Showing posts with label ransomeware. Show all posts
Showing posts with label ransomeware. Show all posts

Monday, April 24, 2023

Why today’s hybrid IT complexity makes 'as a service' security essential

Transcript of a discussion on why more automation, integration, and acquiring security services “as a service” are in hot demand amid rapidly growing IT security costs and the added complexity of protecting distributed workforces.

Listen to the podcast. Find it on iTunesDownload the transcript. Sponsor: Bitdefender.


Dana Gardner: Welcome to the next edition of the BriefingsDirect podcast series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator.



Amid rapidly growing IT security costs and the added complexity of distributed workforces, the challenges facing IT services providers are clearly outrunning past practices. That’s why more automation, integration, and acquiring security “as a service” are in hot demand.


Stay with us now as the next BriefingsDirect security innovations discussion examines how Heartland Business Systems is seeking new ways and new partners to ensure that security incidents are kept in check across a variety of hybrid IT services and scenarios.


Here to share his story of increasingly embracing security-as-a-service is our guest, Jason Nuss, Vice President of Cloud Services at Heartland Business Systems (HBS) in Little Chute, Wisconsin. Welcome, Jason.

Jason Nuss: Dana, thanks for having me.


Gardner: Jason, what are some of the top trends driving the need to do things differently when it comes to risk management and endpoint security?


Nuss: Endpoint security is getting more important and broader every day. Cyber insurance definitely has had a huge influence over the last several years. I can remember when cyber insurance applications were just a couple of questions. Now, in some cases, they’re a dozen pages long.


That’s urging more requirements to tighten up security practices. At the same time, the hackers are getting smarter, and they’re moving to new techniques. You know, we’re starting to see more extortion as opposed to just encryption scams, which really has a much greater effect on not only on a specific customer, but sometimes that customer’s clients as well.


During the last few years of the pandemic, we’ve also seen a migration to a more mobile workforce. Some of the companies we work with have closed their office doors. They aren’t going back to physical offices, which has brought in other challenges when it comes to making sure their environments are secure.


Gardner: And how about the current hybrid IT environment? How is that forcing you to do things differently?


Data is everywhere, but is it secure?


Nuss: Data is now everywhere -- as is your staff. We used to be able to secure inside of your walls and you didn’t have to worry so much about external trends. But now we have people working from home and accessing home networks, which makes those endpoints even more vulnerable to more security threats than the ones behind your corporate firewall.


You also have more cloud data and cloud services applications. You need to make sure those are secure as well, which plays a huge new factor. One of the common misconceptions we see is that everything from the cloud is perfect.


A lot of people think that cloud-based software-as-a-service (SaaS) applications include everything and that they are fully secure and fully redundant. But that’s just not the case. People need to take more time to look at the services that we’re adopting and make sure the providers are on the up-and-up. Do they have all the proper security tools, backups, and disaster recovery? Should they have an outage, how will that impact our businesses as well?


Gardner: Right, we have to evaluate the security robustness, if you will, of our entire technology supply chains.


Nuss: Absolutely.


Gardner: How about rising costs, such as for labor? How is that affecting your ability to deliver security effectively?


Nuss: Security costs over the last several years have gone up quite a bit. I often tell customers that security costs have gone up 500 to 600 percent from what they were five years ago.


I’ve been around this industry almost 30 years now. Before, you only had to worry about an antivirus product and a modem for connectivity to the Internet. Then it moved into buying firewalls. But now you have things like endpoint detection and response (EDR)managed detection and response (MDR), and extended detection and response (XDR).


It’s very confusing. You have security information management (SIM)security operations centers (SOCs)privileged access management (PAM), and all these other new technologies that make the landscape very, very cloudy. No pun intended.

But you know, sometimes we have to right the ship for the customer to make sure that we’re looking at security from a proper rollout perspective. You’re starting with the most critical things, whether it be a backup or multi-factor authentication or endpoint security. And then maybe layering on some of the additional services. But it doesn’t make sense for our customers to start out with penetration testing if they haven’t secured their environment ahead of time. We’re going to find out holes, right?


Gardner: And why is SaaS and more automation generally attractive to folks like you as you’re specifying the next generation of security?

Expertise at scale


Nuss: Expertise at scale is very important -- and often overlooked. Just making sure you have a SOC, and maybe if it’s a guy or two, that is not good enough. You need to be able to react appropriately.


So having a larger staff, having a knowledge base behind that, is very important in solving the protection issues -- or even identifying the security issues quickly. Automation is critical to that. When you’re ingesting hundreds of thousands -- or millions -- of logs, you need to be able to comb through that data really quickly. So, automating that is critical. You’re starting to see more artificial intelligence (AI) and machine learning (ML) take over in that space. A lot of the more recent products are using those technologies to identify threats before an analyst would have caught them manually.


Gardner: As we mentioned before, we have to be concerned about our suppliers and partners --- perhaps more than ever. They can come under attack as well. How has that changed how you look at your suppliers?


Nuss: As far as our suppliers go, we’ve started to take a deeper look at the supply chain completely. There are a lot of smaller companies coming out with new technologies. As we look to vet things, not only are we betting on functionality, but we’re also vetting on security elements.

Just turning on an API isn't always a good thing. You want to make sure you're minimizing the impact should they have a breach and that it does not impact you as well. You have to look over the vendors and make sure they follow the best practices.

Just recently, we were looking at a product that would integrate into our customer resource management (CRM) tool to do better data mining out of Microsoft 365, Exchange, and Outlook. And, you know, we came to find out that, hey, that data is being stored overseas. They’re also injecting a bunch of email messages, and so we had concerns around those tools.


