Client: OneAdvanced
Industry: Business Management Software & Solutions
Solution: Google SecOps Enterprise and Google Threat Intelligence
Objectives: Visibility, Transparency, Active Response, Partnership, Automation.
OVERVIEW
Securing the digital backbone of the UK’s critical services
OneAdvanced, one of the UK’s largest providers of business software and digital services, supports millions of users across critical industries—from the NHS and Department for Work and Pensions to leading names like Virgin Money, Irwin Mitchell, and London City Airport. With over £330M in annual turnover, their solutions impact 40 million lives daily and are foundational to everything from 111 calls and higher education learning to retail operations and legal services.
In a climate of heightened threat levels, OneAdvanced recognised the importance of enhancing their already comprehensive and rapidly improving cybersecurity posture.
“We weren’t looking for another big vendor. We needed a partner who would listen, advise, and roll up their sleeves alongside us. Reliance Cyber brought exactly that.”
Paul Baird, Director of Cyber Security Operations & Engineering, OneAdvanced
Their goal was not simply to just deploy more tools, but to find a strategic partner that could offer agility, tailored expertise, and support in embedding their security-first culture even deeper across the organisation. Reliance Cyber became that trusted partner, complementing the impressive work OneAdvanced was already doing.
The challenge
By early 2023, OneAdvanced was already progressing on a path of cybersecurity maturity. Their internal team was skilled, and they had a robust security model in place, but they saw an opportunity to further enhance their capabilities.
They sought to refine their toolset, align their Security Information and Event Management (SIEM) solution with their future strategy and vision, and alleviate some of the strain on their internal Security Operations Center (SOC) resources. With regulatory scrutiny intensifying and cyber risk climbing the board agenda, the team proactively sought to elevate their security architecture.
Rather than seeking short-term fixes, OneAdvanced’s leadership was committed to building a best-in-class, cohesive security architecture.
They aimed to streamline operations and find a long-term partner capable of supporting their strategic growth and ongoing transformation.
“We had capability—but we wanted it to be even more aligned and agile. We needed an MSSP that could deliver detection and response at a faster pace, guide our strategy, and further enhance how our internal team operates. Reliance Cyber has done exactly that.”
Choosing the right partner
OneAdvanced conducted a comprehensive RFP process involving more than 15 providers. Despite initially leaning towards a Microsoft Sentinel architecture, Reliance Cyber’s proposal—anchored in Google SecOps SIEM and a true hybrid MSSP delivery model—stood out as the ideal solution to build upon OneAdvanced’s existing foundation.
“From the outset, Reliance challenged our thinking in the best possible way. They understood our complexity and brought ideas that made things simpler, not harder. The Google approach was refreshing – and they backed it up with real-world know-how.”
Simon Riggs, Chief Information Security Officer, OneAdvanced
Google SecOps offered a radically simplified deployment model that was perfectly suited to OneAdvanced’s sprawling multi-tenant environment, saving both time and cost. With ingestion fees nearly 50% lower than Sentinel and a 12-month retention window (versus three months), the benefits were both operational and commercial.
But it wasn’t just about technology…
Embedding a partnership
From day one, the relationship between OneAdvanced and Reliance Cyber has been grounded in transparency, joint problem-solving, and regular face time. Reliance Cyber’s team seamlessly integrated with OneAdvanced’s internal staff, functioning as a direct extension of their cyber team rather than an external vendor.
With weekly calls between Leadership teams during onboarding, live chat groups between SOCs and collaboration between engineers from each side, the services went from baseline to mature within weeks.
“This doesn’t feel like an outsourced relationship. We have had everyone from their board to engineering and service delivery on-site with us, working shoulder-to-shoulder.”
Paul Baird
Weekly partnership meetings, cross-functional strategy days, and joint roadmap sessions have shaped the ongoing programme of work. Reliance Cyber’s SOC analysts, consultants, and technical leads engage directly with the OneAdvanced team, creating a seamless workflow that empowers the Director of Cyber to focus on strategic initiatives rather than day-to-day issues.
“They’re not just responding to tickets, Reliance Cyber is helping shape our future security posture. They challenge our thinking, guide our priorities, and support us in continuing to build a more resilient organisation. Whether it’s reviewing our firewall estate, improving data loss prevention, or writing new policies, every interaction adds value.”
