“Our Mission Is to Let Any Cloud Company to Access the Advantages of a Professional CISO”
Yaron Chelouche, CEO of Chalir, explains why the CISO as a Service model outperforms an internal cyber team, especially for cloud-based companies, that face complex challenges in terms of privacy and regulatory compliance. Yaron explains how this model can save money in the long run.
It’s clear that an information leakage event can severely harm the reputation and growth of any commercial company and lead to high costs as a result of such damage. This truism causes organizations to invest more and more resources in cyber and information security systems. However, coping with cyber events becomes increasingly challenging and complex for companies operating in a cloud environment. The cloud infrastructures are more complex and require meticulous handling of privacy and compliance aspects. In fact, given the scope of threats, many companies today are contractually and regulatorily required to comply with stringent information security standards and to meticulously safeguard the sensitive information they hold.
“Cloud-based companies must face the information security challenge on a wide front”, says Yaron Chelouche, founder and CEO of Chalir, an Israeli company offering virtual information security management as a service, also known as CISO as a Service. “Not only do cyber threats and regulatory compliance requirements change constantly, the combination of cloud infrastructures with sensitive information and privacy standards complicates the situation further. Beyond that, the transition of companies to telecommuting significantly increased the organizations’ exposure profile.
“Here we come into play with a service intended for cloud and SaaS based companies, offering access to a team of experts and wide knowledge in the domain of information security, significantly saving time and reducing costs compared to recruiting an organic full-time CISO.”
Why is an external CISO better than an internal one?
“Organizations have a tough time recruiting cyber professionals, and an even tougher time retaining them. Additionally, the Chalir model enables companies to leverage access to an array of varied experts, at any given time, especially as their business needs increase. An organic information security manager will find it difficult to do so. Chalir provides a comprehensive CISO service solution, with access to varied specializations in the worlds of cloud information security, including privacy and regulatory compliance, all in a virtual and frugal manner”.
Long-term savings, flexibility, and visibility
Yaron Chelouche began his career in Amdocs Israel, where he managed several business units. Afterwards, he served in several senior positions at Amdocs inc, where he oversaw the development of services and products in the technological and cyber domains for Fortune 500 clients. In 2019 he established Chalir. The company’s offices are in Binyamina, Israel, and it has a branch office in Dallas, Texas. Chalir’s clients include technological product companies managing sensitive information in varied fields.
What does CISO as a Service include?
“This is a wide, comprehensive service provided on a monthly basis, including a security manager and a virtual cyber team, covering all of the organization’s needs – from formulating an information security strategy, through managing cloud information, including preparation and implementation of security program work plans, to complying with information security and privacy standards.
We begin with a comprehensive risk gap assessment, continue by analyzing the organization’s specific needs, and match an information security manager and a virtual cyber team (vCISO) for the client along with a security program work plan. Our work plan weighs the organization’s information security gaps together with all the relevant threats and the regulatory requirements. We develop our strategy into tactics, and only after formulating our strategy we decide on the solutions that must be acquired. All of this is easily accessible on our unique platform, which we have developed for our clients”.
From the client’s perspective, what are the benefits they can gain from this service?
“In my understanding, the service we provide has three primary benefits: the first is access to a CISO with expertise in the domains of cloud, privacy, and regulation. The second benefit is flexibility and adaptation to the client’s needs. We develop and implement a security program plan specifically tailored to each client’s business and technological needs to achieve fast results with significant mitigation of threats. Furthermore, in this context – the client can leverage its information security when the business grows. When you employ one person, they might lack the capacity to perform all the activities.
A third benefit is related to the company’s security posture. Our service helps companies position themselves with an enhanced information security level so that their clients feel secure doing business with them. This is particularly important today, especially when working with global companies. One must understand that in today’s digital business arena, information security does not only mitigate threats, but also contributes to the company’s business capabilities and growth. Our capacity to handle security and privacy provides our clients with a peace of mind and an ability to focus on their business.”
What about financial savings?
Savings are achieved with time. We combine a quantitative approach, permitting our clients to focus on the important domains in accordance with their budget and risk level. This approach can help save up to 50% in costs compared to recruiting and training internal teams.
Where do you go from here – would you like to remain a boutique company or grow?
“Since the company was founded in 2019, it grew rapidly and today it provides services to tech and start-up companies, especially cloud and SaaS based companies working in complex technological environments. At the same time, our capability to provide a high standard of service, aligning with business and technological needs, enabled us to expand our activity to the US market, and we will keep doing so. As for your question, our intention is indeed to grow”.