Just turning on an application programming interface (API) isn’t always a good thing. You want to make sure you’re minimizing the impact should they have a breach and that it does not impact you as well. You have to look over the vendors and make sure that they’re following best practices. If they’re not, I think it’s good to call them out and let them know. Such as, “Look, you don’t need access to all of these tables for the pieces that you’re trying to access. Let’s minimize the blast radius should you be compromised and so as to not affect us as well.”


Gardner: So, it’s services-subscriber beware, right?


Nuss: Absolutely. You know, with some of the other things that are playing into it as well, with the mobile workforce, you have to secure the edge and make sure you have good endpoint controls, firewalls, and other components.


That was one of the things where Bitdefender rose above the rest for us. They were able to store those things, looking at other cloud storage providers. You know, you also see shadow IT out there. I cringe when I hear people that don’t have corporate policy around cloud storage and where they’re putting up data using things such as Dropbox or Microsoft OneDrive. It’s okay to use those, but make sure you have a governance policy around them, such as a backup strategy and how you’re going to secure that data.


Gardner: We have seen a lot of cloud services use sprawl and ungoverned use, for sure. Eventually, you have to gain maturity about how you do that.


Let’s hear about Heartland Business Systems (HBS). Tell us about your company. What you do, and what do you think distinguishes you from other managed service providers (MSPs)?


Widespread, yet local service


Nuss: HBS is based in the Upper Midwest, we’re just south of Green Bay, Wisconsin. We’re now up to about 12 locations throughout Wisconsin, Minnesota, Illinois, Iowa, Nebraska, Missouri, Arkansas, and Arizona. We have been around since the 1990s, with around 650 total employees and about 350 technical service professionals across many specializations.


People often ask what sets us apart from the other guys in the industry. I think there are a couple of things. We have both breadth and scale. We also believe very heavily on having in-market expertise where we have a physical presence. We try to have expertise so that when our teams are going out on-site, we deliver a quality experience. We’re not always relying on engineers from the center of our company, so to speak, to roll that out.


Our expertise is widespread. So, we not only do the normal networking- and systems-type work -- with a robust Microsoft practice; we’re a gold partner in 16 of 18 different competencies -- we also have an enterprise security and risk management team. [They can also help when] you’re doing compliance audits, vulnerability assessments, and penetration testing. Just in December, we purchased another company, Pratum, that has a SOC-as-a-service offering. It will be interesting to see how that plays into our security offerings over the coming months.

Gardner: When you talk about breadth and scale, that sounds like you have to scale not just up but down and sideways, if you will. That means servicing a lot of different types of organizations across a lot of different industries. So how do you serve that variety? How do you scale up and down and remain efficient?


Nuss: It’s sometimes difficult to address all the different markets. Our total market is pretty much comprised equally and in thirds: of small-and-medium business (SMB), medium-to-large enterprises, and then the government and education spaces.

Sometimes those needs are very different. You have to have offerings that address the needs that they all want. In the SMB space, they typically don’t have security professionals, so we end up being the security professionals for them.


In the enterprise space, a lot of times it’s more of a co-managed solution set. You have to have solutions that address the needs of each of those different classes. For us, we have separate engineering teams in a lot of those spaces, where they focus on specific technology stacks for the specific market segment. They become more expert there, with a SMB-type engineering staff as well as an enterprise engineering staff. They focus on different manufacturers, in some cases, and more elaborate technology at the higher end of the spectrum.


Gardner: With a sizable public-sector business, and I have to assume quite a bit in education and schools, how is that a challenge for security?


Nuss: The biggest challenge in the public sector is often budget. A lot of times it is so focused on hardware migrations – the replacing of endpoints at the desktop, networking, or servers – that security gets overlooked, even though it’s more and more important.

On the IT side, we look at building best practices around policy. Everything starts with that policy, and then you can measure against that policy as you move forward. 

Also, for them, they’re trying to solve physical security concerns in addition to IT security. So, we work with customers on things like video surveillance systems, ID badges, and access control systems.


On the IT security side, we look at building best practices around policy. Everything starts with that policy, and then you can measure against that policy as you move forward. They are also moving to devices that may have less susceptibility, such as Chromebooks where they’re not storing data locally. They’re storing it up in the cloud so they can better protect those cloud assets. They are then less worried about the endpoints, but you definitely have to begin with that comprehensive policy and then obtain the tool sets that goes with it.


Gardner: Is there a positive pay back when you automate more, go policy-driven, and use cloud and multi-tenancy to their full effects?


Multi-tenancy critical in the cloud


Nuss: Yes. For us, multi-tenancy is absolutely critical. I run our cloud services division, our data centers. We have two data centers. As we looked to security tools like endpoint security, it was absolutely critical that these things were multi-tenant. We had products before we found Bitdefender to support 20,000 endpoints through a single management console. To roll out that type of scale, you have to have consistency. There are a lot of great security tools in the marketplace, but if they don’t play into your operational processes at scale, they really don’t do you any good.


As we evaluated for endpoint security, and EDR specifically, we needed to make sure that number one, it was a good product. We looked at MITRE ATT&CK trends and things like that to see where they were playing within the Mitre framework. But number two is how did it work into our processes and into our tool sets?


Could I have a global policy that I could roll out to everyone, so they knew that I had consistency? It’s inefficient for me to go touch 600 different customers within that portal to make one change. I need to make it at a global level and have that be inherited down the chain. At the same time, we have more enterprise customers who want control of those policies themselves. We were looking for a tool that would allow us to give them the access rights to customize the policy or manage their portal as they saw fit. So, we really like those aspects of it specifically.


