How the COVID Pandemic Paved the Way for the Cybersecurity Pandemic

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Craig (00:00):
We are live.

Erin (00:01):
Happy Monday.

Craig (00:02):
Yeah.
Happy Monday

Blake (00:03):
Ooh, sounds scary.

Erin (00:05):
Oh yeah.
Mondays are always scary.
Did you guys see the moon lastnight

Blake (00:10):
did not.

Erin (00:11):
Oh my gosh.
it was huge.
It was a full moon, but it wasextra bright.
I don't know what was going on,but I had three people actually
text me and be like, look at themoon.

Craig (00:19):
Oh, interesting.

Blake (00:20):
You see any werewolves?

Erin (00:21):
Just me.
That's really why I have so muchhere because I'm a werewolf our
world.

Blake (00:26):
Yeah.

Erin (00:27):
That's a lie.

Craig (00:28):
so we want to talk about how COVID 19 sparked the
cybersecurity pandemic.

Erin (00:34):
Yeah.
Yeah, I do think that's a goodtopic.

Craig (00:38):
Yeah.
So there's the mass rush ofcompanies that were trying to
figure out, how do we still stayopen?
How do we still remain inbusiness without having all of
our staff come to work?
So there's the big rush to workfrom home.
And like you said, Blake thatcalls for what's called a, bring
your own device policy or a BYOD policy.
A lot of the listeners probablydon't even know what that is,

(01:00):
but it mostly affects regulatedbusinesses.
The regulated businesses shouldknow what it is, especially
HIPAA and some of the folks, butbasically it's a policy.
It's a document that defineswhat kind of devices can
employees use for work?
Are they allowed to use theirpersonal laptop at home that the
kids share and play games on andif so, did they need to grant

(01:22):
their it department or provideraccess so that they could
properly secure that endpoint?
Or is there no, policy in placeand they just use that computer
or that endpoint and then hopefor the best.
And I think that that's where alot of companies were getting
into trouble on the latter pointwhere they didn't have a good
policy in place.
And there was nothing defined.

(01:43):
Everybody mass adopted zoom justmoved on with their day.
So that's where I think cybersecurity is sadly often pushed
to the side and I think hackers,we're starting to see that.
And that's where, I don't knowif you saw a lot of the COVID
scams around vaccine, justanything they can news Jack,
they were taking advantage ofincluding ransomware or

(02:05):
different kind of bad payloads.

Erin (02:07):
It was interesting too.
Cause I remember I guess twoyears ago, or two years ago now,
A lot of articles about that.
Also

Craig (02:16):
Absolutely.

Erin (02:17):
try to warn people that there's going to be
vulnerabilities.
So be careful, but you know, ina lot of times extreme
situations, you have to just dowhat you can do to stay afloat.

Craig (02:27):
Yeah.

Erin (02:28):
been two years and it's like, okay guys, maybe it's time
to really start buttoning upyour cybersecurity.
Now, even if we can't get handleon COVID, maybe we can get a
handle on our cyber risks.

Craig (02:38):
yup.
Yeah.

Blake (02:39):
think that's huge, too.
Companies were trying to figureout okay, how is the COVID
pandemic going to hurt ourprofitability?
How's it gonna hurt ourcustomers?
How is it gonna hurt theservices that we offer?
And that was the core focus formaybe the first three to six
months.
And then obviously they had nochoice, but to send everybody
home.
And then after that, they werelike, oh, well, everybody's at
home.

(02:59):
How do we secure the people thatwork for them?

Craig (03:02):
Right.
Yeah, it is a lot.
I think that like I said a lotof people were like, okay, we'll
use zoom.
Teams was just really startingto amp up.
So teams at that time startedupgrading and kind of taking
advantage of the situation too.
So it was kind of the battlebetween teams and zoom as far as
the online video meetings.
And then I think still mostcompanies, especially the ones

(03:23):
that are not regulated, I said,that did not have this kind of
foresight and policies in place.
I think that they were stillreally scrambling to figure it
out.
I think a lot of times it'sstill not figured out.
I think that there's still toomuch variance in the type of
equipment that a lot of thehomework force is using.
There's no standardization makescybersecurity a bit of a

