| ▲ | alephnerd 5 days ago | |
This isn't an offshore situation though. I've worked with Allianz's cybersecurity personas previously on EBRs/QBRs, and the issue is they (like a lot of European companies) are basically a confederation of subsidiaries with various independent IT assets and teams, so shadow IT abounds. They have subsidiaries numbering in the dozens, so there is no way to unify IT norms and standards. There is an added skills issue as well (most DACH companies I've dealt with have only just started working on building hybrid security posture management - easily a decade behind their American peers), but it is a side effect of the organizational issues. | ||
| ▲ | insomniacity 5 days ago | parent [-] | |
> They have subsidiaries numbering in the dozens, so there is no way to unify IT norms and standards. That is their choice though - they could setup a technology services subsidiary, and then provide IT services to the other subsidiaries, transparently to the end users in those subsidiaries. | ||