Gardner: When you try all kinds of new services and products, one of the challenges in security is the sprawl of having so many tools. What do you look for when you’re evaluating your security suppliers and services when it comes to how well they integrate services, in how well they combine tools and meet more requirements, so that you don’t have to?


Tools and services work well with others


Nuss: A lot of times we’re looking for integration. We’re a ConnectWise shop end-to-end so we’d like solutions that integrate into that tool set. Whether it be pushing the software out through ConnectWise Automate and those kinds of deployment tools, or whether it’s alerting within the tool set to let us know that there’s been a ticket that’s been created, or better yet, even closing out that ticket once it’s been remediated.


Those capabilities are very important to us. You can’t just use email anymore to notify people of issues that arise. It just becomes noise and we’ve consulted with customers where they have things like monitoring solutions.


You can’t have a better example than we had when a city government here locally had a ransomware attack. They had security tools that actually notified them the day before that the hacker was in the system, but because of all the noise, they didn’t have the alerts tuned enough and the processes well defined enough so that they missed the alert. The next day, they were hit with ransomware and encrypted across the entire environment. So, you know, lesson learned -- it’s not just about having the tools to block attacks. It’s also about having the processes in place to react when the chips are down, right?


Gardner: Yes, and it integrates into your processes as you pointed out in your help desk or SOC and your other systems that are already in place. You have to take advantage of what you put in when it comes to fast remediation, fast alerts, and email just doesn’t cut it.

Okay, let’s think about reporting and data and understanding what’s going on. It’s about having information to the right in the right ways. What do you look for when it comes to reports for that that single view, or one throat to choke, if you will?


Nuss: We need to be notified of the alert immediately. We’ve created mechanisms that if there is a critical alert, it’s sending a page out to people that are on call and setting off other alarm bells for us to react very quickly.


From our SOC services perspective, we outsource much of our MDR services. So, we create workflows with those vendors that are overseeing some of those security aspects on who should they call first, and how that escalates through our system so we make sure that those can be addressed quickly.

From our SOC services perspective, we outsource much of our MDR services. We create workflows with those vendors that are overseeing some of those security aspects on who should they call first and how that escalates through our system so they can be addressed quickly.

I tell this story to a lot of our prospects. It was the Friday before Fourth of July weekend, and I got a call from one of the SOC analysts telling us that we had someone in one of our client’s environments They were making some lateral movements and they were pretty convinced it was a hacker.


Had that gone on for another three days, who knows how they would be? Now, the good news to the story is it wasn’t actually a hacker. They were having a penetration test done within their environment over the weekend -- so no harm, no foul there. But, you know, had that been somebody that was in there, you hate to even guess how far they could have gotten throughout the environment, how pervasive that could have been without having someone notified quickly.


Many of our clients have seen that in one of their portals. Had they gone in there, they might have seen it in an email when they got to it, maybe the next week when they got back from vacation. But when it comes to security time is money.


Gardner: Let’s look at your security solutions choices. How was your journey in terms of solving these issues?


Nuss: There are two aspects to it. As we looked at endpoint security, we spent more than a year analyzing different platforms. We looked at all of the major vendors out there, the Microsoft Sentinels, the CrowdStrikes, the Sophos, you name it -- we looked at all of them. We narrowed them down from their “based-on” capabilities, based on some of the tools set integrations, based on their go-to market strategies, some competitive natures. Then we went in and started doing field trial tests, so we put them in place. We would kick the tires, tested integrated to our tools, to make sure those workflows came through, and then we moved forward from there, rolling that into our offerings.


It’s a pretty detailed process -- one that was probably more detailed than many of them out there. That’s a big aspect of making sure you’re not just jumping in and saying, “Well, this one’s rated really well. Let’s just take that and move forward with it.”


One of the competitors in that particular space that we looked at -- we really liked the product, but we also looked at financial capabilities of the company. You know, they should be profitable. They shouldn’t be hemorrhaging cash left and right. You need to make sure that they’re going to be in there for the long haul. Having been in the IT space for 30 years now, we’ve seen a lot of great vendors come and go. And so that’s almost as important -- their financial viability -- as is the technology.


Gardner: How much further do you have to go to get to where you need to be?


Operational maturity for success


Nuss: It’s always a constant evolution. With security changing so fast, we try to look at what is  integrating more openly. Who has APIs to integrate into other tools?


Talking about Bitdefender, with this recent acquisition that we have had, they do a lot with Microsoft Azure Sentinel, so we’re working on an integration into Azure Sentinel so that we can have cross-platform capabilities and a layered approach.


We want to make sure the tools that we have can integrate with the overall platform so that we can pick and choose the right platform to deploy to our customers. The other piece of it is you really have to work closely with the customers to make sure they have proper operational maturity levels.


I look to five different levels of operational maturity, and you should move up and to the right in the levels. You should take that same approach with security. Make sure you’re starting with the core components to make sure that you have the big building blocks there first -- such as endpoint security, firewalls, advanced threat protection, on-site and off-site backup, and policy management -- before you move to some of the next-generation, such as SaaS technology, zero-touch network access, zero trust at the endpoint level, and DNS protection. You can go on and on and on.

Security awareness training is also key. For example, our enterprise security and risk management teams came up with a top 10 list that we present as a place to begin. And then we start to talk about where to go as your budget allows.


The other big thing is to get out in front of the process from a budgeting perspective with your clients. I tell them that security costs are probably five times what they were just five years ago, but we don’t necessarily see that in the budget. A lot of times, IT has a real struggle relaying the value of that to the business leadership.