(03:44):
nightmare.
If you've got 50 people thatwork for your company, and
you're all using differentinternet providers and you've
got different firewalls andyou've got different end points,
you've got whatever, computer orlaptop you bought for your home,
personal use.
Maybe you bought it at best buyor target or wherever bought it.
Most likely it's just not up tobusiness standards.
And what I mean by that is itmight have a home operating

(04:06):
system, maybe it doesn't haveencryption and the security
protocols that are built in atthe higher level business
quality pro or enterpriseversions of an operating system.
Some of the folks may use Maccomputers, but here's the sad
reality.
The sad reality is most peoplewhen the COVID-19 hit,
especially at the kind of thebeginning stage, I would say

(04:27):
most people that were workingfrom home or forced to work from
home.
The pandemic people gettingsick, or maybe they were sick,
whatever.
The point is that they probablydid not have ideal equipment.
And what I'm saying is some ofthem may have outdated
equipment.
Maybe they're using windowsseven or windows eight, or maybe
even older than that.
And that's just a nightmare forcybersecurity because now you're

(04:50):
giving somebody that is using,like I said, their family or
their kid's computer that maybewas used for games or whatever
could be potentially infectedwith malware.
Pop-ups all sorts of junk onthat machine.
Now it's added access to do workrelated functions.
That is literally like a garagedoor open for hackers to come in

(05:12):
and just drop nasty ransomwareand malware.
And this is where alsocompanies.
Oh, well, outside of zoom, howdo we get them into our server
and how do we connect them tothis or to that?
And, maybe they had on-premiseequipment or on-premise gear at
the corporate headquarters,firewalls, VPNs, things like
that.
So they're rushing to adopt allthese, this connectivity to try
to keep, the workforce cohesive.

(05:33):
Right.
And quite frankly, it's a loteasier from a networking and
cyber perspective.
If everybody's in one buildingor one location, everybody's
working from one place andcorporations and small companies
often when you have a business,they have similar equipment,
it's business quality and theirstandardization's there.
And my point is that when thewhole remote wave came from the

(05:55):
COVID pandemic, now you threw inevery kind of make model that
you can think of, mixture of Macand PC and old versions of new
stuff.
And it's just an it andcybersecurity nightmare.

Blake (06:06):
I was waiting for you to mention that their local it
friend who, you know, oh, JohnnyL my house broken notice, let me
walk to Johnny's office and letJohnny Hill swap it out or
whatever.
They don't have those assets athome anymore.

Craig (06:19):
So focuses on single points of failure and it focuses
on business decisions or companydecisions.
And this is where the policycomes into play, but it's
around, well, what happens ifkid or family laptop or endpoint
or desktop, whatever, what ifit's not new enough to run zoom?
Or what if it's not fast enoughto have a good meeting or maybe

(06:39):
you don't have a camera.
And then now, then there wasthis rush to buy equipment.
Right.
I don't know if you remember,but buying, even for us, it was
impossible to find lap.
It still is with the supplychain issues and things like
that.
So then it's like, What can youget?
And then how do you makewhatever you can get?
That might not be ideal?
How do you make it work?
It's just a nightmare.

Blake (06:58):
yeah.
The COVID way China first.
And then obviously where a lotof the semiconductors are,
produced.
Is there in China and thesemiconductor facilities weren't
producing processors for threemonths ahead of the wave before
it hit here.
So yeah, was like a whole littledomino effect.
and then of course a smallpercentage of companies, they
assign device, surprisingly,it's not a huge percentage.

Craig (07:19):
That's right.

Blake (07:20):
You'd get the fortune 50 fortune 500 that do assign
devices to their home employeesor their just their employees in
general.
But surprisingly a lot ofcompanies, just haven't done
that.

Craig (07:29):
just want to tail off of what you just said.
so what you said is such a greatpoint and what, kind of popped
into my head when you said thatis, What if you have a company
and you have employees thatdrive around, you reimburse them
for fuel and you have the IRSmileage rate, but what if you're
using a company or a personaldevice, that's not a car you're
technically putting quoteunquote miles on your computer.

