End-to-end data and privacy protection
Data, privacy, and security are constantly at risk in today's cybersecurity threat environment. Hackers and threat actors are becoming increasingly sophisticated as the frequency and precision of cyber-attacks continues to grow. At the same time, governments around the world are swiftly enacting regulations that are reshaping how data must be processed, stored, and protected. Every organization in every industry must face this reality—and do so now—or face the consequences of being left vulnerable or left behind by their competitors.
Ankura provides comprehensive, integrated cybersecurity and privacy risk services to help organizations face the global cyber threat environment and continually evolving regulatory landscape.
- GDPR Readiness Projects Delivered
- CCPA and Emerging US State Privacy Law Readiness Projects Delivered
- Vendor Due Diligence / Third Party Risk Management
Ankura develops, implements, and executes Third Party Risk Management Programs. This includes the development of workflows, assistance with inventorying and categorizing third parties, and the development of cybersecurity and privacy assessment forms and review protocols. Once the vendor due diligence program has been implemented, Ankura can manage the process on behalf of our clients. Ankura also can perform ad-hoc assessments on high-risk vendors to identify risk to the client.
- Interim and Fractional Leadership (Chief Information Security Officer (CISO) & Data Protection Officer (DPO))
We provide seasoned and certified cybersecurity and privacy leaders, many of whom are former security officers, on an interim or fractional basis to manage cybersecurity and data privacy risks and cost-effectively address the data protection needs of our clients.
- Compliance, Assessment, Risk Management, and Roadmap Development
We provide independent expert assessments of our client’s environments to support compliance and audit readiness for many of the most pervasive standards and regulations for cybersecurity and data privacy. Such assessments are then utilized to develop long-term roadmaps and project plans to address any risks or gaps.
- Technology Integration Services
Ankura works with a variety of cybersecurity and privacy management solutions to enable the implementation of an effective and efficient cybersecurity and/or privacy program. This includes working with privacy-enabling technology and cybersecurity technology such as Identity & Access Management (IAM), Data Loss Prevention (DLP), and Endpoint Detection & Response (EDR).
- Records and Information Management (Data Minimization)
Ankura develops records retention policies, and retention schedules, and then supports organizations with the implementation of an effective data minimization program. These projects can be tailored to focus on specific high-risk repositories or for data minimization processes which are then leveraged by client-side system owners.
- Resiliency Planning and Testing
Ankura works with its clients to plan, build, and test resiliency within its organization across the enterprise and its critical systems and assets – including hands on technical testing as well as procedural and process reviews as tabletop exercises.
- Offensive Security Services
Ankura’s comprehensive offensive security services involve thorough evaluations of digital infrastructures. Our services encompass penetration testing, social engineering, and purple/red teaming. All of these services are designed to replicate real-world attack scenarios for vulnerability identification with the intent of maturing the organization’s security program. The resulting insights provide practical suggestions to bolster defenses and enhance overall cybersecurity posture.
- Data Mapping and Privacy Impact Assessment Services
Ankura provides data mapping/data inventory services along with privacy impact assessment implementation to meet regulatory requirements and serve as a building block for future data privacy modernization efforts.
- Cookie, Pixel, and Tracking Technology Implementation and Support Services
We provide cookie/pixel identification and quantification on current websites and prior versions of websites using digital archive tools. Ankura will review the configuration of pixels to assess the likelihood of personal data collection via review of tag managers or other relevant business manager accounts. We will advise outside counsel, corporate marketing teams, and in-house counsel on the technicalities of cookies, pixels, and other tracking technologies on both websites and mobile applications.
- Mergers and Acquisition Diligence and Portfolio Management Services
Ankura supports organizations and investment firms as they execute mergers and acquisitions. From performing the initial cybersecurity, IT, and privacy due diligence pre-acquisition, to managing remediation items post-close, Ankura can support cybersecurity and data privacy operations through the entire deal lifecycle.
- Secure Cloud Services
Ankura’s tailored solution to secure clients’ cloud environment and to address any regulatory and compliance needs. Our solutions range from helping clients build compliance programs for FedRAMP, International Organization for Standardization (ISO), Service Organization Control Type 2 (SOC2), Health Insurance Portability and Accountability Act (HIPAA) etc. to identifying security misconfigurations, securing workloads, and securely managing Continuous Integration (CI)/ Continuous Delivery Continuous Delivery (CD) pipelines.
- Policy and Procedure Development & Implementation
Ankura works with clients to develop and expand their cybersecurity and data privacy documentation. This includes privacy notices, overarching cybersecurity policies, technical Standard Operating Procedures (SOPS) for access management, data management, etc., and response policies such as Incident Response and Business Continuity Plans. We will also then work with our clients to operationalize such policies and procedures.
Our Latest Thinking
Global Defense Contractor
Delivering Privacy by Design
Ankura evaluated and redesigned a global defense contractor’s privacy program to incorporate International Traffic in Arms Regulations and Export Administration Regulations standards and comply with Department of Defense cybersecurity incident reporting requirements. Our team also developed and implemented an insider threat detection program.
The Ankura Difference
Our cybersecurity experts are accomplished engineers and developers. We specialize in network and application security reviews, using ethical hacking to demonstrate internal or external compromise vulnerabilities empirically. Our solutions are scalable, innovative, vendor-agnostic, and custom-tailored to fit each client’s specific risk appetite and resource restrictions. With more than 200 cybersecurity programs implemented and 100 data privacy programs delivered in more than 40 countries, our diverse team has a global footprint with regional expertise to support clients in addressing current and future risks while meeting long-term business goals.