Get out in front of the process from a budgeting perspective with your clients. Security costs are probably five times what they were just five years ago, but we don't necessarily see that in the budgets. IT has a struggle relaying that value to their business leadership.

I like to tell stories and relate things back to what I’ve seen in the past. For example, I was at a trade show and one of the security analysts was telling us about a letter he received the day before from one of his MSP clients. It was basically an extortion letter from a cyber attacker who said, “We’ve been in your business for the last 30 days. We have 300GB your files. Here’s the list of files we have. You can pick any three, and we’ll send a copy of the files just to prove that we have them.”


This was purely financial: “Here’s how much money we want. And by the way, if you don’t pay us, we’re going to start calling every one of your competitors and every one of your customers to tell that we have your data and then try to extort them in the same fashion.”


You tell that story to a business owner and it almost makes you sick. Those types of things are happening out there every day. A lot of times, I don’t think they’re very well publicized because people don’t want to know who has been hacked. But it’s real, and they need to react to it and take it seriously. By telling those stories, or if they know somebody who has been hit up for ransomware or extortion, whatever it may be, those stories make a big difference, too.


Gardner: On measuring that value, what are your most important key performance indicators (KPIs) to demonstrate to your leadership that you’re spending your money properly and wisely? When it comes to things like EDR and what Bitdefender is providing for you, how do you measure the value?


Nuss: That’s always a tough question. At the end of the day, we look at where we see threats and infections and the reactive support needs. We have an incidence response team here to help clients. And we try and track what’s happening there -- how many alerts, remediations, and things that are fixed on a monthly basis to prove value.


From an MSP perspective, we send out reports to our clients showing all the security events that we’ve seen. These are the things that have been blocked to make sure that they understand the value that’s there. Otherwise, the value is out-of-sight, out-of-mind, right? If they don’t have a problem, they don’t necessarily think that any problems ever existed because you’re blocking something. You’re doing a good thing, but they don’t always realize that.


Gardner: Of course, not being hacked or ransomed or extorted also factors pretty high up there.


Nuss: Yes, for sure.


Gardner: Okay, let’s look to the future. What comes next? What are you looking to do in the next three years?


Take down tool sprawl


Nuss: Some of the big things that we’ll look at include which tools are working better together and where we can consolidate reporting. So, combating tool sprawl. It’s a real problem out there, trying to bring reporting from the different tools together so we can show the overall, cohesive strategy. That is going to be more and more important.


We want to work with vendors that are really open. I would be surprised if we don’t see more of the security vendors adopt standards where they’re sharing things in a more cohesive fashion. Whether it’s endpoint security, DNS protection, or zero trust – ways that security threats can be more consistently delivered to reporting mechanisms to develop better overall dashboards.


You’ll start to see more API integrations, where you have reporting tools that now are able to work with vendors to block things. So maybe your endpoint security is integrated into your SOC services. You could, at the click of the button, have a disconnect or block of a particular event automatically -- or even manually -- when they see those issues without necessarily having to move into different tools.


That’s where you’ll see the automation components come in. And then they’ll start to create workflows that work with that, so if an event is triggered, they can use that to run scripts against things to start to shut things down or just connect them or remediate at inception to prevent it spreading. That’s where I think things will be headed more and more.


Gardner: I’m afraid we’ll have to leave it there. You have been listening to a sponsored BriefingsDirect discussion on how IT services providers are moving beyond past practices to seek out more automation, integration, and acquiring modern security solutions as a service.


And we’ve learned how Heartland Business Systems is seeking new ways and new partners to assure that security incidents are kept in check across a variety of hybrid IT services and scenarios.

So please join me now in thanking our guest, Jason Nuss, Vice-President of Cloud Services at Heartland Business Systems in Little Chute, Wisconsin. Thank you so much, Jason.


Nuss: Thanks for having me, Dana.


Gardner: I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for this ongoing series of BriefingsDirect discussions. A big thank you to our sponsor, Bitdefender, for supporting these presentations.


Also, a big thank you to our audience for joining us. Please pass this on to your IT and security communities, and do come back next time.


Listen to the podcast. Find it on iTunesDownload the transcript. Sponsor: Bitdefender.


Transcript of a discussion on why more automation, integration, and acquiring security services “as a service” are in hot demand amid rapidly growing IT security costs and the added complexity of protecting distributed workforces. Copyright Interarbor Solutions, LLC, 2005-2023. All rights reserved.


You may also be interested in:

Thursday, March 30, 2023

For UK MSP, optimizing customer experience is key to successful security posture and productivity

Transcript of a discussion on how Scottish MSP Grant McGregor takes the customer experience imperative to new heights, especially as its users move increasingly to hybrid IT models.

Listen to the podcast. Find it on iTunesDownload the transcript. Sponsor: Bitdefender.


Dana Gardner: Welcome to the next edition of the BriefingsDirect podcast series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator.



For managed service providers (MSPs), making the IT infrastructure as invisible as possible isn’t just a “nice-to-have" — it's also elemental to delivering the best customer experience.


Securing IT for these tech services and support users is no different. The less complexity and interference with productivity from the underlying security apparatus — the better.


Today’s BriefingsDirect security innovations discussion examines how Scottish MSP Grant McGregor Ltd. has taken the customer experience imperative to new heights — even as its users move increasingly to hybrid IT models.


Here to share their story of better managing the security experience as a means of enhancing the overall IT services value are our guests, David Lawrence, Co-Founder and Director of IT Support Services and Advice at Grant McGregor in Edinburgh. Welcome, David.


David Lawrence: Thank you for having us.

Gardner: We are also joined by Paul Sinclair, Head of IT Service at Grant McGregor. Welcome, Paul.