(07:51):
maybe you need more Ram.
maybe.
you need more hard drive spaceto do the job.
So wouldn't it be interesting toget credits or something, I'm
not saying that that's reallythe right way to go.
I think the first part of whatyou said, Blake is company
issued equipment.
I think that's the cleanest wayto do it because you're a small
business, let's say you have 20people that are in the company.
It's much cleaner from a cybercompliance initiative to

(08:13):
standardize on.
Okay, we're going to get thismake and model.
Everybody's going to have theexact same equation.
And we're going to buy 10 ofthem or whatever.
And I understand that a smallbusiness of 20, maybe they can't
buy 20 at one time, but at leaststandardize on a model that's
more of a business level or acorporate level model.
And the difference, by the way,if you don't know the difference
between a corporate model and aconsumer model, the main

(08:35):
differences, manufacturer sticksto higher quality components on
the business model and theydon't change.
they don't say, oh, well, themotherboard is going to be this
version or this piece ofhardware next month, they
actually to a one-year windowand they don't change.
They freeze it.
So meaning all the componentsare frozen and the same, and

(08:56):
they don't do that, to hurtanything.
They do it for standardizationreasons and they do it for
keeping quality of the partshigh.
So for example, if everybody hasthe same exact make and model
computer.
It makes it real easy if thingsbreak, because when things
break, you could buy an extra,hot spare, right, or a cold
spare, sitting on the shelf,it's ready to go and you can do
that on a desktop or a laptop.

(09:17):
And then if something happenswith the boss's computer or
whatever, now you have extraparts right there, that's a
smart way to do it.
It's not a substitute forwarranty.
Obviously you want to havewarranty.
But my point is that on thebusiness levels, you get pro or
enterprise versions of thesoftware and the operating
systems.
So you get elevated softwareexperience.
And most of those levels are theability to connect that end

(09:38):
point to a server system,because that's typical when a
corporate invites.
The ability to enable at leaston Microsoft's pro and
enterprise or pro at least.
And up is the BitLocker, andencryption of the hard drive.
don't have that capability on ahome level operating system.
if you're in a sensitive orregulated environment, these are
important features that you'regoing to want to have.
So the consumer level equipment,though, it's like best effort.

(10:01):
It's like bleeding edge, thevideo card, or the motherboard,
or whatever might change and allof these hardware things,
variances that change month orweek after week, or whatever
it's kind of a mess for acompany.
Because even if you buy thatsame make and model, you're not
guaranteed to have the sameinnards and parts under the
hood.
So if something breaks, theremight be a, fair answer, a

(10:22):
difference there with, oh, thisvideo card is different than
this one.
So that's why it's so importantto get business.
Equipment.
And it cost a little bit moresometimes.
Yes it does.
But it's that standardizationand that consistency that gives
you that strong foundation froman it or a hardware perspective
that now goes into cyber becausenow you've got policies.

(10:42):
Everybody's the same, got peopleworking from home.
You have a plan, which model toget,

Blake (10:47):
So I think that, stuck too.
And I felt when you said that isbecause obviously I have an
apple computer and,upgradability.

Craig (10:53):
Yeah.

Blake (10:53):
So usually the prosumer equipment, it's like, oh, well,
you can take the Ram out.
You can take the SSD out it'svery modular.
if the hard drive fails, youdon't have to send the laptop
off, like you would for apple orsomething.
It's okay.
Just let me pop a new NBME drivein there and, bam, using Zuora,
active directory or whatever,and log in, like you normally
would wants to rejoin thisdevice to the network and bam,

(11:16):
seamless

Craig (11:17):
jumping off of that point, there the reason why, if
you have a company that you wantto join, the end point to the
network is, so then you get theadvantages of things like group
policy and the ability tostandardize at the software
level.
Okay.
This is how everybody's going tobehave on the network.
We're going to require complexpasswords and everybody's going

(11:37):
to have to change their passwordevery 60 days.
And it has to be this long andyou can't reuse the last one.
And so Microsoft's ecosystemgroup policy, and the ability to
script and systematize things isvery crucial for an enterprise.
And this isn't a conversationabout which one's better as far
as apple versus Microsoft.
I use both of them, but in abusiness environment, If you're
using Microsoft products,typically Microsoft operating

(12:01):
systems are the choice forcompatibility to take advantage
of some of thesefunctionalities, because if
you've got a Mac, not to saythat a Mac can't be made to work
but my point is that you don'tget the same feature set and you
don't get the same depth on aMac joining a corporate domain
network.
For example, as you would like awindows 11 endpoint.

