PwC Brazil

Introduction of LGPD and COVID-19 pandemic highlighted lack of security

In recent years LGPD, Brazil’s answer to Europe’s GDPR data privacy law, has come into effect. This has really highlighted security as a strategic initiative for many Brazilian organizations. Mobile devices, cloud computing, and other technological advances have expanded the traditional perimeters of IT risk, information security, and privacy. With increasing global connectivity comes an exposure to cyber risk and companies need to take new steps to protect themselves and meet new regulatory requirements.

Fernando Mitre, Partner, Cybersecurity & Privacy with PwC Brazil explains further: “Developing strategies to address innovative technologies, cyber threats, and privacy issues is more important than ever. The maturity levels surrounding cybersecurity in Brazil in few organizations were low. During the COVID-19 pandemic many companies, especially our healthcare clients who were particularly hard hit, just did not have the infrastructure in place to properly protect their systems and data from harmful intent. Thankfully, the solution that we had already built on CyberRes technologies was extremely relevant even during the pandemic and could be easily extended to such customers: PwC Brazil partners with key security solution providers, including Micro Focus CyberRes (now OpenText Cybersecurity), to create our own Security Operation Center (SOC) where we can offer our clients a full cybersecurity program.”

Great ArcSight data compression ratios means that we can process higher event volumes per second helping our clients save data storage and networking costs, resulting in lower total cost of ownership.

ArcSight and fortify part of flexible managed services offering to support PwC clients

The PwC Brazil SOC is completely flexible and works around clients’ requirements. Some clients may already have part of their security infrastructure or expertise in-house and if so, PwC Brazil will work with this and incorporate it into their comprehensive offer including full governance, vulnerability management, risk reporting, and forensic security investigations. For other clients, a turnkey solution backed up with PwC security expertise is more appropriate. ArcSight Enterprise Security Manager (ESM) by OpenText delivers real-time threat detection to the SOC which is a key part of the overall offering. ArcSight Logger by OpenText is part of the solution too and provides comprehensive security event log management. Fortify Static Code Analyzer by OpenText is used in the application development lifecycle, to ensure that any vulnerability issues are identified early so that they can be fixed before causing issues in a production phase.

“Our SOC works together with other service divisions within PwC Brazil, for instance in the application testing and IT operations management area, where other Micro Focus (now part of OpenText) solutions are in use,” comments Mitre. “Recently, we collaborated when one of our healthcare clients had a COVID-driven requirement to increase its telemedicine offering. This needed not only infrastructure and application security, but we were also asked to load test the proposed solution to make sure that it could manage the expected volumes. We leveraged Micro Focus (now part of OpenText) LoadRunner Professional as well as Fortify to execute performance & security tests. By emulating real-world network conditions, we could create a realistic simulation to ensure the architecture would be fine.”

Some healthcare clients ran into trouble when opportunistic criminals took advantage of weaknesses security during the pandemic, as Mitre recalls: “A major hospital was in the midst of trying to help as many COVID-19 patients as possible when they were the victim of a ransomware attack. All their systems were completely shut down which essentially means they could not operate as a hospital anymore. We received an urgent call and the PwC Incidence response team comprising of over 30 consultants & SOC analysts helped contain, eradicate & recover from the attack. The lessons learned helped protect other client systems that were monitored through the SOC”

Strategic alliance delivers reduced TCO and has room for expansion

PwC SOC clients are clear about the benefits of the SOC solution, according to Mitre: “Great ArcSight data compression ratios mean that we can process higher event volumes per second while helping our clients save data storage and networking costs, resulting in lower total cost of ownership.”

The strategic partnership between PwC Brazil and OpenText™ was highlighted in the initial negotiations. Brazil has at times, volatile local economy which plays havoc with currency exchange rates. Thanks to the flexibility of the OpenText™ Cybersecurity team a mutually beneficial agreement was reached with different pricing and licensing models for the various PwC customer scenarios. PwC also appreciates the expertise of the Micro Focus CyberRes (now OpenText Cybersecurity) team. “We have a great train-the-trainer system where the Micro Focus CyberRes (now OpenText Cybersecurity) team share new training materials and expertise so that we can package it for delivery in Portuguese to our own teams, ensuring we give our clients fully up-to-date information and technology,” says Mitre.

He concludes: “With the introduction of LGPD in Brazil, we have started our journey on data privacy and are looking to expand our SOC with data discovery and masking capabilities. Micro Focus CyberRes (now OpenText Cybersecurity) has fantastic offerings in this area: Structured Data Manager and File Analysis Suite. We are currently exploring adding these into our strategic alliance program.”

We have a great train-the-trainer system where the Micro Focus CyberRes (now OpenText Cybersecurity) team share new training materials and expertise so that we can package it for delivery in Portuguese to our own teams, ensuring we give our clients fully up-to-date information and technology.