Paul Sinclair: Hi, Dana. Many thanks for allowing us to have this opportunity to share our story.


Gardner: David, what are some of the top trends driving the need for MSPs like yourselves to provide risk management solutions that go beyond just endpoint security?


Lawrence: We typically talk about the threat landscape in the context of the threat actor. What  we’ve seen over the last couple of years -- with the need for hybrid working – is really focusing now on keeping the honest, honest -- and the right, right. That’s the knowledge worker, the poor person in the organization who’s trying to do the best they can in a challenging environment.


We see organizations doubling down and asking for our advice on helping them stay right, and that’s through conditional-access policies to protect the organization while away from the central network and with security-awareness training that helps educate those people on best practices.


With cloud protection and cloud backup, a lot of organizations have made further grounds into the cloud landscape on how they can best protect their organizational data. Critically, people are more aware now of managed detection and response (MDR) and extended detection and response (XDR)

 services. They feel that they want a security [blanket] on their organization wherever those people might be working.


Gardner: Tell us about Grant McGregor. What distinguishes you in your mind from other MSPs? How do you enhance your customer experience in particular?


Work safely with right tech support


Lawrence: With 20 years of experience in delivering world-class people support and technology services, we’ve now grown to 21 people who deliver support and advice to more than 1,500 customers and their endpoints.


We want our customers to thrive by creating better and safer places for them to work. And that’s critical. People want to be productive. They want to feel that they have an MSP like us watching out for them. Our service desk team delivers people-centric support, protecting the people themselves and their endpoints. We provide proactive support and administration -- just like an outsourced IT department would.


Our professional services team delivers what we consider a standard practice, but I’m amazed that sometimes it’s not. That’s the quarterly business reviews. Those are really important for providing the advice and guidance for our customers as they make and continue the journey to Microsoft Azure cloud – with security as a service (SECaaS), cloud as a service (CaaS). I think our strength is triage with all their other partners in that sort of technology ecosystem.


Gardner: Paul, how are your needs for securely delivering IT services and support different from three years ago? What are some of the trends driving your ability to adjust and improve to deliver the best possible experience for your customers?


Sinclair: Well, as you know, the world is a much different place than it was three years ago. We’ve had to adjust our own practices. We’ve had a pandemic; we have other crises in the world at the moment as well.


So, we’ve had to adjust as a business and learn how to work remotely, work in a hybrid model, but at the same time deliver that high-end, 100 percent world-class service that we too strive to do. Not only that, but we’ve also had to support our own client base and our client users with their hybrid and remote working needs by identifying and delivering the right security products that keep our customers safe – and their customers safe, as well.


Lawrence: It takes a layered approach. For example, only yesterday we had a threat actor maliciously trying to sneak through. So it requires a number of protection measures in place -- from email protection, to education, to security awareness training, and filtering, as well as using Bitdefender’s Managed Detection and Response (MDR).


And it was only at the last minute through the human firewall, of clicking on the link to remove that email, using Bitdefender, in this case, and the MDR service. It had our back and blocked it. So, again, we’re very focused on educating our customer base. No one size fits all. What we need is a layered approach to security.


Gardner: Because you’re servicing different regions of the UK and you’re servicing different-sized organizations, you need to readily scale up and scale down. How difficult is it to serve the biggest and smallest of your customers?


The future is co-management


Lawrence: There are some challenges. Our sweet spot is probably the 20- to 70-seat-sized organizations. And we’ve strategically made our people-centric services agile enough for those numbers.


The criticality of that is that we want strong partners and strong solutions. We need to know how those solutions work to gain the best out of them. Then all of our people can know what they’re meant to be doing. That’s always been a bit of a journey.


Where we are now is we’re very confident that in using providers like BitdefenderProofpoint, and N-Able that we are using leading-edge solutions. But critically, there needs to be a partnership, and that needs to come from our providers.

Our next growth is through co-managed IT services. That's a really great place to be over the next couple of years. We can take what we've learned, the tools we have, and our partnerships and deliver those at scale to help our customers.

Our next growth is through co-managed IT services. That’s a really great place to be over the next couple of years. That’s because we can take what we’ve learned, the tool sets we have, and our partnerships – such as we have with Bitdefender -- and deliver and scale those co-managed security services to help our customers’ stressed and time-strapped IT departments.


Gardner: What do those co-managed services typically consist of?


Lawrence: You’ve seen the data. It’s incredible in this day and age that a lot of organizations -- even still in the UK -- are not patching the way they should. You would think that would be the number-one priority for these IT departments, to patch with the latest Windows updates, and on the applications, too. But that still isn’t the case. We’re cyber essentials assessors, and we see that for our non-support customers.


So, we want to help them and allow them to focus on the strategic side of their organizations. We have the tool sets to enable them to patch their endpoint devices effectively and attain that very minimal first-level knowledge that they’re secure. And then we can work with them on the SECaaS value. That’s where we can add real value from the experiences we’ve learned from and from the partnerships that we have.


Gardner: Paul, how do you overcome the challenges your customers have with integrating security tools? So often security consists of many different tools, many different underlying technologies. How do you go about that making that all invisible to them?


Sinclair: When David and I first started out many years ago, you needed different applications from different vendors to secure all the threats that were out there. But it was a lot of work and took a lot of time and effort using different products. Over the years, Bitdefender has given us the capability to have a security suite of web protection, a firewall, endpoint protection, USB control, and other security options.


Having this one product as a cloud-based solution -- and that has the integration options with our professional services automation (PSA) and remote monitoring and management (RMM) system as well -- allows us to deploy basically one RMM agent that allows several different security controls to be deployed to any PC at any company very, very quickly. It makes the technical support of that extremely easy. It also makes the deployment and the onboarding of new customers very efficient.


