Matt Bratlien and G.L. Dart
Copyright ©2020 Matt Bratlien and G.L. (George) Dart All rights reserved. With the exception of quoting brief passages and snapshots for purposes of review or education no portion of this book may be reproduced without express permission from the author and illustrator.
Terminology PTO: Professional Technology Organization MSP: Managed Service Provider InfoSec: Info what? Information security, sometimes abbreviated to InfoSec, is a set of practices intended to keep data secure from unauthorized access or alterations, both when it’s being stored and when it’s being transmitted. Here are the best practices that a Professional Technology Organization (PTO) uses to keep your data safe.
ISBN: 978-1-7333519-3-5 (Print version) ISBN: 978-1-7333519-4-2 (eBook version) Illustration by Michael Rohani. Book design by DesignforBooks.com Printed in the United States
HEADED TO THE AIRPORT?
YES!
SHE GOT A PTO SO WE COULD GO ON VACATION!
IS THAT THE IT SUBSCRIPTION PROGRAM?
YES, IT’S CALLED A PROFESSIONAL TECHNOLOGY ORGANIZATION (PTO).
HOW DO YOU LIKE IT?
IT’S SUCH A RELIEF. THEY ANTICIPATE WHAT THEY’RE ALWAYS I NEED. THERE, CONTINUALLY IMPROVING OUR PROCESSES AND TOOLS.
SO MOM, WHY WERE YOU ON YOUR PHONE WORKING?
I WASN’T. I GOT A NEWS ALERT. A COMPETITOR ANNOUNCED THEIR SYSTEM WAS COMPROMISED.
WHAT’S THAT?
SOMEONE GOT IN WHO WASN’T SUPPOSED TO BE THERE AND STOLE INFORMATION.
NO, OUR PTO PROTECTS MY BUSINESS.
YOU’RE WORRIED THAT WILL HAPPEN TO YOU?
I REMEMBER WHEN WE DIDN’T HAVE TO TAKE OUR SHOES OFF.
WAIT, YOU USED TO LEAVE YOUR SHOES ON?
YES, MANY YEARS AGO. NOW WE DO MORE TO STAY SAFE.
MY PTO DOES SOMETHING SIMILAR.
THEY SCAN YOUR SHOES?
NO, THEY LOOK AT MY ORGANIZATION’S RISK TO DETERMINE HOW MUCH SECURITY WE NEED. AND THEN USE TOOLS AND BEST PRACTICES TO PREVENT ATTACKS AND RESPOND QUICKLY TO ISSUES.
BUT THOSE PEOPLE KEPT THEIR SHOES ON AND SKIPPED THE LINE!
BECAUSE THEY WENT THROUGH A PRE-CHECK VETTING PROCESS.
YOUR PTO SHOULD HAVE A PRE-CHECK.
MY PTO IS MY PRE-CHECK.
THEY ENSURE I AM PROTECTED.
HOW? IT’S COMPLICATED. BUT I WANT TO KNOW!
OKAY, DO YOU SEE THAT SIGN?
SEE SOMETHING SAY SOMETHING?
YES, THREATS CAN EMERGE ANYWHERE.
REPORTING SUSPICIOUS ACTIVITY WAS ADDED TO KEEP AIRPORTS SAFE.
THAT’S WHY I KEEP MY BACKPACK WITH ME WHEN I GO TO THE RESTROOM.
IT USED TO BE OKAY TO LEAVE IT WITH A STRANGER TO WATCH, BUT NEW RISKS EMERGED. INFORMATION SECURITY THREATS FOR ORGANIZATIONS CHANGED TOO.
IN THE PAST, PROTECTING THE BUILDING WITH FIREWALLS AND ANTIVIRUS WAS ENOUGH. NOW WE NEED MORE LAYERS AND MONITORING.
SO YOU HIRED A SECURITY GUARD? THAT’S PHYSICAL SECURITY. DATA CAN GO ANYWHERE. DO YOU HAVE TO PROTECT EVERYTHING, EVERYWHERE?
YES, THE CLOUD MADE IT EASIER FOR EVERYONE TO IT’S WHY WE NEED ACCESS OUR DATA – EVEN LAYERS OF PROTECTION, THE BAD GUYS. LIKE EMPLOYEE TRAINING.
THE PTO TRAINED YOU?
