How Spalding University Strengthened Security and Achieved GLBA Compliance

As privacy and compliance demands in higher education grew more complex, Ntirety’s customer sought a trusted partner to enhance its security posture and meet the requirements of the new Gramm-Leach-Bliley Act (GLBA).

The Challenge: Meeting GLBA Compliance

Spalding University’s small IT team had already prioritized security with a managed firewall service. However, the introduction of new GLBA requirements underscored the need for more robust and proactive security measures to achieve compliance by the looming deadline.

We were always going to outsource this. An operation that’s 24/7 with a small team is not really possible. We need a good partner to provide around the clock service and help monitor because we can’t be in front of monitors all day, every day.” – Ezra Krumhansl, CIO, Spalding University.

After evaluating multiple managed service providers, Spalding chose Ntirety for its deep expertise and robust solutions across IT areas.

Proactive, Comprehensive Security

To strengthen Spalding’s security posture, Ntirety implemented Next-Generation Firewalls, Managed Detection and Response with Endpoint Protection, and log ingestion with 24x7x365 monitoring. Monthly cybersecurity training for employees, including Ntirety’s Email Security and Phishing Awareness Training, fulfilled a key requirement of the GLBA and empowered staff to recognize and prevent threats. 

These solutions delivered advanced threat detection and response, actionable alerts, granular reporting, and improved visibility. Spalding achieved GLBA compliance, reduced risk, and maximized the efficiency of their small IT team while focusing on mission-critical activities. 

Discover the Full Story

Curious to learn more about how Ntirety transformed Spalding University’s security posture? Read the full case study here.

See How a Leading Airflow Product Company Modernized Its IT Infrastructure and Strengthened Security

A typical use case of Ntirety’s customer base is growth over time that results in insufficient infrastructure, security gaps and outdated data models. This was true for a leading provider of industrial airflow solutions during its rapid global expansion. The company’s rapid growth exposed weaknesses in its IT infrastructure and other related challenges.

Barriers to Scale

The company’s technology infrastructure struggled under an increased workload, leading to high latency, database issues, production outages, and compliance challenges. Its IT leaders realized the company needed a hosted infrastructure to better support their enterprise resource planning (ERP) and database applications that drastically improved performance to accommodate their growth. Additionally, they wanted to gain highly responsive application support, backed by proactive security threat identification and remediation. With an IT team of less than 10, the company’s in-house resources were stretched thin to tackle all facets of this project.

Partnering for Success

Bluewave, the company’s trusted technology advisor, stepped in to help. Bluewave’s experienced technologists assessed the company’s technology portfolio, and recommended Ntirety. Ntirety’s comprehensive solutions across cloud infrastructure, security, compliance, and data, were exactly what the company needed to modernize its infrastructure, strengthen security, and meet regulatory compliance.

Achieving High Performance and Availability

Ntirety worked closely with the company to provide a holistic solution across the IT stack. The company selected Ntirety’s Private Cloud and Managed Database Services as the solutions to modernize its infrastructure and databases. To keep its infrastructure secure, the company also opted for Managed Detection and Response Service (MDR) to gain proactive network monitoring 24x7x365.

The result? A highly available, secure, performant system with significantly improved uptime and no production outages. The company now enjoys a stable, resilient IT environment that supports their continued growth, while Ntirety’s Managed Services relieves the burden on their in-house team, freeing them up to focus on business growth.

Want to learn more about how Ntirety transformed this customer’s IT infrastructure and positioned them for future success?

Read the full case study here.

How to Align Your Cybersecurity Strategy with the NIST Framework

In today’s digital age, cybersecurity is more critical than ever. Cyber threats are constantly evolving, and organizations of all sizes must be proactive in protecting their data and systems. Implementing the NIST Cybersecurity Framework is one of the most effective ways to enhance your cybersecurity posture.

What Is the NIST Cybersecurity Framework?

The NIST Cybersecurity Framework is a set of guidelines and best practices designed to help organizations manage and reduce cybersecurity risks. Developed by the National Institute of Standards and Technology (NIST), this framework is widely recognized and used by organizations across various industries to improve their cybersecurity defenses.

Key Benefits of the NIST Framework

  1. Comprehensive Coverage: The NIST framework covers all aspects of cybersecurity, from identifying potential risks to responding to and recovering from incidents. This comprehensive approach ensures that no part of your cybersecurity strategy is overlooked.
  2. Customizable to Your Needs: One of the strengths of the NIST framework is its flexibility. It can be tailored to fit the specific needs and resources of your organization, regardless of size or industry.
  3. Alignment with Business Goals: The framework helps align cybersecurity efforts with your organization’s business objectives. This ensures that your cybersecurity strategy supports and enhances your business goals rather than hindering them.
  4. Improved Risk Management: By following the NIST framework, organizations can better identify, assess, and manage cybersecurity risks. This proactive approach helps in prioritizing and addressing the most critical threats.
  5. Enhanced Incident Response: The NIST framework includes guidelines for responding to and recovering from cybersecurity incidents. This ensures your organization is prepared to handle incidents effectively, minimizing damage and reducing recovery time.
  6. Compliance and Best Practices: Implementing the NIST framework can help organizations comply with regulatory requirements and industry standards. It also ensures that you are following cybersecurity best practices recognized globally.

