How Spalding University Strengthened Security and Achieved GLBA Compliance

As privacy and compliance demands in higher education grew more complex, Ntirety’s customer sought a trusted partner to enhance its security posture and meet the requirements of the new Gramm-Leach-Bliley Act (GLBA).

The Challenge: Meeting GLBA Compliance

Spalding University’s small IT team had already prioritized security with a managed firewall service. However, the introduction of new GLBA requirements underscored the need for more robust and proactive security measures to achieve compliance by the looming deadline.

We were always going to outsource this. An operation that’s 24/7 with a small team is not really possible. We need a good partner to provide around the clock service and help monitor because we can’t be in front of monitors all day, every day.” – Ezra Krumhansl, CIO, Spalding University.

After evaluating multiple managed service providers, Spalding chose Ntirety for its deep expertise and robust solutions across IT areas.

Proactive, Comprehensive Security

To strengthen Spalding’s security posture, Ntirety implemented Next-Generation Firewalls, Managed Detection and Response with Endpoint Protection, and log ingestion with 24x7x365 monitoring. Monthly cybersecurity training for employees, including Ntirety’s Email Security and Phishing Awareness Training, fulfilled a key requirement of the GLBA and empowered staff to recognize and prevent threats. 

These solutions delivered advanced threat detection and response, actionable alerts, granular reporting, and improved visibility. Spalding achieved GLBA compliance, reduced risk, and maximized the efficiency of their small IT team while focusing on mission-critical activities. 

Discover the Full Story

Curious to learn more about how Ntirety transformed Spalding University’s security posture? Read the full case study here.

 

How to Align Your Cybersecurity Strategy with the NIST Framework

In today’s digital age, cybersecurity is more critical than ever. Cyber threats are constantly evolving, and organizations of all sizes must be proactive in protecting their data and systems. Implementing the NIST Cybersecurity Framework is one of the most effective ways to enhance your cybersecurity posture.

What Is the NIST Cybersecurity Framework?

The NIST Cybersecurity Framework is a set of guidelines and best practices designed to help organizations manage and reduce cybersecurity risks. Developed by the National Institute of Standards and Technology (NIST), this framework is widely recognized and used by organizations across various industries to improve their cybersecurity defenses.

Key Benefits of the NIST Framework

  1. Comprehensive Coverage: The NIST framework covers all aspects of cybersecurity, from identifying potential risks to responding to and recovering from incidents. This comprehensive approach ensures that no part of your cybersecurity strategy is overlooked.
  2. Customizable to Your Needs: One of the strengths of the NIST framework is its flexibility. It can be tailored to fit the specific needs and resources of your organization, regardless of size or industry.
  3. Alignment with Business Goals: The framework helps align cybersecurity efforts with your organization’s business objectives. This ensures that your cybersecurity strategy supports and enhances your business goals rather than hindering them.
  4. Improved Risk Management: By following the NIST framework, organizations can better identify, assess, and manage cybersecurity risks. This proactive approach helps in prioritizing and addressing the most critical threats.
  5. Enhanced Incident Response: The NIST framework includes guidelines for responding to and recovering from cybersecurity incidents. This ensures your organization is prepared to handle incidents effectively, minimizing damage and reducing recovery time.
  6. Compliance and Best Practices: Implementing the NIST framework can help organizations comply with regulatory requirements and industry standards. It also ensures that you are following cybersecurity best practices recognized globally.

How the NIST Framework Works

The NIST Cybersecurity Framework is organized into five core functions:

  1. Identify: Develop an understanding of your environment to manage cybersecurity risk to systems, assets, data, and capabilities.
  2. Protect: Implement appropriate safeguards to ensure the delivery of critical services.
  3. Detect: Develop and implement activities to identify the occurrence of a cybersecurity event.
  4. Respond: Be prepared to act regarding a detected cybersecurity event.
  5. Recover: Maintain plans for resilience and restore any capabilities or services impaired due to a cybersecurity event.

These functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk.

Why Adopt the NIST Framework?