Blake (12:19):
Yeah, no.
this is kind of funny, butsomething that we kind of
touched on our last podcast, butit was things that you do every
day that expose you to hackers.
I think that was our lastpodcast on Friday, but anyways,
we kind of went on a little rantpeople and the way their
mentality, this is probablysomething that we haven't really
talked about, but when COVIDhit, first of all, nobody was

(12:39):
ready for.
and then, it was just anovernight change.
Okay.
You're not coming to the officetomorrow,

Craig (12:43):
Yeah.

Blake (12:44):
Weren't ready for it.
that's you, but the mentality ofthe workers.
They weren't conditioned forthat.
It's not like okay, well, you'vebeen in security training for a
year.
You should be good.
that's usually not the case.
something to that, and Aaronwere bashing our head against
the wall.
And our last podcast was, therewas some federal judge ruled
that it is within law somebodyto use their work email for

(13:07):
personal use outside of office.
Just because can doesn't meanyou should.
We were like, what the heck?
First of all, I just thoughtthat's a silly law,

Craig (13:16):
Yeah, I'm not a lawyer, but anything else in law could
get overturned in the future.
that just doesn't seem to makesense to me.
it's a company owned domain andit's on company services,
whether they're hosted SAS modelor are there services that are
being utilized at their premise,right?
they bought a server, they havea license they're buying compute
power to store that stuff.

(13:36):
So you're telling me that withthe current ruling, that person
can have 20 gigs of personalkids' photos or whatever on
their work, email, and consumeall that property of the
business and the business issupposed to just pay for it.

Blake (13:49):
that's right.

Craig (13:49):
I think it's a ruling now, but it probably will get
overturned in the future.
Obviously for best practices.
For company standpoint, I wouldtry to put a policy in place
that basically prohibits that.
And the reason for that is ifyou've got all your employees
that have free reign.
They're going to use all theresources and you're going to
end up as the owners paying formore compu power, more storage,

(14:12):
more resources that's necessary.
And that just creates a reallymuddy area, especially if you're
in regulation.
definitely would avoid that froma business perspective.
there's so many free emailsystem, Gmail, Hotmail, MSN you
name it, fill in the blank.
There's free emails that can beused for personal use.
I don't know the details ofthat.
I'd have to do the research onit, but maybe one-off email, I

(14:34):
guess there's just so manyquestions around that.

Blake (14:37):
I can send you the article that we pulled up.
But yeah.
So if you're using company emailoutside of the office, outside
of your scheduled work hours, itis legal for you to use that
device for personal use personalemail.
And the two things thatimmediately we talked about
Aaron and I is one let's justsay you're purchasing stuff on

(14:59):
target or Walmart or whatever,or, you're entering a form on a
website and then they share yourinformation and then you start
getting emails into your workemail, one you're opening, an
extra door that doesn't need tobe opened.
The second one is I think aboutit from my mind is productivity.

Craig (15:15):
yeah.

Blake (15:15):
I log into my email and I want to, see work emails.
I don't want to see anythingelse.
I don't want to comb through mywork emails, or my personal
emails to get to the work stuff.
I already get plenty of emailsfor work.
trust me,

Craig (15:26):
well, that's a good point.
But the other thing I wasthinking of is let's say you've
got personal stuff in there inyour work email.
And if the company that you workfor is regulated and subject to
store emails for seven years forretention purposes.
Cause that's true.
Some companies have to store allthe corporate emails.
Well, now you have a privacysituation though.

(15:47):
You have a privacy situationaround, if that mailbox let's
say you get terminated orsomebody buys the company.
If somebody buys the company,now they're going to have access
to all your personal emails andthe corporate emails.
And there's no easy way to siftand sort like you were just
pointing out.
That creates a very gray areasituation, I would think.

Blake (16:06):
a magic going to all the websites that you have, like
Amazon target and changing youremail from your work email a now
personal email that you just setup

Craig (16:15):
Yeah.

Blake (16:15):
I'd rather have a root canal.

Craig (16:17):
Yeah.

Erin (16:18):
Yeah.

Blake (16:18):
Seriously,

Craig (16:19):
Yeah.

Blake (16:19):
at least I don't have to do anything,

Craig (16:21):
that's a messy, messy situation.
I foresee.

Blake (16:24):
but it was just something stupid.
and this is it kind of segwayedfrom conditioning.
These employees, there was nocondition period.
Okay.
Like You're here now.
You're there.
Sorry.
And just because you can do thisdoesn't mean you should do this
right.
Legally on paper.
We kind of had a little rantlistened to our last podcast and
hear it.
But people just, they weren'tready.
They weren't conditioned forthis and that can create a huge

(16:47):
problem.
who knows where we're at now?
I know we've all been workingremotely before the pandemic.
Right.
We know what to do.
been in this ecosystem for aslong as I've been here, but
people just weren't.

Craig (16:58):
I would still say, and I would speculate that I would
still probably, assume that mostpeople are still not in ideal
situations.
And what I mean by that is theymay still be using home
operating systems, sharedinternet or shared devices at
home.
Like I said, I'm speculating.
Maybe 80% just guessing are notideal.

(17:19):
They're not using corporateissued devices, data pretty
private.
You don't have a BYOB policythat defines what they can and
cannot do.
are probably not using properinternet.
That's another good point too,right?
If you're at home and personalinternet service, maybe it's not
on the fast enough speed becausenow you're demanding more from

(17:40):
the internet with zoom meetingsand everything else.
Right.
So are you expected as the homeuser to pay for that?
Or do you expense that?
there's all these questions thatneeds to be defined and
answered.
And that's where these policiescome into play.
Like what do you allow?
What do you not allow it?
If you don't have a policy.
it's very messy.
First of all, if you'reregulated and you don't have a
policy, you'll fail.
But if you're regulated or inthat kind of gray area, you

(18:01):
should still have a policy ifyou're not regulated, because it
still creates defined boundariesof what the employees can and
cannot do.
What can they use as far asdevices?
What should the internetconnections be?
Should they use a VPN?
All of these questions shouldhave answers from your company
culture.

Blake (18:19):
I've heard from people that worked at apple, that
people that work at the supportcenter for apple, it's all a
hundred percent remote basedjob, but that they would send
you, an IMS.
And then they will not onlythis, when did you send your
shoe and iMac, they would sendyou a hardware firewall.

Craig (18:34):
Okay.

Blake (18:34):
then obviously the iMac was loaded with all the little
jazz, that you would need as aVoIP phone software or
something.
And some of them, a VPN that'salready configured to their
network and stuff like that.
but now pretty recently withsome of the security issues that
have been going on, companiesrealized now it's like, okay,
they may not have the rightinternet.
They may not have the rightoperating system, but the least
that we can do to get themsecure is to put them behind a

(18:56):
hardware firewall.

Craig (18:57):
when he just said that I'm thinking of, policy
standards or compliancestandards around like NIST 800,
1 71, there's 110, processesthat we talk about.
Right.
And the firewall was one ofthem.
And it's going to, depending onthe make and model of the
firewall and the capabilities,it may address more than one of
those security controls.
But like you said, this is whereit was probably a good decision

(19:18):
by apple because now theystandardized, okay.
Now they have a hardwarefirewall.
They have all these things, andthey've already mapped.
My point is that every businessshould be doing that and they
should be thinking that way.
What can I standardize?
Can I standardize on thefirewall?
Can I standardize on an internetspeech?
What am I going to allow in mycorporate network?
Or am I going to allow, am Igoing to allow windows
computers?
Am I going to allow to Linux, amI going to allow freedom to

(19:40):
choose?
Or am I going to standardize?
And everybody's going to usethis for this purpose.
And all this stuff needs to bediscussed and decided upon and
documented, and then mapped backto those NIST 801 71 or whatever
framework make sure that you'readdressing all of these areas
because otherwise, if you don't,do this stuff and you leave it
to freewill.
everybody's going to usepassword for password, and it's

(20:02):
just going to be this open doorand then guess what?
Just like what phishing emailsand business, email compromise
one wrong click, right?
Well, now you've got all thesepeople have such variants in
their configurations that canconnect inside the corporate
network represent your company.
they do something wrong regardsto not securing something or not
using MFA or whatever, and youdidn't define it it's a recipe

(20:25):
for disaster and a breach, thenit also becomes very interesting
as far as an investigation or aforensics go.
Because if the business owner ifthey're regulated or subject to
some, and there's so manydifferent regulations that keep
changing and keep gettingreleased at the state and
federal level, point is that youcan get in big trouble really
fast by, oh, FTC had aregulation around that, and I

(20:47):
should have been doing this.
It just gets really messy,really fast.

Erin (20:50):
So, I worked at a place before I worked here and we
worked remotely, I started anoffice and then they sent us,
home, but their practices andthis is 15 years ago now
probably, but their were like sogood.
I think I was actually one ofthe first people where they
stopped giving us laptops, soyay my luck.
But we still had to bring ourlaptops in and our head of it

(21:10):
would configure everything.
I think she might've even comeover to my apartment to make
sure everything was set upproperly.
We had a VPN, a secure VPN thatwe could log into.
They might not have doneeverything right.
But they did definitely do that.
Right.
And then that's when all thishappened and when we were
writing blogs aboutcybersecurity for coronavirus
and things, I really thoughtabout that because it was so

(21:32):
time consuming just for personto get everything set up
properly, for this company, itwasn't a huge company by any
stretch, but to think about thelogistics of that and also it
didn't quite happen overnight,but it kind of happened
overnight, and everybody wasscared to be around people in
general.
It's just a recipe for disaster.

(21:54):
Hackers are shameless.
They will take advantage anysituation that they're given and
it's.
A little disheartening, thinkabout that, but why wouldn't
they, I right.

Craig (22:03):
Right.

Erin (22:03):
So it's just something to think about.
And I guess another thing VPNs,I feel like would be such a
great bridge to people forpeople, especially if they're,
working from the office and theyhave to start working from home.
Cause then they can connect tosomething that's familiar to
them and things like that.
I feel like a VPN would be ahuge win for, cybersecurity and
remote or command show.

(22:25):
There's a lot of other thingstoo.
Right.

Blake (22:27):
those companies are doing that now.

Erin (22:28):
A lot of them don't

Blake (22:29):
Yeah.
yeah.

Craig (22:30):
well, one thing I.
would just point out real quickwhile we're on the VPN topic is
there's two different kinds ofVPNs too.
And a lot of people understandthe difference.
There's consumer VPNs and thepurpose of a VPN at the
consumer.
It's typically to mask yourlocation to appear like you're
in a different country or tomask your traffic for privacy
reasons and so that, bigcompanies can't track you on the

(22:52):
internet.
It encrypts the traffic andencrypts, what you're searching
on.
It makes it harder to pinpointyou where you're located.
privacy is really that versionof VPN and that's a consumer
level.
Then there's corporate VPN andthe purpose of corporate VPN or
business quality VPN is reallyto get that home worker and this
scenario that we're talkingabout with COVID, right?

(23:13):
So if you're working from homeor maybe your work has changed
the way that you work in yourpermanent work from home, my
point is that a corporate VPN isoften issued and should be
issued.
So.
Then have a secure connectionfrom where you are back to the
server at the office forconnecting or mapping drives
sessions and things like that.
Now you may not have equipmentat the office anymore, or maybe

(23:35):
your office is kind ofrestructured and they're not
going to renew the lease.
So maybe they're going to putthat in the cloud.
So then there might be adifferent, termination point for
the VPN, or maybe VPN is nolonger needed because you're
going to use a different kind ofservice.
My point though, is that thereis a big difference between a
consumer level VPN, like on yourcell phone or on your computer
for privacy reasons and then abusiness or a corporate level

(23:56):
VPN, which intent and thepurpose of the corporate VPN is
really to bring you back intothe office virtually it's really
the best analogy or way to putit.

Erin (24:04):
And that's what it felt like to that one, especially
because I'm going from home orgoing from work to home,

Craig (24:10):
Yeah.

Erin (24:10):
it was just a great way.
You're still familiar witheverything.
Like you said, it's, justcreating that constant,

Craig (24:16):
Yeah, that constant connection.
And the other thing that comesto mind too, is when you were
talking, Aaron is when we weretalking about standardization,
what comes to mind when you'retalking about that is I remember
very well-known local cardealership.
About 15 years ago.
They're like, oh we'reexpanding, we're buying new
locations.
And we want to get I can'tremember if it was 50 or a
hundred different computers, endpoints at the time.

(24:37):
So what I did what my companydid at that time was we created
and worked with them to createwhat's called a master image.
So we got one computer set upwith all the software, all the
security, everything wasperfect.
And then what we did was weclosed.

Erin (24:52):
oh yeah.

Craig (24:53):
So we cloned it.
So it was identical carbon imageand mirror image to all the
other end points.
Every single one was the same.
And then at that time we changedwas called the security
identifier or the Sid number.
my point is now you have a rapiddeployment of they're all set
up.
They're all preloaded.
They have all the company stuffon there.
They have all the securitysettings locked down the way it

(25:13):
should be.
The only difference is you haveto log in with your unique
company, issued username andpay.
Everything else is there.
I think people kind of forgetabout, or maybe not know about
that kind of technology anymore,and they're just kind of doing
this onesy twosy kind of stuff,and just kind of buying stuff as
needed.
But that's really the advantageof standardization for a company

(25:34):
though, like to know Hey look,this technology has existed
forever.
And it's very valuable to acompany to sure that you have
everybody operating under thesame standards that you set and
that you customize for yourcompany so that every single
person that's working for you isall locked down the same way.
They're all using the samesoftware.
just so much easier in the endfor deployment of mind.

Blake (25:57):
I think every company should be exploring
virtualization in my mind.
Maybe it's just me, but it justmakes so much sense, right?
At that point, it doesn't reallymatter if you have a BYO because
everybody's remoting into avirtual machine.
They're working from a virtualmachine they're behind your
company network.
And then, if whatever happens,let's just say, for example,

(26:18):
that person decides to leave.
What do you do?
You just clip the VPN access?
Bam.
There's nothing on theirmachine.
just such a clean...

Erin (26:25):
Clean exactly,

Blake (26:25):
process.
I think.

Craig (26:27):
No, you're absolutely right.
So there's two levels of that.
There's called remote desktopservices or RDS, which otherwise
known as a terminal server.
That's what the old name used tobe.
So there's that way to set up anenvironment like.
And then this was a VDI orvirtual desktop infrastructure,
but yes, for a business, eitherof those solutions, obviously
start with RDS or remote desktopservices first because that's

(26:49):
the cheaper option.
The other option VDI is morefull featured, but also more
expensive because you're buyingfull licenses and everybody in
the company technically hastheir own dedicated virtual
machine.
it's just a little bit morecostly.
But my point is that that is agreat way to centralize things,
introduced proper configurationsaround redundancy especially for

(27:10):
compliance.
It makes compliance work a loteasier because now you're no
longer reliant upon the qualityof equipment at home.
So that could be a home device.
And you could define that in theBYOB policy that you write, but
all of its power, all of itscompute, all of its Ram, all of
its storage, all the workfunctions are all on that.
That's hosted and server couldbe privately hosted like we

(27:33):
hosted, or it could be in thecloud somewhere, what Microsoft
or Google or wherever you wantit to be.
But oftentimes our hosting,which is local and personal is
faster and cheaper than thecompeting offerings, because we
work hard to establish all thosevendor relationships.
But my point though, and tounderscore what you're saying,
Blake is especially if you're amidsize or a little bit bigger

(27:55):
company or even if you're asmaller company, just kind of
really, it depends on where youare on the technology side of
things, but that virtualizationis a great way to standardize
very quickly.
So if you're growing and, oreven if you know that you have a
mess of technology, that's alldifferent all over the place and
you want to take the step tostandardize and do it quickly.
Virtualization is definitely theway to go and do that very fast

(28:17):
and right.