Gardner: Yes, as more of us are more remote across organizations, that has hastened the movement to a remote control agent approach to security. Do you agree, Paul?


Sinclair: Absolutely, yes. It certainly makes it easier than back in the old days of running around to different PCs and asking users to give up their time during the day to allow us to do that. Now we can do that remotely, silently, and very effectively.

Lawrence: We have seen in our MSP peer group in Scotland, and in the UK, that they are cementing their processes and procedures around one or two key products, and in some cases the customer solution. I’m sure this is the same in the United States among mature MSPs. You can only support what you know. You can only train and certify on one key product and in one key area to be the master of one, but not necessarily the master of many.


With Bitdefender, and the other security partners we have, this allows us to focus -- but also put that known stack in place for customers, knowing that we have their backs. And sometimes there are awkward questions from the customers, saying, “Well, you know, I kind of prefer to do it this way” … or “Can I keep this or that security solution?”

Well, we learned from maturity and having the right security posture that the answer needs to be, “No, the answer is no. We’re putting our security stack in to best protect you. And you can hold us accountable, but it needs to be our technology, provided by our partners.”


Gardner: Even as so many organizations are moving to the cloud model, so much of security issues comes back to email. Especially in smaller organizations, email remains the source of a lot of security hiccups.


How important is picking the right email partner and tools in your overall security posture? What  have you found as the right approach to a steady path of productivity given the inherent risks of email?


Lawrence: So, as recently as six years ago, we were probably spending about 60 percent of our day managing email security. You know, the false positives, the stuff that shouldn’t be getting through, and all of the headaches that come from malware and ransomware. It was causing us real pain points.


Manage email to educate users


Sinclair: There are global threats and new sophisticated ways that we’re seeing daily through which criminals are trying to harvest your data. You need the right email security solution that keeps up with the times. Those providers can figure out for you what the new threats are on the back end. Also, we’re no longer having to log on to the systems daily or weekly and tweaking the settings here and there like we used to.

Email security training for end users is a big must now, and we're promoting that to our clients. It only takes one lapse in concentration. Then before you know it, you can be in some serious bother. I'm a big champion of email security training.

One point I would emphasize as well is email security training for the end users. It’s a big must now, and we’re promoting that to our clients. It only takes one lapse in concentration when some of these busy workers remove a dodgy email from quarantine. Then, before you know it, you can be in some real serious bother. So, I’m a big champion of email security training as well as being on top of your security solution updates.


Gardner: Right. Even using the best technology, being successful at security reverts back to behavior. It’s an intangible aspect to all of this. Also, as providers of the best customer experience, you want to embed security measures, make them invisible. That means you need to have the instant visibility into what’s going on in order to react.


So, how well do your tools provide the insights needed to fully exploit the security technology?


Lawrence: There are two sides of the coin when it comes to visibility. One is the proactive nature of being able to look at the data in real time and to make assessments, and the other is to then feed that back to the client.


The reactive nature of the security tools is probably most important because you want to jump on that quickly and effectively to remove threats and then to communicate that to the customer --  what’s happening real time -- and how we’re helping them to quickly get back to a safe place.

We’re choosing solutions that are mature, are a good fit for us, and that also integrate into our PSA and RMM systems. And, you know, Bitdefender, Proofpoint, and other solutions that we use all have APIs (Application Programming Interfaces) that allow us then to interconnect services whereby we can build automation and remove the noise.

A lot of the time now, the artificial intelligence (AI) solves problems for us. Other times, we still need the technology support officers in our organization to see the threats and react quickly. Again, only yesterday we had an incident. Thankfully, the third layer of security jumped in -- and that was Bitdefender. We were all over it very quickly, and we could jump into the ConnectWise and other systems and say, “Yeah, we know exactly how that threat transpired and where it came from.”


The first gate was closed, but the user opened it. The second gate was closed, but the user decided to open that one, too. And lastly, the third gate was definitely shut and was definitely not opening. And that was Bitdefender MDR.


Everything in the world is so quick now, much quicker that it was 10 or 20 years ago. Everybody wants to be able to report data and jump on things quickly. So, yeah, it’s just the right tool set that integrates into our solutions.


Gardner: Paul, what do you look for when it comes to consoles and a management overview? Or even taking the next step to provide compliance and auditing requirements? How do those fit into your customer experience needs when it comes to visibility?


A single pane of transparent glass


Sinclair: We use a reporting service that hooks into our PSA and different security solutions. We send these reports automatically and directly from the product set to the clients on a monthly basis. It shows the non-human tickets, but it also demonstrates the trust in the security services because it shows items that have technically been blocked, deleted, or quarantined. As part of the AI process that David was talking about, these tickets are logged, the product has done the job, and then the ticket is closed.


For us, we’re showing the added value that the security solutions are providing for the client. So then, they have transparency of the tickets that we are doing -- and the security solutions that we’ve put in place as well. That’s automated so we are not using the time on the person’s device to do fault finding. And, for us, we found that is really valuable, these reports, and the clients certainly do as well. They look forward each month to receiving them, and we get feedback on them every month. It’s a great service and tool that we’ve built for that.


Gardner: David, you mentioned Bitdefender and the tools you’re using from them. Give us an overview of what you’re using and how they fit together to meet your needs as an MSP. I’m also wondering if you’re relying on the Bitdefender Security Operations Center (SOC).