How the NIST Framework Works

The NIST Cybersecurity Framework is organized into five core functions:

  1. Identify: Develop an understanding of your environment to manage cybersecurity risk to systems, assets, data, and capabilities.
  2. Protect: Implement appropriate safeguards to ensure the delivery of critical services.
  3. Detect: Develop and implement activities to identify the occurrence of a cybersecurity event.
  4. Respond: Be prepared to act regarding a detected cybersecurity event.
  5. Recover: Maintain plans for resilience and restore any capabilities or services impaired due to a cybersecurity event.

These functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk.

Why Adopt the NIST Framework?

Adopting the NIST Cybersecurity Framework is a strategic move that can significantly strengthen your organization’s cybersecurity posture. It provides a structured approach to managing cybersecurity risks and ensures that your efforts are comprehensive, effective, and aligned with your business goals. By implementing the NIST framework, you can enhance your organization’s resilience against cyber threats and ensure that you are well-prepared to handle incidents that may arise.

How to Align Your Organization with the NIST Framework

Ntirety has developed a self-service, online security assessment to help organizations identify and address cybersecurity gaps and risks. The free assessment consists of 10 questions aligned with the NIST framework, covering the key areas: Identify, Protect, Detect, Respond, Recover. Upon completion, you’ll receive a comprehensive report with tailored recommendations for each area, prioritized to help you tackle the most critical gaps first. This report is an excellent first step in upgrading your organization’s cybersecurity posture.

Click here to take the assessment and get started.

Ntirety is the leader in comprehensive managed services, partnering with organizations to modernize and secure today’s complex IT environment. Ntirety’s solutions span cloud infrastructure, cybersecurity, data, and compliance, connecting mission-critical data across highly secure, available, and resilient environments.

If you’re looking to take the next steps in understanding and implementing the NIST CSF for your organization, the experts at Ntirety can help. Request a consultation to get started.

The CrowdStrike Impact and the Ntirety Response

By Steven Spence, SVP Customer Operations, Ntirety

Businesses around the globe experienced major disruptions to their IT stacks on July 19, 2024 due to a CrowdStrike update. Ntirety would like to take a moment to inform customers how we approached this challenge on their behalf.

The Cause of the Outage

According to CrowdStrike, the outage was caused by a defect found in a Falcon content update for Windows hosts. Ultimately, this was caused by a bug in their validation software and a process error with their Rapid Response Content release testing. CrowdStrike has pledged to improve in both of these areas.

While we’ve all experienced impact from issues around people, process, or hardware failures, for managed services providers like Ntirety, ensuring the security and stability of customers’ IT environments is the top priority. The cause of the recent global disruption highlights one of the challenges of protecting even the most secure IT systems.

The Ntirety Customer Experience

Fortunately, the CrowdStrike incident had no effect on the Ntirety Security Services technology stack and customers utilizing the full Ntirety Managed Security Services experienced no disruption in service.

The primary benefit to Ntirety customers during this event is that Ntirety is not just a Managed Security Service Provider (MSSP) but also an award-winning Managed Service Provider (MSP), managing not just security services, but also infrastructure. What this means is that customers are able to utilize their own tech stacks and, should that technology fail, Ntirety is there to provide support and recovery services. Some of our customers do utilize CrowdStrike applications within their environments. For these customers, Ntirety supported remediation efforts as they became available.

Ntirety Support Engineers worked with our customers to remediate the impact during this outage. For those customers who rely on Ntirety’s Monitoring Insights platform, Ntirety notified affected customers as applications became unresponsive, even as remediations were simultaneously occurring based on runbooks designed in conjunction with these customers. Conference bridges were available where necessary, and engineers worked around the clock until all customers impacted were back online and running fully.

As a customer, when an incident of this magnitude occurs, it’s understandable to ask yourself, “What could I have done differently to avoid being impacted?”

The CrowdStrike defect was not caused by a cyber incident or a product quality issue. It was related to a process issue that CrowdStrike is taking steps to remediate. Responsible technology suppliers take quality control issues very seriously, and issues like the recent outage are extremely rare.

The Ntirety Commitment to Customers

As a Services company entrusted with critical systems and data, we at Ntirety deeply value our customers and are invested in their continued success. We state our commitment via a Customer Pledge that we take very seriously:

  • Put Customers and Partners first. Always.
  • Deliver peace of mind continually and rapid resolution, if necessary.
  • Invest in world-class systems and people.
  • Innovate with performance and value in mind.
  • Be transparent.

