategy, Secure, Resilient, Vigilant), viewing cyber as the business enabler (Imagine) and enhancing and embedding needed technology through a strong ecosystem of partners.
Deloitte’s storefront evolves as the market gets broader and deeper. The firm brings not just the cyber team to projects but other parts of the firm including industry expertise, risk side evaluation (M&A), human capital (culture) and more to create an integrated enterprise. Current cyber capability focuses include Threat Intelligence 2.0, IoT (Cybersphere), Cloud, and Digital Identity. Cybersphere is Deloitte’s new destination in Washington, DC, and Madrid, which is utilized to explore a clients’ cyber challenges and to create, test and secure the future’s IoT innovations as well as for working collaboratively to create the best business outcomes.
With Imagine, Deliver and Run, Deloitte’s approach begins with Imagine (the art of the possible), creating a customized approach for each client to create competitive advantage by leveraging new business models, forming new ecosystems and implementing new platforms to more effectively connect the organization with customers. These initiatives can be worked on collaboratively at Cybersphere. During the Deliver phase, Deloitte uses an agile, iterative, and responsive approach to concept refinement, prototyping and planning. The Cybersphere’s IoT studio can be used to develop and test new client innovations and security. During the Run phase, implementation is executed with the business transformation taking shape, being scaled and providing continuous learning for the organization. In the Cybersphere, the Run phase encompasses the Watch Floor, where threat monitoring and intelligence provide managed services to help clients detect and respond to industry specific threats in real time.
Delolitte’s Enterprise Value Delivery (EVD) method, underpinned by agile and secdevops is used to streamline projects and includes templates, sample deliverables and accelerators. The EVD method phases used for project management includes Prepare, Explore, Realize – Build Sprint Cycle; Realize – Test; Deploy; Run.
Deloitte engages each client with strategic and practical approaches that aim to include executive development, executive education, a lead client service provider, and the firm’s client excellence practice. Immersion experiences, subject matter experts and thought leadership (e.g., working with the World Economic Forum to define frameworks and industry standards) all drive the collaborative process. For instance, the firm’s 2019 Future of Cyber survey showed notable gaps in organizations’ abilities to meet cybersecurity demands and dissonance between what organizations aspire to versus their current cyber posture.
The firm’s long-term goals in cyber include focusing on its most strategic clients, innovation and offerings, expanding its market and geographic reach with continued investment, and expanding and diversifying its talent by staying ahead of the market. Pricing models are flexible with traditional models as well as subscriptions, retainers and value-based pricing based on outcomes as options.
Practice Structure
Deloitte provides cybersecurity consulting services through its Cyber Risk Services group, which is part of the Global Risk Advisory portfolio. Deloitte’s deep external ecosystems include strategic global alliances with IBM, Splunk, Forgerock, Okta, Symantec, SailPoint and CyberArk as well as other partnerships aligned to capabilities such as shield/vulnerability management platforms, cloud security platforms, digital identity platforms, and Fusion platforms. For example, Deloitte’s Fusion Managed Services will now partner with Splunk’s Phantom security platform to enhance its cyber defenses to more quickly detect and respond to threats. Technology platform ecosystems with SAP, Google (Google Cloud Partner of the Year in 2018), Oracle, AWS, Workday, Azure and Salesforce. This is in addition to innovation ecosystems in Silicon Valley, DC and Tel Aviv.
Deloitte also has more than 31 Cyber Intelligence Centers (CICs) globally and new Cyberspheres in DC and Madrid.Source: ALM Intelligence
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 15
Buyer Ratings Guide
Provider Briefs
Leaders Deloitte, Cont.Service Delivery Model
Deloitte has invested in and enhanced its capability and delivery model in several key areas, including Threat Intelligence 2.0, IoT, Cloud security and Digital Identity, all aligned to the Imagine, Deliver and Run methodology. Threat intelligence services offered include monitoring, collection and analysis of events, including cyber strategy and risk management, threat management, (monitoring, hunting, vulnerability management), cyber response (incident response and crisis management. The Imagine phase might include a package such as a threat intelligence feed, on-demand threat research or targeted external monitoring. The Deliver phase might encompass a package and training and content take-down, while Run could include a package intelligence capability build and training. Deloitte’s proprietary malware platform, CodexGigas, often is one of the first to identify external threats.
IoT at Cybersphere is where the IoT Studio tests security of connected devices that organizations’ manufacture and use on their networks. This is in addition to IoT managed services (application, platform, connectivity). Leading device security practices are also implemented at Cybersphere, which also serves as a secure location to test, analyze and pilot proprietary technology. Deloitte’s Turnkey IoT services serve as accelerators to deliver solutions in a sprint delivery model.
Cloud security and adoption to enable business objectives include agile cyber defense and cover the full lifecycle from business planning, risk management, design, regulatory requirements, operations, applications, services and infrastructure. During the Imagine phase, cloud strategy, risk assessment and readiness is looked at through potential business model disruption, business case, cloud sustainability and planning, and cloud native process and organization strategy. The Deliver phase might include application security and controls, SaaS implementation (ERP planning, CRM, human capital transformation), custom implementation with secdevops and cloud migration, a cyber risk transformation with custom transition, migration services, application modernization and managed services, and cloud enabled solutions such as Deloitte’s analytics platform, cloud solutions and Deloitte cloud. During Run, the client can employ Deloitte’s Cloud Managed Services (managed risk services).
Digital Identity now requires a reevaluation of traditional services, given changing market dynamics and the need to protect data everywhere. Deloitte provides a new turnkey identity solution providing clients’ with a cloud-first, user experience-oriented, agile, solution. The solution provides regulatory compliance with risk-based insights, industry specific use cases, analytics and reporting, scalable operating model and protectable SLAs.
In addition to these newer innovations, Deloitte provides significant other offerings and platforms including its traditional Cyber Strategy Framework (CSF), used to assess an organization’s maturity, controls, threats and capabilities. Content packs also enable the firm to conduct assessments against specific standards and provide a customizable dashboard. There are many “as-a-service” offerings, including GRC, and the firm has seen uptake in cyber resiliency with clients taking on simulations, playbooks and war gaming.
Deloitte’s Fusion Managed Services for managed threat detection and response bring industry-specific experience, human intelligence and emerging technologies to bear while the firm’s Managed Data Protection program helps clients to monitor, manage and mature their most valued data assets.
Deloitte’s Enterprise Value Delivery (EVD) underpins all delivery with the aim to deliver valuation solutions with speed, quality and consistency with significant project management monitoring.
In the next two to three years, Deloitte sees the next generation SOC 3.0 with AI capabilities built in and more predictive modelling and analytics. AI services are currently based in Canada and are being replicated globally.
Source: ALM Intelligence
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
Ente
rpris
e St
rate
gy
Corporate
Finance
Operating Model StrategyCustomer
Research &
Development
Supp
ly C
hain
Operations
Rewards
Management
Talent &
Workforce
Risk
Digital &Technology
BackO�ce
CorporateO�ce
FrontO�ce
MiddleO�ce
DefinitionsWhat is Cybersecurity Consulting?
Cybersecurity Consulting is part of Enterprise strategy
consulting forms parts of the management consulting
services directed at clients’ corporate office activities. Its
objective is to help companies set the policy guardrails
that direct the investments and activities of their
organizations.
Enterprise strategy consulting includes four services.
■ Business strategy and planning: establishes
companies’ fundamental value proposition in terms
of where to play and how to win.
■ Portfolio and capital strategy: addresses the
allocation and steering of company resources to
deliver its value proposition.
■ Strategic risk: identifies and manages risks that
could prevent the fulfillment of a company’s value
proposition.
■ Cybersecurity: identifies and manages the portion
of strategic risks associated with digitization, including
threats to information assets, infrastructure, and
applications.
© 2019 ALM Media Properties, LLC 16
Buyer Ratings Guide
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 17
Buyer Ratings Guide
DefinitionsConsulting Provider Capabilities
Capability Areas Capabilities Descriptions
Discovery
Needs Assessment
How does the consultant establish goals and objectives for the project and determine which stakeholders need to be involved from the client organization, consultant, and third parties?
External Market Insight
How do consultants’ knowledge and experience inform diagnostics through benchmarking and trend analysis?
Internal Client Insight
How does the consultant obtain internal client insights through data analysis and interviewing and workshops and incorporate them in diagnostics?
Design
Strategy How does the solution align with the client’s market, customer and product, and functional strategies?
Operating System
How are client information, physical, and people assets and processes configured to generate the value add intended by the strategy?
Management System
How are client resources mobilized, managed, measured, and motivated through governance, incentives, organizational structures, and performance management to execute the strategy?
Delivery
Project Management
How are activities sequenced and resources allocated, aligned, and coordinated to execute and sustain the solution?
Client Capability Development
How are client technical skills developed and mindsets and behaviors adapted to execute and sustain the solution?
Enabling Tools What consultant tools are used for diagnostic and design activities that support the client in executing, sustaining, and refreshing the solution?
Source: ALM Intelligence
Provider Capability Rankings Descriptions Depth: a measurement of a consulting provider’s strength based on its capabilities, including such factors as resources,
proprietary methodologies, and intellectual properties
Breadth: a consulting provider’s ability to deploy its capabilities in multiple client scenarios across industry sectors, geographic
regions, and interfaces with adjacent functional and technical capabilities
Client impact: a consulting provider’s capacity to get results for clients based on the combination of its capability depth and
breadth adjusted by the degree of engagement model complexity incurred by its breadth across industry sectors, geographic
regions, and interfaces with adjacent functional and technical capabilities
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
MethodologyOverview
ALM Intelligence has been researching the management, financial, and IT consulting industry for over 40 years, studying
the global consulting marketplace at multiple levels. The resulting market analyses help buyers of consulting services to
effectively target best in class providers, and help consulting providers to identify and evaluate business opportunities.
The proprietary research methodology comprises four components:
■ Extensive interviews with consulting practice leaders, financial analysts, consulting clients, and clientside industry experts
■ Data and background material from the proprietary library of research on the consulting industry and individual firms
■ Quantitative data collection from primary and secondary sources
■ Key economic data relevant to the sector(s) being analyzed
The research output for a project is derived predominantly from primary research.
Data is obtained through a centralized effort, with teams of analysts collecting, assessing, fact-checking, and refreshing
baseline information on leading consultancies and consulting markets. This information populates an extensive knowledge
base of consulting providers, widely regarded as among the most comprehensive in the world.
Working collaboratively, analysts narrow their research to the most discrete and pertinent intersection of consulting service/
industry/geography.
The experience and knowledge of the analyst team are critical to the success of these research endeavors. Directors and
associate directors average over a decade of consulting and/or analyst experience, with an emphasis on professional services.
Junior analysts typically bring an average of five years of consulting and/or analyst experience.
The group’s long-term relationships with consulting clients and industry leaders are based on trust and respect. ALM
Intelligence’s fundamental goal is to deliver objective assessments and insightful viewpoints on the management, financial,
and IT consulting market.
© 2019 ALM Media Properties, LLC 18
Buyer Ratings Guide
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
MethodologyHow We Evaluate Consulting Providers
ALM Intelligence’s goal is to deliver objective assessments
to help buyers of consulting services effectively identify and
maximize the benefits of working with best in class providers.
ALM Intelligence evaluates consulting providers with respect
to a particular consulting area in terms of the following
baseline criteria. The general criteria below are refined and
customized over the course of the research effort based on
input from clients and providers:
■ Consulting approach: What are providers’ points of
view on the root causes of client challenges? How do
those points of view inform choices about how best to
resolve them? How do providers view the intersection of
these needs and solutions with other consulting or non-
consulting offerings or cross-cutting themes?
■ Consulting organization: How do providers organize
and deploy their capabilities? What sort of consultants
and other human resources do they possess, and how do
they obtain and use them? What sorts of partnerships, collaborations, and alliances with external parties do they use to
bolster their capabilities?
■ Consulting service delivery model: How do providers deliver their services? Do they employ any particular processes or
methodologies, preconfigured tools, or other unique elements of service delivery? Do they follow any particular sequence
or direction in their service delivery? How do they measure outcomes?
■ Client pain points and needs assessments: What factors most influence successful engagements in the opinion
of clients? What capabilities do providers need to bring to their engagements to be compelling? What sources of
differentiation matter most to consulting buyers?
■ Future development: What investments are providers making or planning to make to enhance their future capabilities?
In addition to briefings with consulting buyers and providers, ALM Intelligence uses a mosaic approach to derive its findings.
This incorporates primary research conducted with industry practitioners, academics, and other experts and secondary
research on providers’ public information and other third-party sources of data and analysis.
Depth Breadth
AdjacenciesDelivery
Design
Discovery Geographies
Industries
Resources
Service Delivery
Strategy
OperatingModel
Source: ALM Intelligence
© 2019 ALM Media Properties, LLC 19
Buyer Ratings Guide
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 20
Buyer Ratings Guide
About ALM Intelligence
ALM Intelligence provides accurate and reliable market sizing and forecasts on consulting services worldwide, needs-analysis
and vendor profiling for buyers of consulting services, timely and insightful intelligence on the top consulting firms in their
respective markets, and operational benchmarks that measure consulting performance. ALM Intelligence’s research spans
multiple service areas, client vertical industries, and geographies. Our analysts provide expert commentary at consulting
industry events worldwide, and offer custom research for Management Consulting and IT Services firms. More information
about ALM Intelligence is available at www.alm.com/intelligence/industries-we-serve/consulting-industry/.
ALM, an information and intelligence company, provides customers with critical news, data, analysis, marketing solutions and
events to successfully manage the business of business. For further information and to purchase ALM Intelligence research,
contact [email protected], 855-808-4550.
Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions
© 2019 ALM Media Properties, LLC 33
Usage Inquiry GuidelinesThis ALM Intelligence Product has been made available to Authorized Users pursuant to your organization’s agreement to the ALM Media Customer Agreement or other applicable Licensing Agreement.
Unless authorized by ALM Media, Customer may not use the Product except as permitted by U.S. copyright law and the applicable Licensing Agreement.
For details and ALM Intelligence's full Usage Inquiry Guidelines, please contact your Client Service Leader or e-mail [email protected].
External Usage Permission External Usage Permissions can be obtained...
- by contacting ALM Intelligence for each usage episode (refer to Usage Inquiry Guidelines herein)
- by acquisition and purchase of a “Limited External Usage License,” which providesfor usage of Research contents in the marketplace
ALM Media Properties, LLC Contact: James Doyle – Strategic Account Manager – ALM Intelligence – ALM Media Properties, LLC [email protected]
150 East 42nd StreetMezzanine Level New York, NY 10017 USATel: +1.212.457.9171
EY Contact: Alexia O’Sullivan, Global Analyst Relations Director | Brand, Marketing & Communications - London, UK - Tel: +44 (0) 20 7980 0533 or e-mail: [email protected]
Buyer Ratings GuideEY - AUTHORIZED USERS ONLY
Deloitte Contact: Tracy Reagan, Associate Director, Global Analyst Relations Deloitte Touche Tohmatsu Limited – Boston Tel: 617-437-3927 or email: [email protected]
© 2019 ALM Media Properties, LLC 21
Buyer Ratings Guide