Client story Removing Security Barriers to Compliance for Government Contractors
Discover how Insight’s Managed Security for Compliance service provided a cost-effective path to compliance for one such organization.
By Insight Editor / 15 Jun 2021
By Insight Editor / 15 Jun 2021
Facts at a glance
Client industry:
Professional services
Size of company:
88+
Challenge:
To continue winning contracts for the federal government, IT leaders at Interactive Process Technology Associates (IPT) knew they’d need to achieve compliance with new regulations, including the Cybersecurity Maturity Model Certification (CMMC). But finding security resources with the necessary skillsets was difficult and expensive. IPT needed a partner to help them get compliant without overextending their budget.
Solution:
Insight worked with IPT to identify security and compliance gaps. Based on our findings, we created a road map with actions to remediate, manage and maintain security controls to meet CMMC requirements. Our plan leveraged their existing Microsoft 365 licenses paired with our Managed Office 365 and Managed Security and Compliance services.
Results:
Through Insight’s solution, IPT was able to:
- Meet CMMC Level 2 compliance within their Microsoft cloud environment without upgrading their licensing to GCC or GCC High
- Leverage security services equivalent to 3 full-time employees at a fraction of the cost
- Identify vulnerabilities among their end users via a modern approach to phishing campaigns, followed by effective remedial training for a complete end-user security solution
Solution area:
Insight’s Connected Workforce solutions address end-user compute needs that simplify IT management while improving connectivity and collaboration.
Cybersecurity compliance is a big deal for any business, but for organizations working with the federal government, it’s essential. For these organizations, compliance with certifications such as ISO 27001 and the Cybersecurity Maturity Model Certification (CMMC) is required to do business.
Microsoft 365™ Security provides the coverage needed to meet this challenge, but implementing and maintaining these security controls isn’t easy. The threat landscape is constantly evolving and the labor market for cybersecurity is competitive and expensive.
In light of upcoming CMMC regulations, our client, Interactive Process Technology Associates (IPT), needed to achieve a certain level of security standards to meet their objectives.
Founded in 1992 as a professional services company, this veteran-owned small business primarily deals with government contracting. IPT provides an array of professional services for large-scale systems and departments. Their clients include the U.S. Army, Department of Defense, U.S. Airforce, Federal Aviation Administration (FAA) and the Department of Veterans Affairs. While they were experts in their core business, IPT lacked the resources needed to meet the strict requirements for CMMC Level 2 certification.
“When we look at where we are, at the size [of our] company, [we don’t know] how we’re actually going to respond to [CMMC] requirements without infrastructure [or] having to hire a team of cybersecurity experts to do the things we don’t know how to do. We’re good at our core capabilities, but we have to find and hire the talent to do this internally,” says IPT’s Chief Operating Officer, Jon Katz.
By this time, IPT was already engaged with Insight’s Managed Office 365® and Azure® Active Directory offerings for administration and support of their Microsoft® environment. They initially came to Insight when a previous service provider did not meet their basic needs for support. According to Katz, “Tickets went unanswered, there wasn’t a lot of support. We didn’t have a great deal of infrastructure in regard to personnel. We were missing a lot [of components] and our people weren’t well-supported.”
Additionally, while they already had Microsoft 365™ E5 licensing and understood its potential to meet their security needs, they lacked guidance from their previous partner. IPT’s experiences with Insight’s managed services gave them the confidence to explore additional options for cybersecurity.
As luck would have it, Insight was already on the hunt for an existing Managed Office 365 client who would be willing to beta-test a new managed security offering for Microsoft 365 Security. Insight’s architects proposed an offering that would assist with the implementation of Microsoft 365 Security in their environment, while exploring features and options to be included with the managed offering.
IPT was a great fit for the program since they were already a trusted client engaged with Insight’s managed services. They had a forward-thinking attitude toward modern workplace technologies and we knew they’d understand our goals for the program. Most importantly, we knew they’d be willing to share honest feedback we could use to refine the managed service offering together.
According to Norm Andersch, Insight’s senior architect for the new solution, “IPT was a true collaborative partner. They shared their business knowledge and acumen, their compliance challenges and their critique of the solution.”
When we first outlined the new managed security offering, it was hard to distinguish from other similar offerings. Our collaboration with IPT helped us tailor the final iteration of this offering into something unique in the managed security landscape. Instead of focusing on administration, IPT helped Insight discover the need for organizations to have a partner to help them implement and understand their unique security requirements.
Our resulting Managed Security for Compliance offering helps clients implement and continuously evaluate Microsoft 365 Security features to maintain their security posture and meet compliance needs around CMMC and other regulations.
Responding to audits is something most organizations struggle with. Audits take the attention of security staff away from more essential activities like threat detection and remediation. That’s why we built our Managed Security for Compliance offering with audits in mind.
“We’re like a lifeline,” says Andersch. “If you don’t know what the answer is, you phone a friend. As opposed to sitting there shoulder-to-shoulder with you during an audit, we’re available for consultation and remediation if necessary.”
Insight’s goal is to provide organizations with expert guidance and reporting when they need it. This way, your Microsoft 365 environment will be one less thing to worry about when responding to audits.
According to Andersch, “The controls aren’t just there to satisfy auditors. They allow organizations to successfully and safely do business. The fact that we can actually prove that the controls are working through audit reports just shows the value of the service for managing your security.”
IPT’s Microsoft 365 environment is now aligned with CMMC. With the combined value of Insight’s Managed Office 365 and Managed Security for Compliance offerings, IPT was able to save the equivalent of almost 3 full-time employees and, according to Katz, Insight’s service delivery is more efficient and flexible than what they could have achieved in-house.
With the combined value of Insight’s Managed Office 365 and Managed Security for Compliance offerings, IPT was able to save the equivalent of almost 3 full-time employees.
“I think Insight has done a fantastic job for us. The one thing I really value about our relationship is the open dialogue. Insight does a great job at executing and following through. They do a great job at being agile, flexible and adjusting as we go along, but staying within the scope and statement of work that we agreed to. It’s been a great experience. I enjoy working with the Insight team. We’ve already recommended [Insight] to other companies we do business with.”
Discover reports, stories and industry trends to help you innovate for the future.