Customer Success: Technology Company Evolves, Expands and Matures Security

Customer Success Story: Nuance Communications

Hi, my name is Mark Gilman. I’m a Security Manager at Nuance Communications focusing on governance risk and compliance programs. The security team at Nuance is pretty comprehensive. We have a global Protective Services team, we have a security engineering and a product security team. We have a security operations center and a governance risk and compliance team that primarily focuses on risk management and certification programs.

We are a shared services model here at Nuance Communications where we provide these services to all the organizational stakeholders and consult with them as needed. Nuance is a fairly complex environment as we grow through acquisition over the past 20 years or so. And we have a pretty robust product and service line.

Our security team and services continue to expand and mature as we have programs covering physical security, product security, security operations, security, engineering, forensics, sales enablement, and GRC.

One of the primary challenges we were facing at Nuance was centralization, standardization and documentation of processes across the various business units and functions. Over the past few years or so our leadership team made it a priority to simplify the business by addressing these issues and continue to make progress on maturing these activities.

Historically, visibility has been a major challenge for Nuance in the security team. However, visibility has drastically improved through various asset management and discovery initiatives. Prior to working with GuidePoint Security, I relied heavily on IT professionals to learn the different technology stacks, as the companies have historically worked for had really small security teams or integrated security and IT teams working with GuidePoint. They’ve helped me develop that security network. They’ve helped me understand and navigate the vendor landscape. And they’ve also helped me connect with the right people to understand the security expertise I need to be successful in my role.

My partnership with GuidePoint started about six years ago, I actually remember the day I was doing a security strategy development session on a whiteboard with Bill Malone, our sales rep. From there over time, I’ve worked with different team members and functions at GuidePoint. Our relationship with GuidePoint has evolved over the past six years. They originally started out as a consultant. And over the years I’ve learned the stakeholders and the different team members. It’s become more than just the professional relationship. They’re family and I know we can count on them.

At this point, I’m pretty sure I’ve used all GuidePoint’s services from pen testing to vendor management to staff coming in and helping us build programs. A recent example of that was we adopted a HIPAA Security Compliance Program. The GuidePoint team has helped me to develop that program, to perform risk assessments and to communicate the results of those assessments to our executive team.

I meet with the GuidePoint team on a weekly basis. We’re constantly talking about problems, tools, technologies and how their other customers are addressing some of the same problems that the Nuance team has.

Currently, they’re working with us on our security risk management program and cloud security strategy program. They have helped us with the framework, the structure, the policies, procedures and standards that are associated with this program as well as board level reporting templates.

I believe GuidePoint’s unique because they have subject matter experts in each security domain area. They understand the landscape as well as they build a relationship with you and your team to understand what your problems and challenges are as well as help you develop strategies to achieve and address them.

As it applies to our strategy,  GuidePoint is our constant consultant. They provide us with input and guidance on security best practice frameworks as well as standards and technologies that can help us achieve our goals. They’re always there to help us as well as to help develop our future state roadmap for our programs.

GuidePoint Security delivers. They’re there when we need them. Recently, we needed their help on some third party audits. They came in and helped us perform the audits, provided risk feedback, as well as spoke with our leadership team to help give them guidance on how to manage these relationships moving forward. My relationship with GuidePoint is that they are basically family. They’re always there when I need them. I can just call up Zach when I need some information on tools, services and strategy. At the end of the day GuidePoint is always there. They’re there to help and that’s how they add value.