Delivering resilience at scale
The engagement began with a full SIEM transition to Google SecOps SIEM, but quickly evolved into a broader, long-term partnership that enhanced OneAdvanced’s already comprehensive security program.
Key areas of focus have included:
Managed Detection and Response (MDR):
Reliance Cyber provides always-on threat monitoring, proactive hunting, and real-time investigation through its Google Chronicle-powered MDR service—enhancing detection and accelerating response across OneAdvanced’s environment.
Digital Forensics and Incident Response (DFIR):
Reliance Cyber’s DFIR team engaged early, providing expert support during a period of heightened operational pressure—even before final contract terms were in place.
Tooling & infrastructure reviews:
Reliance conducted technical audits of OneAdvanced’s email security stack, DLP policies, and firewall infrastructure—identifying ways to improve and optimise without unnecessary investment.
Policy & compliance support:
To support ISO certification efforts, Reliance authored over a dozen tailored policies, enabling OneAdvanced to further demonstrate compliance and maturity during internal and external audits.
Roadmap & innovation planning:
Strategic workshops have helped align future transformation goals with evolving threat landscapes and Google’s product innovation roadmap.
Shaping Reliance Cyber’s own future:
Reliance conducted technical audits of OneAdvanced’s email security stack, DLP policies, and firewall infrastructure—identifying ways to improve and optimise without unnecessary investment.
“Their support has helped elevate the role of cybersecurity across the business. Our team’s work is being recognised by the board and across the wider organisation—something that simply didn’t happen before.“
Paul Baird
The results
50% lower ingestion costs
By transitioning to Google Chronicle.
50% in cost savings
Achieved on data ingestion fees compared to the alternative. This allowed the company to reallocate savings to other critical security initiatives and strategic projects.
12x longer data retention
The move provided a 12-month retention window, a significant increase from the previous three months.
This enhancement enables the security team to conduct more comprehensive threat hunting, perform in-depth historical analysis during incidents, and better meet long-term compliance requirements,
all without incurring extra costs.
99.75% threat analysis automated
With Improved MTTD and MTTR. The OneAdvanced SOC now achieves faster detection, and threats are automatically contained in minus 60 seconds.
This efficiency significantly reduces the mean time to detect (MTTD) and respond (MTTR), directly translating into less operational downtime and a lower financial impact. Furthermore, with over 900 expert-built detection rules, OneAdvanced benefits from comprehensive threat coverage, ensuring nothing slips through the cracks.
Board-level recognition:
The security function’s work, supported by Reliance Cyber, has been publicly recognised by the board and leadership team. This strategic alignment has helped the team secure funding for future innovation and has positioned security as a key competitive differentiator in the market.
The impact
OneAdvanced conducted a comprehensive RFP process involving more than 15 providers. Despite initially leaning towards a Microsoft Sentinel architecture, Reliance Cyber’s proposal—anchored in Google SecOps SIEM and a true hybrid MSSP delivery model—stood out as the ideal solution to build upon OneAdvanced’s existing foundation.
“Reliance Cyber helped us reinforce our proactive security stance. We are now even better protected, better aligned, and better prepared for what’s next.”
Paul Baird
Looking ahead
The collaboration continues to evolve. From cloud migration and AI-driven detection to advanced threat modelling and customer-facing security programmes, Reliance Cyber remains a trusted extension of the OneAdvanced cyber team, complementing their
internal talent.
“We have built more than just capability, we have built confidence. Security is now part of the conversation at every level, from board meetings to day-to-day delivery. Our team feels empowered, our leadership is engaged, and we are shaping a future where security drives the business forward.“
Paul Baird concluded
About Reliance Cyber
Reliance Cyber delivers world class cybersecurity services tailored to the unique needs of our customers. With extensive in-house expertise and advanced technology, we protect organisations across a wide range of sectors — from enterprise to government —against the most sophisticated threats, including those from nation-state actors. Our teams safeguard critical assets, people, data, and reputations, allowing customers to focus on their core business objectives with confidence.
Get in touch with our experts
+44 (0)845 519 2946
contact@reliancecyber.com