Adopting the NIST Cybersecurity Framework is a strategic move that can significantly strengthen your organization’s cybersecurity posture. It provides a structured approach to managing cybersecurity risks and ensures that your efforts are comprehensive, effective, and aligned with your business goals. By implementing the NIST framework, you can enhance your organization’s resilience against cyber threats and ensure that you are well-prepared to handle incidents that may arise.

How to Align Your Organization with the NIST Framework

Ntirety has developed a self-service, online security assessment to help organizations identify and address cybersecurity gaps and risks. The free assessment consists of 10 questions aligned with the NIST framework, covering the key areas: Identify, Protect, Detect, Respond, Recover. Upon completion, you’ll receive a comprehensive report with tailored recommendations for each area, prioritized to help you tackle the most critical gaps first. This report is an excellent first step in upgrading your organization’s cybersecurity posture.

Click here to take the assessment and get started.

Ntirety is the leader in comprehensive managed services, partnering with organizations to modernize and secure today’s complex IT environment. Ntirety’s solutions span cloud infrastructure, cybersecurity, data, and compliance, connecting mission-critical data across highly secure, available, and resilient environments.

If you’re looking to take the next steps in understanding and implementing the NIST CSF for your organization, the experts at Ntirety can help. Request a consultation to get started.

The CrowdStrike Impact and the Ntirety Response

By Steven Spence, SVP Customer Operations, Ntirety

Businesses around the globe experienced major disruptions to their IT stacks on July 19, 2024 due to a CrowdStrike update. Ntirety would like to take a moment to inform customers how we approached this challenge on their behalf.

The Cause of the Outage

According to CrowdStrike, the outage was caused by a defect found in a Falcon content update for Windows hosts. Ultimately, this was caused by a bug in their validation software and a process error with their Rapid Response Content release testing. CrowdStrike has pledged to improve in both of these areas.

While we’ve all experienced impact from issues around people, process, or hardware failures, for managed services providers like Ntirety, ensuring the security and stability of customers’ IT environments is the top priority. The cause of the recent global disruption highlights one of the challenges of protecting even the most secure IT systems.

The Ntirety Customer Experience

Fortunately, the CrowdStrike incident had no effect on the Ntirety Security Services technology stack and customers utilizing the full Ntirety Managed Security Services experienced no disruption in service.

The primary benefit to Ntirety customers during this event is that Ntirety is not just a Managed Security Service Provider (MSSP) but also an award-winning Managed Service Provider (MSP), managing not just security services, but also infrastructure. What this means is that customers are able to utilize their own tech stacks and, should that technology fail, Ntirety is there to provide support and recovery services. Some of our customers do utilize CrowdStrike applications within their environments. For these customers, Ntirety supported remediation efforts as they became available.

Ntirety Support Engineers worked with our customers to remediate the impact during this outage. For those customers who rely on Ntirety’s Monitoring Insights platform, Ntirety notified affected customers as applications became unresponsive, even as remediations were simultaneously occurring based on runbooks designed in conjunction with these customers. Conference bridges were available where necessary, and engineers worked around the clock until all customers impacted were back online and running fully.

As a customer, when an incident of this magnitude occurs, it’s understandable to ask yourself, “What could I have done differently to avoid being impacted?”

The CrowdStrike defect was not caused by a cyber incident or a product quality issue. It was related to a process issue that CrowdStrike is taking steps to remediate. Responsible technology suppliers take quality control issues very seriously, and issues like the recent outage are extremely rare.

The Ntirety Commitment to Customers

As a Services company entrusted with critical systems and data, we at Ntirety deeply value our customers and are invested in their continued success. We state our commitment via a Customer Pledge that we take very seriously:

  • Put Customers and Partners first. Always.
  • Deliver peace of mind continually and rapid resolution, if necessary.
  • Invest in world-class systems and people.
  • Innovate with performance and value in mind.
  • Be transparent.

Here is how we put these commitments into practice.

Comprehensive Security Services
Our comprehensive suite of managed security services is designed to ensure your systems always remain secure and operational.

Rapid Response
When disruptions occur, the Ntirety team addresses issues immediately, minimizing downtime and maintaining business continuity.