THEN WHY HAVE SOMEONE MANAGE SECURITY IF YOU KNOW WHAT TO DO?
YES, THEY SHOWED US HOW TO KEEP OUR COMPUTERS, EMAILS, AND SYSTEMS SAFE.
TRAINING IS ONE OF MANY WAYS TO MANAGE RISK. IT’S PART OF THE IT SECURITY CULTURE SHIFT OUR PTO INTRODUCED TO US.
LIKE “SEE SOMETHING SAY SOMETHING!”
I WONDER WHAT’S IN THERE? YOU HAVE TO BE AN AIRPORT EMPLOYEE WITH A KEYCARD TO FIND OUT.
WHY?
IF EVERYONE HAD ACCESS TO EVERYTHING, THE AIRPORT WOULD BE LESS SECURE. ANYONE COULD WATCH CAMERAS, GET INFORMATION, AND CAUSE PROBLEMS.
YOUR PTO SHOULD LIMIT WHO CAN DO WHAT.
THEY DO! OUR PTO MAKES SURE NOBODY HAS MORE PERMISSIONS THAN THEY ABSOLUTELY NEED TO DO THEIR JOB.
BUT WHY NOT GIVE EVERYONE TOPLEVEL SECURITY? NOT EVERYONE NEEDS IT. HOW DOES THE PTO KNOW WHAT’S RIGHT? THE PTO FINDS THE RIGHT BALANCE. THEY WORKED WITH US TO IDENTIFY RISKS SPECIFIC TO US.
DOESN’T EVERYONE HAVE THE SAME SECURITY THREATS?
NO, SOME HAVE MORE, OTHERS LESS. THEY NEED TO BE PROTECTED DIFFERENTLY.
THE LAYERS YOU NEED DEPEND ON YOUR INDUSTRY REQUIREMENTS OR WHAT YOU DO.
YES, THERE ARE DIFFERENT LEVELS.
LIKE HOW AIRPORT WORKERS NEED BACKGROUND CHECKS, BUT WE DON’T?
MY COMPANY DOESN’T NEED THE SAME LEVEL OF SECURITY AS A BANK. THAT WOULD BE OVERKILL!
THEY HAVE DIFFERENT PROGRAMS DESIGNED FOR DIFFERENT INDUSTRIES.
SO YOUR PTO DESIGNS THE LEVELS?
DOES YOUR PTO WATCH YOUR SYSTEM?
THEY’RE LOOKING FOR BAD PEOPLE TRYING TO GET INSIDE?
YES. THEY PATROL WHAT’S HAPPENING INSIDE OUR SYSTEMS AND ALSO WATCH THE OUTSIDE.
THAT’S RIGHT.
DO YOU ASK EVERYONE THIS MANY QUESTIONS?
YES, AND I HAVE ANOTHER! HOW DOES YOUR PTO KNOW WHAT TO LOOK FOR? THEY EMPLOY A RANGE OF SECURITY AND SUPPORT EXPERTS.
WHY DO YOU NEED A TEAM OF EXPERTS?
YES, HE HELPS ME WATCH FOR BAD GUYS AND KNOWS TIPS THAT GET ME TO THE NEXT LEVEL.
WELL YOU PLAY VIDEO GAMES WITH UNCLE TONY SOMETIMES BECAUSE HE CAN HELP YOU, RIGHT?
OUR PTO TAKES US TO THE NEXT LEVEL TOO. THEY BALANCE SECURITY AND SUPPORT SO WE HAVE THE RIGHT PROTECTIONS TO RUN OUR ORGANIZATION.
LIKE YOUR GAME, WE HAVE TO WATCH FOR THREATS, MONITOR WHAT’S GOING ON, AND KEEP OUR SECURITY TOOLS UPDATED.
OUR GAMES HAVE UPDATES WITH NEW STUFF POPPING UP ALL THE TIME.
BUT HOW DOES YOUR PTO MONITOR ALL THEIR CLIENTS? THAT’S A LOT OF THREATS.
BUT NOT EVERYONE HAS THE SAME RISK!
THEY APPLY THE SAME PROCESSES, TOOLS, AND SUBSCRIPTIONS TO ALL CLIENTS.
EVERYONE NEEDS EFFECTIVE PROCESSES AND A STANDARD SET OF TOOLS.
