Book a strategy Call

Unlock this content

To unlock this content please submit the form.

Yes, I want to unlock this content

Bright Visuals

Bright Visuals is a globally active film production company working across advertising, architecture, music, and art – with entities spanning Bright Visuals, Shine, and HumanHue. No dedicated IT staff. 30+ SaaS tools. 50+ endpoints. And nine critical security gaps that no one knew existed – until Benchmarked mapped them all.

Get a Demo

Securing a Global Creative Studio Without Slowing It Down

9 Critical Gaps Found. Roadmap Delivered. 25% IT Costs Saved.

Benchmarked conducted a COBIT-aligned IT and security assessment across Bright Visuals’ entire digital operation – inventorying devices, auditing applications, evaluating workflows, and identifying nine specific cybersecurity vulnerabilities ranked by impact and likelihood. Then we built a right-sized protection plan that improved security and cut IT costs simultaneously.

Bright Visuals

9 Critical Vulnerabilities Identified and Closed From shared admin credentials and zero MFA to unprotected endpoints and unclassified data — every gap mapped, prioritized, and remediated with Bright's budget and team capacity as real constraints.

25% Monthly IT Savings From Software Consolidation Alone Unused licenses, redundant tools, duplicate systems, and legacy maintenance eliminated — proving that better security and lower cost aren't competing goals. They're the same goal.

100% Business Continuity From Zero Protection to Full Coverage Bright Visuals had no disaster recovery, no backup strategy, and no plan for a worst-case scenario. Now they do — with systems and procedures ensuring the business survives anything.

Why Creative Companies Are Uniquely Vulnerable

Bright Visuals produces world-class visual content for global brands. Their teams are agile, distributed, and tool-heavy. They operate across multiple entities, collaborate with external partners constantly, and rely on dozens of SaaS platforms to keep production moving.

That profile - fluid, fast, creative - is exactly the profile that accumulates invisible security debt.

The Real Risk

Creative Chaos Hides Real Exposure

Together, these nine gaps created compound risk that extended far beyond IT:

  • Client trust and contractual liability - Bright works with global brands. A breach exposing client content or contracts could destroy relationships and trigger legal action.
  • Ransomware with no recovery - with no backup or disaster recovery, a single ransomware event could permanently destroy production assets, in-progress projects, and years of archived work.
  • Credential compromise cascade - shared admin passwords and zero MFA meant one phished credential could grant access to email, file storage, production systems, and client communication simultaneously.
  • Regulatory exposure - GDPR applies across Bright's European operations. Unclassified, unprotected personal data in shared drives is a compliance violation waiting to be triggered.
  • Invisible cost waste - 30+ tools with no central management meant duplicate subscriptions, unused licenses, and per-seat charges for people who no longer work there.

The Problem

Lights, Camera… Cyber Risk

Bright Visuals had no dedicated IT personnel. Infrastructure and cybersecurity were managed on a best-effort basis by the team itself. Despite using solid commercial platforms - Google Workspace, Synology NAS, LastPass, Shopify - the way these tools were configured, connected, and governed created serious exposure:

  • No multi-factor authentication. Every account across every platform was protected by a password alone. No MFA. No conditional access. No zero-trust architecture. A single compromised credential could cascade across the entire environment.
  • Shared administrator credentials. Critical systems were accessed through common admin accounts with generic passwords - meaning no individual accountability, no audit trail, and no ability to revoke a single person's access without disrupting everyone.
  • Zero endpoint protection. 50+ employee devices - MacBooks, iMacs, mobile phones - had no EDR, no antivirus, and no centralized management. If a device was compromised, no one would know.
  • No disaster recovery or backup strategy. Bright Visuals had zero protection against a worst-case scenario. A ransomware attack, hardware failure, or accidental deletion could destroy production assets and client deliverables with no recovery path.
  • No patch management. Operating systems, applications, and browser extensions were updated (or not) at each individual's discretion - leaving known vulnerabilities unpatched across the fleet.
  • Unclassified data across shared drives. Client contracts, financial documents, creative assets, and personal information sat side by side in shared Google Drive folders - with no classification, no access controls, and no data loss prevention.
  • No formal onboarding or offboarding. When someone joined, they received ad hoc access to whatever tools seemed relevant. When someone left, their access often wasn't revoked - across any platform.
  • 30+ SaaS tools with no central visibility. Across creative, collaboration, marketing, admin, AI, and communication categories - no one had a complete map of what tools existed, who had access, what they cost, or whether they were still needed.
  • Unsecured physical and virtual access to production assets. Client deliverables, raw footage, and production files were accessible without proper controls - exposing Bright to both IP theft and client contractual liability.

None of this was negligence. It was the natural result of a creative company growing fast and focusing on the work - which is exactly what they should be doing. But the cumulative risk was significant, and invisible.

The Solution

COBIT-Aligned Assessment + Right-Sized Protection

Benchmarked conducted a structured assessment covering Bright's entire digital operation - then delivered two tailored solution options designed around their actual team size, budget, and technical maturity.