Proactive Management
Our 24x7x365 Security Operations Center (SOC) constantly monitors for potential threats, quickly identifying and resolving issues to prevent disruptions.

Unmatched Expertise
Our cybersecurity experts bring deep knowledge and experience, providing the highest levels of service.

In today’s interconnected world, having a trusted and responsive Managed Service Provider (MSP) is not just a competitive advantage—it’s a necessity. With Ntirety, you can rest assured that your system and security needs are in capable hands, empowering you to focus on what you do best: running your business.

To learn more about Ntirety Managed Services, schedule a consultation.

The Rising Threat of QR Code Phishing: Protecting Your Credentials

October is Cybersecurity Awareness Month! As designated by the US Government’s Cybersecurity and Infrastructure Security Agency (CISA), October is a dedicated time for the public and private sectors to work together to raise awareness about the importance of cybersecurity. Ntirety has always been focused on security, and this month we’re sharing a variety of content to highlight ways to combat dangerous cyber threats. One of this year’s official Cybersecurity Awareness Month tips for staying safe is “Recognize and Report Phishing,” and in this blog post we’ll explore the emerging threat of QR code phishing attacks and how you can protect yourself and your organization.

In today’s digital age, cybersecurity has become a paramount concern for individuals and organizations alike. Cyber threats are increasingly prevalent, with one of the most common attack vectors being credential theft. Phishing is a method often employed by threat actors to gain access to credentials. As these attackers become more sophisticated, it’s crucial to stay informed and vigilant.

Credential Theft: A Persistent Threat 

The foundation of many cyberattacks lies in the theft of user credentials. Whether it’s your email, social media accounts, or workplace login, credentials are a valuable commodity for cybercriminals. Once they gain access to your account, attackers can not only steal sensitive information, but wreak havoc and potentially compromise an entire organization.

The Power of Phishing Attacks 

Phishing is a tried-and-true, and fairly simple, method for harvesting credentials. Phishing involves tricking an unsuspecting individual into revealing their login information, through a communication that appears legitimate in nature. While traditional email-based phishing attacks are well-known, a new variant has been on the rise: QR code phishing attacks.

QR Code Phishing: A Growing Threat 

QR codes have become ubiquitous, appearing on restaurant menus, flyers, and even in advertising campaigns. Their ease of use and the quick access to information they provide make them an attractive choice for both legitimate businesses and malicious actors. As the name implies, QR code phishing attacks involve threat actors leveraging the convenience of QR codes to deceive targets. To carry out the attack, a cybercriminal will send an email containing a QR code, typically disguised as an authentication attempt or a seemingly harmless link. When the user scans the QR code, they are redirected to a malicious website designed to download malware or harvest their valid credentials. What makes this threat even more insidious is that it can also target less protected devices, such as mobile phones and tablets. While this often occurs over email, some QR code phishing attacks also involve placing QR Codes in physical locations, such as on posters, flyers, and product packaging. The QR code may be placed in a location where it is likely to be scanned, such as a public place or a busy area.

Protecting Yourself from QR Code Phishing 

It’s crucial to remain vigilant and take proactive steps to protect yourself and your organization from QR code phishing attacks. Some methods of defense include:

  • Cybersecurity Awareness Training: Regularly educate yourself and your employees about cybersecurity best practices. Understanding the evolving threat landscape is the first line of defense.
  • Phishing Attack Simulation: Conduct regular phishing attack simulation tests to assess your team’s preparedness and ability to identify phishing attempts.
  • Not Trusting Unverified QR Codes: Only scan QR codes from trusted sources. If you receive a QR code via email be extremely cautious, and don’t scan it unless you are 100% certain it’s from a legitimate sender.
  • Reporting Suspicious Activity: If you encounter any suspicious emails or QR codes, report them immediately to your organization’s Security Operations Center (SOC) or IT department. Many organizations have a “Report Phishing” button in their email client to facilitate this process.
  • Thinking Before You Click: When scanning a QR code, be cautious if it leads you to a webpage requesting confidential information. If in doubt, do not scan, or stop and seek assistance from your IT team.
  • Staying Informed: Keep up to date with the latest cybersecurity news and advisories, as this can help you recognize emerging threats and how to identify them.