Here is how we put these commitments into practice.

Comprehensive Security Services
Our comprehensive suite of managed security services is designed to ensure your systems always remain secure and operational.

Rapid Response
When disruptions occur, the Ntirety team addresses issues immediately, minimizing downtime and maintaining business continuity.

Proactive Management
Our 24x7x365 Security Operations Center (SOC) constantly monitors for potential threats, quickly identifying and resolving issues to prevent disruptions.

Unmatched Expertise
Our cybersecurity experts bring deep knowledge and experience, providing the highest levels of service.

In today’s interconnected world, having a trusted and responsive Managed Service Provider (MSP) is not just a competitive advantage—it’s a necessity. With Ntirety, you can rest assured that your system and security needs are in capable hands, empowering you to focus on what you do best: running your business.

To learn more about Ntirety Managed Services, schedule a consultation.

Why Security Maturity is Necessary for Your Business

A security maturity model is a set of characteristics that represent an organization’s security progression and capabilities. According to CISOSHARE, Key Processing Areas (KPAs) in a security maturity model are practices that help improve a security infrastructure 

These KPAs include:  

  • Commitment to perform  
  • Ability to perform  
  • Activities performed  
  • Measurement and analysis of the results
  • Verifying the implementation of processes  

Levels of security maturity range from 1 to 5, with the lowest level of security maturity being one and the highest level of security maturity being five. Various industries lie within these levels, depending on their security needs. The retail industry typically falls under Levels 2 or 3, manufacturing falls between 3 to 5, while Fintech and Healthcare are between levels 4 and 5 due to the high levels of compliance needed in these industries.  

Ntirety details these levels of security maturity by detection, response, and recovery times:  

  • Level 1 (Vulnerable)  
  • Time to Detect: Weeks/months  
  • Time to Respond: Weeks  
  • Time to Recovery: unknowable
  • Recovery Point: unknowable
  • Compliance: None  
  • Level 2 (Aware & Reactive)  
  • Time to Detect: Days
  • Time to Respond: Hours
  • Time to Recovery: 1-2 Days
  • Recovery Point: <2 days data loss
  • Compliance: Internal Objectives

  

  • Level 3 (Effective)  
  • Time to Detect: Hours  
  • Time to Respond: Minutes  
  • Time to Recovery: Hours  
  • Recovery Point: <24 hours data loss
  • Compliance: Internal & 3rd party  

 

  • Level 4 (Compliant)  
  • Time to Detect: Minutes  
  • Time to Respond: Minutes
  • Time to Recovery: Hours
  • Recovery Point: <6 hours data loss
  • Compliance: Internal & 3rd party  

 

  • Level 5 (Optimizing)
  • Time to Detect: Immediate
  • Time to Respond: Immediate
  • Time to Recovery: Immediate
  • Recovery Point: <15 min data loss
  • Compliance: Internal & 3rd party  

How Ntirety Helps With Security Maturity: 

With over 20 years of industry experience, Ntirety understands how to support a business’s cybersecurity maturity needs and follow the necessary processes to ensure a smooth transition into IT transformation.  

For a company to appraise their security maturation with Ntirety, the first step is to have a conversational assessment with our team to determine the security gaps in your business’s cyber infrastructure. Our team can see where your business lies in the security maturity framework and compare it to your goals by answering some questions. Whether it is a particular industry vertical that your company falls under, you are adopting best practices within your IT infrastructure operations, or it is a board mandate, we can help formulate a plan based on your business’s needs.  

Following an assessment, the Ntirety team can detail how to improve Protection, Recovery, and Assurance. Ntirety’s Guidance Level Agreements (GLAs) can help improve these areas by optimizing availability, security, performance, and costs. Ntirety is committed to securing the “entirety” of your environment through solutions that identify, inventory, and protect the entire target environment. Ntirety’s Compliant Security Framework covers the security process from establishing your security design & objectives through protection, recovery, and assurance of compliance to your security requirements.  

One mistake we often see with companies is the idea of doing it themselves being a safer option. While resourcing a cybersecurity solution internally may seem more manageable, it can be far more costly and take away from other essential business functions. Here are the top 7 reasons to outsource security:  

  1. Finding and maintaining a talented SIEM/SOC team is expensive
  2. The benefit of trends and detection of other customers
  3. Accessing more threat intelligence and state of the art technology
  4. Long-term Return on Investment
  5. Outsourcing lowers the Risk of conflict of interest between departments
  6. Enhancing efficiency to concentrate on your primary business
  7. Scalability and flexibility 

For more details on securing your cyber infrastructure, watch our most recent webinar and schedule an assessment with us today.