Lawrence: We’ve been with Bitdefender for a number of years now. The irony is we were using malware solutions in the past that had a Bitdefender engine. The irony was the vendor just wasn’t just cutting it for us. So, we went to work with Bitdefender directly. We have the confidence that it’s a grown-up solution.


They have been around for many years, and they’re always at the forefront of the technology. The way Bitdefender works for us is we use Bitdefender GravityZone, so every one of our customers will have that standard stack. And then, on top of that, we use Bitdefender EDR and advanced threat technology to secure the endpoints. So, for us, that’s just a given. It’s got that great layer of protection.

The solution doesn't just reactively address threats. They do threat hunting for us. ... There have been so many occasions this year that Bitdefender has jumped onto alerts and challenges with endpoints. ... They really have delivered on the MDR service.

I think of those horrible words in our industry, the “single pane of glass” expression, but that’s what it provides. The Bitdefender GravityZone always evolves, changes, and develops. And, for us, that single pane of glass is a very good system to go in there and see what’s going on in that environment. Last year, we adopted the MDR service from Bitdefender and dipped our toes in that with a couple of our professional services customers.


The solution doesn’t just reactively address threats. They do threat hunting for us. We give them a lot of information on the customer. They look at domain names, their threat landscape, and provide that in a security center so that we can resell that to our customers. We were open to our customers about who ultimately was providing that, and we would work with that partner to have our customers’ back.


There have been so many occasions this year that Bitdefender has jumped onto alerts and challenges with endpoints. And then ultimately we’ve worked together, even saying, "That’s fine, let’s exclude that," or as was the case yesterday, they blocked that threat -- and that’s what we want. Sometimes when you hear technology providers say, “Here’s the service,” and they describe it, you think it’s too good to be true. And actually, that’s not been the case for Bitdefender. It really has worked, and they really have delivered on the MDR service.


Gardner: Paul, anything you’d like to add to your use of Bitdefender, and then also the SOC opportunity?


Sinclair: In terms of the SOC, once we are able to give the right information to Bitdefender, do you know what that allows us to do? It gives us the confidence that the user habits on the PCs are being monitored, and anything that’s unusual is being picked up on.


One of the first things I remember saying to David, once we started seeing the results coming through, was, “Do you know what? I can go to bed at night now and have that good night’s sleep that we never used to get.” You know, you had something niggling in the background. But now I go to bed at night – or on the weekends – with that confidence that user habits are being monitored and looked at and picked up on. And that’s whether that user is in the office, working late, or it’s irrelevant of whatever location in the world they’re in. We know it’s being monitored. For that, and what we did, it’s just second to none.

Gardner: A lot of the benefit that large, sophisticated enterprises had when it came to monitoring behavior and analyzing it didn’t translate down to the smaller organizations, of say 40 to 50 seats. But now with SOC-as-a-service, if you will, the very best of analysis and behavior tracking can be brought to just about anyone.

Sinclair: Absolutely, because when you go to smaller clients than that of 10, 20, or 25, where the user behavior is not necessarily at a company level, they’re still being monitored -- and they’re able to work elsewhere.


We had an example not long ago where an end user decided that they were going to go on holiday and still work, but not let the organization know that they were away. They couldn’t do anything because Bitdefender realized the PC was out of the country and was trying to connect through unsecured networks -- at hotels, restaurants, and things like that. It just blocked them from being able to do anything. So, we were approached by that user, and we were able to then pass that information back on to the client organization ourselves. We acted as the eyes and ears for them.


Lawrence: When we integrated our organization using the Bitdefender MDR service, they had the goal of securing and providing us a SOC capability to the smaller businesses.


Before that, a couple of years ago, there was a manual process between us and the team in the States. We were filling in a spreadsheet, giving them as much customer information -- with the customers’ support -- to understand their organization and ultimately the threat landscape.


Fast-forward a couple of years, and Bitdefender has given us the maturity and MDR foundation so that the process for us as an MSP is a lot easier to get our customers on board with that SOC service. Now we don’t need to spin up a spreadsheet and fill it in. We can jump into the single pane of glass that Bitdefender provides and put up that service straight away and provide them all the information to get those customers secure and enjoying that SOC center.

Gardner: I’d like to quantify some of what we’ve talked about. So, I’m looking for metrics of success. What ways do you measure the overall impact on your customers and their experience? How do you know you’re doing it right and whether your suppliers like Bitdefender are getting the job done?

For happy clients, take their temperature


Lawrence: As an organization, we’re really focused on customer experience, and we have a customer improvement board in our ConnectWise system. We’re consciously seeking that and adjusting feedback from our customers accordingly.


And what’s great with the right tool set in place is it’s so different from the noise that we were describing earlier, about having the wrong security product years ago, and all the wrong malware and ransomware protection in place. It really caused us headaches.

Years ago, our customer happiness was around 94 percent. But over the last 12 months, we've had a score of 97.8 percent. That's telling us we're doing as good of a job as we can. ... We're very happy.

Now, when we review our customer happiness factor, we use Customer Thermometer. And years ago, our customer happiness was probably around 94 percent. But over the last 12 months, we’ve had a customer happiness score of 97.8 percent. That’s telling us weekly, monthly, quarterly, and annually that we’re doing as good a job as we can.


We also survey the key contacts, our key client IT partners within the organization, every six months on the net promoter score (NPS). Again, that’s very positive compared to where it had been. We’re at 69 now, which I think is world class, and 75 percent of promoters. So again, we’re very happy.


And that’s not all just down to selecting the right security tools. That’s having all people that can communicate in English and set the right expectations. But again, so much of our frustrations -- and probably the industry’s frustrations -- come from the wrong tool set. We need the right tools to do our job. That’s critical.