Ntirety can help your organization stay secure with service offerings in each of these areas.

One Compromised Account, Many Consequences 

Remember, a single compromised account can have far-reaching consequences that extend well beyond the breached account or device. A single point of compromise can serve as the gateway to a massive breach, with impacts for not only your personal data, but also the security of the organizations you interact with.

As with all cyber threats, it’s essential you stay vigilant, stay informed, and protect your credentials from the growing threat of QR code phishing. We’ll be sharing more insights on cybersecurity all month long, so be sure to check back on the Ntirety blog, or visit the Ntirety website to learn more about Ntirety’s Managed Email Security Service, and how Ntirety works to secure the Ntirety of your organization.

 

Sources Consulted and Further Reading

RSA 2023 Conference Report: A Security Event That Lasts a Year

Each year, the cybersecurity community gets together for one of the leading cybersecurity events, RSA. RSA brings together industry experts, thought leaders, and innovative minds to discuss the latest trends, challenges, and advancements in the field. As we enter the second half of 2023, the conference’s key insights and noteworthy discussions become the fabric of our practices.  

The Future of Cybersecurity 

Naturally, the RSA conference kicked off with a focus on the emerging threats organizations are facing in our rapidly evolving digital landscape. The increasing sophistication of cyberattacks and the need for robust security measures were leading themes, as well as the importance of adopting proactive approaches, such as threat intelligence sharing and AI-powered defense systems. As the week progressed, visions of the future of cybersecurity were omnipresent with very conceptual spin – from artificial intelligence to quantum computing, to the still-emerging blockchain. Each has the potential to bring forth their own revolution in security practices, and together these glimpses form a destiny of revolution in cyber response, detection, and protections that are just around the corner.  

Privacy and Compliance 

As the data explosion continues, the protections and regulations that guide the industry continue to be major topics. In today’s age of heightened data protection regulations, the need for more robust tools that allow for greater protection, prioritization, and transparency could not be clearer. Industry and governing regulations wield an increasing impact upon the landscape, which guarantees that the specter of practice recommendations, technologies, and leadership will continue to evolve for years to come.  

Humans Being 

The current state of the industry is driven to address the most non-technical and unpredictable component on the scene – humans. Human elements were a focal point of discussion at the event, as experts continued to explore the challenges of addressing the weakest link in the chain – and the first line of defense. The takeaway? Culture matters, and a cybersecurity-first culture can make all the difference. Awareness training, better cyber hygiene, and helping employees and the public recognize that perceived inconveniences such as MFA, registration, and other validations are better than the alternatives of losing your identity, livelihood, or affecting your organization can make a huge difference.  

Zero Trust Architecture  

Zero Trust principles seem obvious in the industry today, yet they remain difficult to achieve. The Zero Trust mission is more than a financial investment; it’s an institutional change. The subject is embedded into an unprecedented number of conversations, and the message could not be any clearer: To ensure comprehensive security we must, as an industry, continue to drive to ensure full authentication and authorization of every user and every device, regardless of their location, network, or any other characteristics. Granular access, micro-segmentation, and continuous monitoring are essential pieces of this architecture. 

Sustaining and Accelerating Cyber Community 

Another major topic of discussion was the state of the cyber community. Collaboration and information sharing are vital tools in the fight against cyber threats, and in an introspective sense the event itself proves to be one of the leading platforms. However, in the spirit of this information state, intelligence sharing platforms continue to evolve and emerge, cross-industry collaborations are forming, and initiatives and frameworks are setting the foundation for a future of increased communications that include public-private partnerships among their ranks. 

CISO Evolution 

Just as everything in the field of cybersecurity evolves, the role of CISOs in most organizations also continues to evolve. Beset by increased challenges, opportunities, and expectations, these critical stakeholders are taking on more than ever before, enabled and seeded by one of the most critical missions in the organization. Transformations in this area include the addition of essential cybersecurity considerations in foster culture, higher engagement and critical function with the business itself, and strategic risk management. This is an evolving adaption based on action-first principles focused on protecting the organization.  

Just a Few Highlights 

It’s impossible to capture a week’s worth of critical discussions, so I’ve selected some of the highlights for this post. This was not an easy task with so many topics to explore! The RSA event served as a melting pot of ideas, insights, and innovations, and highlighted the evolving landscape of cybersecurity. From emerging threats to cutting-edge technologies, privacy regulations to collaboration, and the human element in security, RSA provided a comprehensive platform for industry leaders to shape the future of cybersecurity. As organizations navigate the ever-changing threat landscape, the key takeaways from RSA serve as valuable guideposts in our collective quest for a secure digital future – at least until next year.

CFO Focus on Cybersecurity: NIST and Ntirety

C-Levels, and specifically CFOs and other financial executives, have increasingly used NIST standards to respond to cybersecurity requirements and the significant data risks they address. This transition of framework practices is possible in large part due to the existence of similar controls and measures in traditional finance operations. 

The NIST framework helps organizations define full-cycle solutions for assisting in planning and management, measurement and analysis, and response systems. The systems can provide answers and refinement to issues such as: 

  • Defining asset protection in strategy and planning 
  • Plans to meet the requirements of critical infrastructure operations 
  • Evaluation of incident response capabilities  
  • Evaluation of incident communication plans
  • Identification of critical assets, along with risks and vulnerabilities 
  • Plans to meet the standards of regulatory requirements 

The list expands from there and, as described in the previous article, an organization can use the NIST framework to quickly build a roadmap to better security. Perhaps the biggest takeaway is that effective cybersecurity programs are proactive and continuous, aligning with operational strategies throughout. Additionally, frameworks can serve as a specific backbone towards maintenance and improvement.  

NIST Highlights 

Let’s dig into the tenants of the NIST Cybersecurity Framework, which is composed of the following five elements: 

  • Identify: Identify the cybersecurity risk (vulnerabilities) to systems, people, assets, data, and capabilities 
  • Protect: Safeguard to ensure delivery of critical services 
  • Detect: Identify the occurrence of a cybersecurity event 
  • Respond: Take action regarding a detected cybersecurity incident 
  • Recover: Support timely recovery to normal operations to reduce the impact from a cybersecurity incident 

The framework helps companies create measures for practical cyber-incident prevention, response, and overall security design.  

Ntirety: Beyond NIST 

At some point, cybersecurity framework outcomes need to align with efforts. Cybersecurity is unique because of the systems and requirements involved; when cybersecurity is applied in a company environment, it is always layered through activities that build towards a complete solution. Complete is what we should all strive for, where nothing is left unmonitored, unverified, or unanswered. 

Ntirety answers the total solution by leveraging its approach to NIST outcomes. Ntirety groups the five elements outlined above into two broad categories: Protection and Recovery. It wraps the elements within an Assurance service designed to ensure the enterprise meets any outside requirements and the standards it has set for itself.

Figure 1: Ntirety Cybersecurity Framework Grouping – Comprehensive Compliant Security

Finance leaders will recognize the following categories, which are contextually analogous to NIST frameworks. First, we can regroup the NIST framework elements by dividing them into the two primary categories that define Internal Control frameworks, which are: 

Preventive

  • Identify: Finding the vulnerabilities 
  • Protect: Implementing the systems and applications to close the identified vulnerabilities

Detective or Mitigating

  • Detect: Identify the occurrence of cybersecurity events 
  • Respond: Take action against the CS event 
  • Recover: Timely return to normal operations, minimizing the impact of the cybersecurity incident

Most Competitors are Single Track 

By comparison, every competitor falls into an approach that offers these general services: 

Protection Focus

  • Assessment Firms: Primarily do project-based work to identify cybersecurity vulnerabilities 
  • Protection Technology Firms: Often hardware or application vendors (i.e. firewall firms, endpoint protection technology companies)