Full-Scope IT & Security Assessment

  • Inventoried 50+ employee devices (MacBooks, iMacs, mobile phones) - documenting OS versions, security state, and management status
  • Mapped the complete application landscape: 30+ SaaS tools across creative, collaboration, admin, marketing, cloud, AI, and communication categories - with licensing costs, user counts, and support burden for each
  • Evaluated business workflows: onboarding, offboarding, project sharing, client communication, and file management - identifying where security gaps intersected with daily operations
  • Identified and ranked nine specific cybersecurity vulnerabilities by impact and likelihood - giving Bright a clear, prioritized risk register rather than an overwhelming list of theoretical concerns
  • Aligned all findings to the COBIT framework — ensuring recommendations were structured, defensible, and aligned to international governance standards

Application Ecosystem Mapping & Rationalization

  • Created a complete map connecting every SaaS tool to its business function, department, entity (Bright Visuals, Shine, HumanHue), and cost
  • Identified redundancies: duplicate tools performing the same function, unused licenses still billing, and legacy subscriptions no one remembered signing up for
  • Delivered 25% monthly IT cost savings through consolidation, license optimization, and elimination of redundant systems - funding a significant portion of the security improvements
  • Created a living application inventory with ownership, renewal dates, and access policies - replacing the "nobody has a full view" problem with permanent visibility

Core IT Hardening

  • Enabled MFA across all critical platforms - eliminating the single-password-only vulnerability that exposed every account
  • Implemented Microsoft Entra ID for centralized identity and access management — replacing shared admin accounts with individual, role-based access across all systems
  • Deployed Microsoft Defender for Endpoint across all devices - bringing 50+ unmanaged endpoints under centralized EDR protection with real-time threat detection
  • Introduced password rotation policies and IAM tooling — replacing static, shared credentials with managed, auditable access
  • Implemented data classification and DLP (Data Loss Prevention) tooling - ensuring sensitive client contracts, financial data, and personal information are identified, labeled, and protected against unauthorized sharing
  • Established SSO (Single Sign-On) across integrated platforms - reducing credential sprawl and enabling instant access revocation when someone leaves

4: Business Continuity & Disaster Recovery

  • Designed and implemented Bright's first-ever disaster recovery and backup strategy - covering production assets, client deliverables, email, and business-critical data
  • Established automated backup procedures with defined RPO (recovery point objectives) and RTO (recovery time objectives) - ensuring Bright can recover from any scenario: ransomware, hardware failure, accidental deletion, or natural disaster
  • Moved Bright from zero business continuity protection to 100% coverage - the single highest-impact improvement in the engagement

5: Operational Process Improvement

  • Designed standardized onboarding and offboarding procedures - ensuring new team members get exactly the access they need on day one, and departing team members lose all access immediately
  • Created structured workflows connecting tools to business processes: Notion for project management, Mailchimp for marketing, Google Workspace for collaboration - with clear ownership and access policies for each
  • Aligned all applications with departments and business entities - ensuring Bright Visuals, Shine, and HumanHue each have appropriate access boundaries while sharing what needs to be shared
Bright Testimonial

"Matt and the Benchmarked team have been a game-changer for Bright. Their expertise keeps our business and client data secure, giving us peace of mind. With their proactive approach, we can focus on growth without worrying about IT security. Highly recommend!"

Matej Marinko, CEO Bright

THE RESULTS

  • 9 critical security vulnerabilities identified, prioritized, and closed - from shared admin credentials to zero endpoint protection to absent disaster recovery
  • 25% monthly IT cost reduction through software consolidation, unused license elimination, and redundant system removal
  • 100% business continuity coverage - from zero backup and zero disaster recovery to full protection with defined RPO/RTO
  • MFA enforced across all critical platforms — eliminating the single-password exposure that threatened every account
  • Microsoft Entra ID deployed for centralized identity and access management - replacing shared admin accounts with individual, auditable access
  • Microsoft Defender for Endpoint protecting all 50+ devices - real-time threat detection where none existed before
  • SSO and DLP implemented - reducing credential sprawl and preventing unauthorized data sharing
  • Standardized onboarding/offboarding - access is granted by role and revoked instantly at departure
  • 30+ SaaS tools mapped, rationalized, and governed - with a living inventory replacing the "nobody has a full view" problem
  • Creative workflow preserved and improved - security improvements reduced friction rather than adding it

Talk to a benchmarked Expert

logo-disney
logo-sidra
33
logo-ejet
22
logo-inn
logo-margento
logo-rmi
Book a free strategy call
false

↳ Cyber Control

Take control over your Cyber Security, Compliance & IT

↳ Cyber MBA

Build awareness, strengthen human defense, and develop cyber talent.

↳ Cyber Partner

Co-build new products and ventures. Turn ideas into scalable businesses with speed and precision.

↳ Explore All Divisions

Explore our ecosystem of solutions.
Book a strategy Call