IMAGINE IF THE REPAIRMEN HAD TO WORK ON 30 DIFFERENT MODELS OF PLANES.
THAT WOULD BE HARD TO MANAGE.
STANDARDIZING MAKES SECURITY SCALABLE FOR THE PTO.
THEY HAVE RELIABLE TOOLS AND PROCESSES TO USE DEPENDING ON THE RISK.
PLUS, THE PTO DOESN’T TRY TO SELL US ANYTHING. INSTEAD THEY FOCUS ON MATCHING THE TOOLS WITH OUR RISK TO PROTECT US.
LIKE REPAIRMEN CHOOSING THE RIGHT SIZE WRENCH!
CAN WE EAT HERE? THEY HAVE A HIGH SCORE.
UNCLE TONY TOLD ME WHAT THEY MEANT LAST WEEK.
WHEN DID YOU LEARN ABOUT HEALTH SCORES?
IT’S GOOD TO KNOW HE HAS SOME STANDARDS. DO YOU KNOW MY COMPANY HAS A SCORE? LIKE A HEALTH SCORE? YES, IT’S A SECURITY SCORE.
WHY DOES IT MATTER?
LIKE HIGH HEALTH SCORES, IT PROVES WE HAVE THE RIGHT TOOLS AND PROCESSES IN PLACE.
AND IT HELPS ME SAVE MONEY ON MY CYBER INSURANCE POLICY.
NOT YET, BUT SOON EVERYONE WILL NEED ONE.
WOW! DOES EVERYONE HAVE A SECURITY SCORE?
DOES YOUR PTO HAVE A HIGH SECURITY SCORE? YES. IS THAT WHY YOU TRUST THEM?
YES, THEY ARE AUDITED BY A THIRD PARTY EVERY YEAR.
WHAT’S AN AUDIT?
EVERY YEAR AN AUDITOR CHECKS THE SYSTEMS AND PROCESSES A PTO USES. AFTER THEY PASS, THE PTO GETS A CERTIFICATE TO SHARE WITH CLIENTS.
IT PROVES THE PTO TAKES THE RIGHT STEPS TO SECURE THEMSELVES AND THEIR CLIENTS. SECURE THEMSELVES? IF AN IT SERVICE PROVIDER ISN’T SECURE, THEY WOULD BE A RISK TO THEIR CLIENTS.
WHY? MANAGING DATA AND SYSTEMS MAKES THEM AN IDEAL TARGET FOR BAD GUYS, LIKE IN YOUR COMPUTER GAME.
LIKE THE PILOT, WE TELL THE PTO WHERE WE WANT TO GO AND THEY GET US THERE.
LOOK AT ALL THE CONTROLS THE PILOT HAS TO MANAGE. YOUR PTO REALLY IS LIKE A PILOT.
THEY ARE. THEY CONTROL ALL OUR SYSTEMS AND MANAGE OUR DATA.
BECAUSE THEY HAVE TO KEEP YOU SAFE. YES, THEY DO. A PILOT TAKES THEIR JOB SERIOUSLY. OUR PTO TAKES OUR INFORMATION SECURITY SERIOUSLY.
DO YOU HAVE ANY MORE QUESTIONS?
YES! CAN WE GO TO THE BEACH WHEN WE LAND?
Why We’re Committed to Helping Organizations with Technology Although technology has changed dramatically since we started in the industry two decades ago, the frustration and waste associated with IT support remains. Poorly defined expectations and an overall lack of standards make it challenging to compare IT strategies or see the true value of a technology partner. As we speak with local organizations, we continue to hear unfavorable accounts surrounding inflated budgets and short-term fixes.
G.L. Dart
We understand the frustration. Discussions like these do not align with the role we believe technology should play within an organization. Technology needs to be managed with a long-term, business-driven vision, not patchwork fixes. That’s why we established the first Professional Technology Organization (PTO), a holistic IT solution designed to actually manage the data, not just react to issues in our clients’ environments. Working with a PTO brings a true business partner to your team. We focus on aligning our IT expertise with your objectives to find the technologies and solutions that drive growth. Our thorough processes and systems are designed to bring scalable IT solutions to your organization. —Matt Bratlien and G.L. (George) Dart, Net-Tech cofounders
Matt Bratlien
Complete Your “My Best Practice” Technology Book Series
https://www.amazon.com/dp/B0CHMWW372