Detection/Mitigation Focus

  • Managed Detection & Response (MDR) Service/Technology Providers  
  • Firms that specialize in mitigating cybersecurity incidents by identifying and addressing the cybersecurity event.  These firms are mix of technology providers to facilitate MDR and service providers

DRAAS & Backup Service Providers

  • A mix of application and service providers, providing technologies or the DR or backup service.  These are often not focused on security, but only in providing recovery from a platform or application failure 

COMPREHENSIVE Compliant Security is Different 

Unlike the competition, Ntirety’s comprehensive security solutions encompass both Protection and Mitigation in the context of financial controls. Further, unlike MDR firms Ntirety provides Secure Disaster Recovery as a Service (DRaaS) and Backup services. The competition generally addresses only a portion of the five elements of the NIST Cybersecurity Framework, leaving the enterprise to manage the interoperation of various services, technologies, and applications – and often to execute the response actions provided by their MDR service providers.

Ntirety: NIST Foundation and Financial Sanctity 

Corporate governance, auditing, and frameworks allow executives, employees, and shareholders to keep financials in line with expectations. In cybersecurity, similar measures help guide a countless number of companies on their journey to improved operations and capability to respond and recover from cybersecurity incidents. Ntirety has built an industry-unique Comprehensive Compliance Security system that covers the complete NIST framework, adding Assurance to its features. With comprehensive Ntirety services, clients excel on their cybersecurity initiatives and benefit from more than 25 years of experience in designing, building, operating, and securing client environments.

CFO Focus on Cybersecurity: Why NIST Cybersecurity Frameworks Matter

From the moment any data system comes online, it is at risk of breach. Modern workloads and data reside, change, and grow in a medium of capabilities and simultaneous risk. In the wild, more than a million cyberattacks occur on the web on average each day. The odds of avoiding becoming a target are simply not very good. The need for continual cybersecurity measures is extremely prevalent, and there is a call for programs that feature heightened vigilance and performance in the face of modern threats.

Threats to Financial Teams

Financial teams are in an especially exposed position. Their data is a high-value target treading in a mass of computing largesse, and any leak could pose an existential threat to their careers, not to mention the company itself. The implications of just one successful attack could cost millions, and thus CFOs have grown to be shared custodians of cybersecurity initiatives. CFO executives have started to focus on cybersecurity solutions with more emphasis than ever before, and to explore the depths of current cybersecurity threat conditions. What this exploration has revealed is that the familiar benefits of frameworks can be applied towards solutions.

The Familiarity of Frameworks

Framework systems build on basic concepts and controls, and work as scaffolding systems that guide efforts through reporting, analysis, and workflows. Financial professionals are familiar with frameworks, as the framework is the core of financial operations. Without it, a business would lose control over finances and ultimately fail to succeed.  

Over the years, as threat and risk conditions have escalated, the setting for advanced cybersecurity measures has moved out of the server room (and the hands of information technology teams) and to the executive table. Championed by the CFO and other executives, this change demands direct access to the board and the budget planning process. Cybersecurity investments are critical and significant, and along with those characterizations the familiar standards of frameworks have proven to provide valuable measurement of risks, controls, and performance.

The NIST Standard 

One of the most accepted cybersecurity frameworks is the NIST standard known as the “NIST Cybersecurity Framework.” The NIST Cybersecurity Framework covers five key functions:

  • Identify
  • Protect
  • Detect
  • Respond 
  • Recover

Organizations are leveraging this framework as an anchor to build an approach that is repeatable, flexible, prioritized, cost-effective, and based on performance. In other words, the NIST framework checks all the boxes as it offers guidance and assistance toward the management of cybersecurity risks. Prevention, ruling measures, and the ability to recover in the event of an attack are all rolled into the framework.  

The NIST framework has gained merit with C-suites, boards, and CFOs, and it’s important to recognize its value in the cybersecurity conversation – and in providing a high-level overview of the business and its protections. Digging deeper, specific NIST publications (SP 800-171 and SP 800-53, as examples) offer more than 100 controls and measures and provide a roadmap to a better secured, lower risk future. These serve as the vehicle of justification for cybersecurity initiatives, creating greater success in the mission and for the business. 

Cybersecurity as Business Imperative 

Once relegated to information technology teams, cybersecurity has taken on an appropriate scope of enterprise-wide focus. Financial executives have stepped up to the risks and challenges of an age where traditional security mindsets cannot meet the standards of acceptance. Due to its existential nature and massive financial implications, cybersecurity has become the most significant risk to the business. Security frameworks have created a consumable channel at the executive table, providing valuable guidance towards better security practices and technologies.  

With any framework in place, the business begins to gain insight into and confidence in its measures. This applies in both financial matters and cybersecurity. With cybersecurity frameworks, organizations can leverage the virtual blueprints that emerge to create effective actions that feed directly into their cybersecurity infrastructure. These frameworks can take their place in technology decisions, as planning plus action equals results and improvements. Cybersecurity frameworks such as NIST help organizations assess and build actionable plans and determine exposure to risks.  

Cybersecurity guidance that is derived from a framework approach offers the most value when tactical points are matched up to actions. Organizations can pragmatically build out on a custom cyber-resilience strategy that aligns with the extremely individual context of an organization’s assumption of risks.  

How Ntirety Can Help 

Ntirety Compliance Services provide a comprehensive and reliable solution for ensuring your business remains compliant with industry regulations and NIST standards. Our team of experienced compliance experts will work closely with you to assess your current compliance posture, identify any potential gaps, and develop a customized plan to help your organization achieve and maintain compliance. With Ntirety services, you can feel confident your business is meeting all the necessary requirements and avoid costly penalties or other negative consequences. By choosing Ntirety Compliance Services, you can focus on running your business while we take care of the complicated compliance issues.

Why Security Maturity is Necessary for Your Business

A security maturity model is a set of characteristics that represent an organization’s security progression and capabilities. According to CISOSHARE, Key Processing Areas (KPAs) in a security maturity model are practices that help improve a security infrastructure 

These KPAs include:  

  • Commitment to perform  
  • Ability to perform  
  • Activities performed  
  • Measurement and analysis of the results
  • Verifying the implementation of processes  

Levels of security maturity range from 1 to 5, with the lowest level of security maturity being one and the highest level of security maturity being five. Various industries lie within these levels, depending on their security needs. The retail industry typically falls under Levels 2 or 3, manufacturing falls between 3 to 5, while Fintech and Healthcare are between levels 4 and 5 due to the high levels of compliance needed in these industries.  

Ntirety details these levels of security maturity by detection, response, and recovery times:  

  • Level 1 (Vulnerable)  
  • Time to Detect: Weeks/months  
  • Time to Respond: Weeks  
  • Time to Recovery: unknowable
  • Recovery Point: unknowable
  • Compliance: None  
  • Level 2 (Aware & Reactive)  
  • Time to Detect: Days
  • Time to Respond: Hours
  • Time to Recovery: 1-2 Days
  • Recovery Point: <2 days data loss
  • Compliance: Internal Objectives

  

  • Level 3 (Effective)  
  • Time to Detect: Hours  
  • Time to Respond: Minutes  
  • Time to Recovery: Hours  
  • Recovery Point: <24 hours data loss
  • Compliance: Internal & 3rd party  

 

  • Level 4 (Compliant)  
  • Time to Detect: Minutes  
  • Time to Respond: Minutes
  • Time to Recovery: Hours
  • Recovery Point: <6 hours data loss
  • Compliance: Internal & 3rd party  

 

  • Level 5 (Optimizing)
  • Time to Detect: Immediate
  • Time to Respond: Immediate
  • Time to Recovery: Immediate
  • Recovery Point: <15 min data loss
  • Compliance: Internal & 3rd party  

How Ntirety Helps With Security Maturity: 

With over 20 years of industry experience, Ntirety understands how to support a business’s cybersecurity maturity needs and follow the necessary processes to ensure a smooth transition into IT transformation.  

For a company to appraise their security maturation with Ntirety, the first step is to have a conversational assessment with our team to determine the security gaps in your business’s cyber infrastructure. Our team can see where your business lies in the security maturity framework and compare it to your goals by answering some questions. Whether it is a particular industry vertical that your company falls under, you are adopting best practices within your IT infrastructure operations, or it is a board mandate, we can help formulate a plan based on your business’s needs.  

Following an assessment, the Ntirety team can detail how to improve Protection, Recovery, and Assurance. Ntirety’s Guidance Level Agreements (GLAs) can help improve these areas by optimizing availability, security, performance, and costs. Ntirety is committed to securing the “entirety” of your environment through solutions that identify, inventory, and protect the entire target environment. Ntirety’s Compliant Security Framework covers the security process from establishing your security design & objectives through protection, recovery, and assurance of compliance to your security requirements.  

One mistake we often see with companies is the idea of doing it themselves being a safer option. While resourcing a cybersecurity solution internally may seem more manageable, it can be far more costly and take away from other essential business functions. Here are the top 7 reasons to outsource security:  

  1. Finding and maintaining a talented SIEM/SOC team is expensive
  2. The benefit of trends and detection of other customers
  3. Accessing more threat intelligence and state of the art technology
  4. Long-term Return on Investment
  5. Outsourcing lowers the Risk of conflict of interest between departments
  6. Enhancing efficiency to concentrate on your primary business
  7. Scalability and flexibility 

For more details on securing your cyber infrastructure, watch our most recent webinar and schedule an assessment with us today. 

Michigan Mutual Gains Uptime through Ntirety Managed Services

Michigan Mutual is a mortgage broker founded in 1992 by brothers Mark and Hale Walker. Over the past few decades, the business has expanded across 35 states and now has a total of 100 Mortgage Loan Advisors. As a company that handles financial information, being able to quickly communicate with customers while keeping personal data secure is a top priority and core to their value proposition. The challenge is having all the right tools and technology in place to compete with big players and some nimble smaller ones. 

Michigan Mutual had to move their back-office IT servers from their office suite to a data center that they owned and operated. Over time their server, storage, and network set-up became outdated.  A decision had to be made on how to make sure data management was as efficient as possible in the spring of 2017. 

To free up their time, and increase availability and security, Michigan Mutual turned to Ntirety for a virtual desktop services solution (VDI) and moved everything from their own data center to be on Ntirety’s VDI and DR infrastructure. The VDI and on-prem DR Solution moved to Ntirety in August 2017. In June 2018 their applications and back-office were also moved to be fully handled by Ntirety. 

With Ntirety onboard, the mortgage company now has more uptime and availability to focus on other business operations. The migration to Ntirety’s data center gives the Michigan Mutual team more servers and desktops that are available all the time and running at peak performance. 

Centralized administration and cloud desktop means that regardless of what happens in any individual area, employees can just go somewhere that has internet, and they’re back up and running. 

“We have been fortunate in the fact that the Ntirety team has been able to focus and to get attention to things quickly to help us get results,” Michigan Mutual EVP and CIO Bruce Clarke said. 

The reliability, communication and support from Ntirety has helped Michigan Mutual to feel valued as a customer and feel confident in the Ntirety solution. That confidence allows the Michigan Mutual team to stay focused on being competitive in the market rather than worrying about managing their infrastructure. 

Read the full case study here for more details about how the Ntirety solution helped Michigan Mutual gain uptime. 

Capco Gains IT Visibility and Accurate Security Monitoring with Ntirety

Global technology and management consultancy Capco specializes in driving digital transformation in the financial services industry worldwide. With a growing client portfolio comprising of over 100 global organizations, Capco needed to optimize and better secure their IT environment.  

The consultancy’s legacy IT systems were causing their team and outside security provider to chase false positives in monitoring applications and environments. The system in place did not give Capco visibility to see what their legacy security provider could see and vice versa. 

Ntirety’s solution implemented collaboration, clear communication and visibility of changes that are made. The Ntirety solution gave Capco the ability to create and customize specific security rule sets to limit accessibility to applications and ensure the intended users are the ones using them. 

Read more about how the Ntirety solution secured Capco’s IT infrastructure in the full case study here.