Gardner: Paul, any favorite indicators that assure you of that good night sleep?


Sinclair: Absolutely. Looking at the numbers, we’re seeing a 47 percent decrease in malware infections between our clients from last year to this year. That’s a massive number in a single year.


And that’s not just malware numbers. That has knock-on numbers in terms of technical administration cost savings by using Bitdefender and effectively creating and closing tickets on our PSA system. That’s a 23 percent improvement so far from last year.


What it shows us is we are evolving, and Bitdefender and that technology is evolving with us in the right direction. As long as we see these numbers constantly where they need to be, then yeah, that’s amazing.


Lawrence: The old frustrations were sticking an antivirus malware protection tool on the machines and having the opposite effect for productivity. The wrong malware protection was dragging the poor machines down. I think Paul told me earlier that it was a 10 percent performance gain that we’ve had since using Bitdefender.


Sinclair: Just having that smaller footprint is a big improvement, isn’t it? That smaller footprint from three, four, or five different security products now wrapped down into one. Between the two of us, David and I have been working in this industry for 60 years. We’ve reviewed our security products so often over our 21 years at Grant McGregor from the start and across different technologies. But if the tools weren’t working for the customer, they won’t work for us.

So far with Bitdefender, we have confidence year after year. We’re no longer sitting down and reviewing the Bitdefender technology and stack. We just recommend them as our first product whenever we onboard a new client or user. Bitdefender is the first product that’s recommended and it’s the first product that goes in. Not one client ever has said no. 

Gardner: Those are very impressive numbers, and I commend you for them. But, of course, we can’t rest on our laurels. We have to look for where we go next. For security, it’s never good enough, right?

So, what comes next for Grant McGregor? You mentioned co-managed services, for example. What solutions do you look to next, and how can your providers help you get there?


Keep the honest, honest


Lawrence: We’re in exciting times with exciting new technology. Without the distractions of what’s happening for us in Britain and in Europe, I think there are two trends.


As an organization, we’re focused on helping the end user stay right and honest -- and that means helping put in the right tool set. Those will be focused on data loss protection, enforcing policies for the endpoint, and education systems for security awareness.


Rather than focus – as the industry often does – on external threats, we want to keep the honest, honest. That’s, first off, an easier sell. Second of all, that means living up to our values. We are supporting the end users and the organization to navigate all the threats out there, but from internally and then outward.


The co-managed space is going to be huge. As an MSP – and there are a lot of us out there – maybe not all of us are doing the right things, but we’re all competing and trying to grab each other’s customers.


The natural direction is to the co-managed space, where we can pass on those years of experience with using the right tool sets. Unfortunately, soon in the UK, that will be to the cash-strapped IT department and the time-poor departments. They are going to need and want our expertise and advice so they can get on with doing the strategic work that they want to focus on. We’ll be providing to them the patching-as-a-service, the co-managed IT support-as-a-service (SaaS), the email-as-a-service (EaaS), and the backup-as-a-service (BaaS).


We’re already making traction in that space, and we’re excited about that. So, those two growth spots are there for us.


Gardner: David mentioned the unfortunate predictions across the globe for difficult economic times ahead. Doing more with less becomes the imperative across the board. So, that usually means higher productivity -- and that usually means working smarter, not necessarily harder.


What do you see in the next stages in terms of how you can help your customers do more with less from the MSP perspective?


Sinclair: It is all about being smarter, isn’t it? For us with the technology that David has touched on, I think we need to look a bit further into the future. And where does that take us? It takes us down that AI route and getting the users to try and help themselves along that route while we keep ourselves up to date with the latest technologies. It means watching for the new threats -- because they are constant. I see us soon taking on more AI and use more of that intelligence to keep the productivity levels where they need to be.

Lawrence: Digital transformation is a big space for customers to get their heads around -- and productivity is absolutely a must as they move to cloud services and platforms. Again, only recently Microsoft released more products and services. And, again, it’s our job as a technology provider to help educate our customers on that new landscape and to use tools such as business intelligence and to get the best from the Microsoft applications.

There’s a lot of new automation there that the customers can build upon, and I think their fear is just how they can get their heads around it. For us, it’s about partnering with the right people to pass on those skill sets to the smaller businesses.


Gardner: I’m afraid we’ll have to leave it there. You’ve been listening to a sponsored BriefingsDirect discussion on making the security infrastructure as invisible as possible as an essential ingredient to delivering the best overall IT customer experience.


We’ve learned how Scottish MSP Grant McGregor has taken the end users’ productivity and satisfaction to new heights, even as these customers increasingly move to hybrid IT models and face new forms of security risks.


So please join me in thanking our guests, David Lawrence, Co-founder and Director of IT Support Services and Advice at Grant McGregor. Thank you so much, David.


Lawrence: Thank you very much.

Gardner: And a big thank you to Paul Sinclair, Head of IT Service at Grant McGregor. Thank you, sir.


Sinclair: Thank you, Dana, it’s been an absolute pleasure.


Gardner: I’m Dana Gardner, Principal Analyst at Interarbor Solutions. Your host and moderator for this ongoing series of BriefingsDirect discussions. A big thank you as well to our sponsor, Bitdefender, for supporting these presentations.


I extend a thank you as well to our audience for joining. Please pass this on to your IT and security communities, and do come back next time.


Listen to the podcastFind it on iTunesDownload the transcript. Sponsor: Bitdefender.


Transcript of a discussion on how Scottish MSP Grant McGregor takes the customer experience imperative to new heights, especially as its users move increasingly to hybrid IT models. Copyright Interarbor Solutions, LLC, 2005-2023. All rights reserved.


You may also be interested in: