Sparx Solutions invests in automation to improve third-party security

As cyberattacks become more sophisticated, organisations face greater challenges in navigating the complexities of digital transformation while trying to keep their data and people secure.

Sparx Solutions co-founder Mario Antoniou spoke with ARN about how some organisations were still using spreadsheets to manage third-party risks.

“They rely on manual processes to collect information about their suppliers’ security controls,” said Antoniou. “What we’re helping clients with is transitioning to automated systems like ProcessUnity, which takes away the administrative burden of spreadsheets and allows them to focus on managing the actual risk.

“They’d send a spreadsheet to a supplier, which they or an external consultant had developed, and it was a very manual process to collect information on security controls.”

According to Antoniou, Sparx Solutions enables customers to “accelerate from a manual process to an automated one,” allowing organisations to prioritise supplier risk management rather than getting bogged down in spreadsheet administration and data collection.

“What we’re seeing is a push toward introducing not just tools, but a framework that is strongly underpinned by a robust risk management approach,” he explained. “This helps introduce efficiencies within organisations.

This will help organisations improve efficiency for example organisations are focusing on their budgets and they’re looking for ways to optimise existing processes, often through technology, which not only improves efficiency but also enhances their security posture, Antoniou explained.

Expanding partnerships

In early February, Sparx Solutions and its partner Process Unity were chosen by the Victorian government as its third-party risk management supplier for its cyber security state purchase contract (SPC).

At the time ARN reported the services were previously provided on a bespoke basis to specific agencies.

“This new approach centralises the management of third-party data Victorian wide approach to third party risk management, which includes highly secure sharing of the risk profile of third parties dealing with [the] Victorian government between agencies,” said Antoniou.

“This would save official time, reduces risk and protects agencies from third party risks — an issue which has become more prevalent in recent years around data protection.”

This partnership with process unity, according to Antoniou, is where the service provider was able leverage a partnership “to build a practice out of the capability”.

“This discussion was born out of the Victorian Government state purchase panel arrangement that we both have been awarded recently,” he said. “We’re taking that capability and replicating that into other sectors that are under the critical infrastructure like healthcare, financial, insurance, utilities.

The partnership with Process Utility is just one form of partnering that Sparx Solutions invests in.

According to Antoniou, from his own personal experiences also sees value in partnering with other organisations that can help add value to its clients or provide expertise in a certain area that its clients would like.

“I also attend those events that you’re talking about, which are generally hosted by our vendor partners, where we sit around the room and discuss how we can develop our service offering to better add value for our clients. I’m more than happy to do that,” he said.

“From my perspective, I think those conversations are very constructive in allowing us to create more value for our clients.

“Looking at how we can better provide value and working with our solution partners is a positive thing, rather than not talking to other MSPs in our industry.

There can be value in the insights gained from the different experiences of other MSPs and insights into some of the challenges.

“Ultimately, everyone benefits from these experiences, and of course, we’re not sharing any sensitive customer information,” Antoniou said. “It’s more about use cases or scenarios where we can try to bolster the level of service and value.”