Blake (28:17):
I guess you could look at as the cost breakdown, right?
okay, let's just say, forexample, you do want to
standardize everything.
You do want to keep everythingsecure.
What's the cost of buying 10laptops or 15 laptops.
You've got 15 employees orwhatever.
Right.
And then you have to paysomebody or an it department, or
most likely need an itdepartment anyways.
But the cost of keeping all thatunder management, you just

(28:39):
create a virtual environment,bam, give them a log in, let
them log into it, let them usetheir own devices that
everybody's got devices at home.
They're already familiar withusing those,

Craig (28:48):
So one of the things that we did, for the dealership said
for other environments likemanufacturing, was it adopt
technology, cut thin clienttechnology.
thin clients are usually runningan embedded version of windows
Linux, and it's usually ahardened security operating
system.
And it's a smaller footprint,usually about the size of a

(29:11):
paperback book, more powerfulmodels.
That'll support.
Multiple screens are a littlebit larger.
Sometimes they Mount on the backof the monitor.
So they're really clean as faras their appearance and
cosmetics, but its purpose inlife is really just to drive the
screens and the mouse movements,because all of its power
remember comes from the datacenter, comes from the

(29:31):
virtualization layer.
these devices that are securityhardened often are running on
flash or solid state technology.
And here's the best part from atotal cost of VR.
I have actually a spreadsheetthat calculates this.
did this years ago, were one ofthe pioneers for thin client
technology.
If you graph it out, it'ssignificantly cheaper to adopt

(29:52):
methodology around this becauselike Blake just said, you're no
longer reliant on that spinninghard drive.
Or even if you're using a softheart driver, whatever.
A computer nowadays,exponentially more expensive
than a thin client.
And if you're a business and youbuy 10 or 20 or 50 things.
And you spec them inarchitecture the right way.

(30:13):
They're all identical.
Well now there's no imaging orany of that anymore because all
of it's on the server, right?
So now you send it off in theserver.
Now, all those are all identicaland it's all centrally located
on the server.
have no risk of somebody alaptop there's laptop, then
client versions, as well asdesktops.
If one of them gets stolen,there's no data that's on that

(30:34):
device.
It's all at the data center in asecure area.
So there's a lot of securitybenefits scalability benefits as
well.
So yeah, definitely a greatoption.

Blake (30:43):
Something that I've noticed too.
Cause I know the clients thatyou're talking about, obviously
I've worked with them and I'vebeen to their offices I've seen
it then clients and I've workedwith them.
also something that I noticedwhen I was working on them it's
an extra layer of security,Because you have to log into the
thing client and then you haveto log into your desktop.

Craig (30:59):
Yeah,

Blake (31:00):
it creates that extra separation between your virtual
environment and the hardwareliving at end point.

Craig (31:07):
that's Right.

Blake (31:07):
So noticed that too.
And I was like, oh, that'sinteresting.

Craig (31:10):
a lot of them are fan lists, so no moving parts.
So if you have a really dirtyautomotive environment,
manufacturing environment, a lotof dust, stuff in the air,
machining, stuff that just wouldkill a computer with a fan.
Thin clients are awesome forthat because there's no moving
parts, nothing spinning to suckin that dirty air or anything
like that.
and they run forever.
And here's the best part.
You literally can buy an extraone, have it on the shelf, or

(31:32):
have a couple of extra ones.
you literally unplug it, power,the new one on, and you log in
just like you did before.
There's zero connections.
It gets everything from theserver.
So think about if you have acompany 10, 20, 50, a hundred
people, more people, all thattime adds up.
Now look at all that timesavings you just avoided.
And the same thing withpersonnel, you don't need it,

(31:53):
staff everything could beoutsourced more easily and less
expensive.
It's a great model.

Blake (31:58):
Those things are tiny, too.
I know you said that already,but think when you said a book,
I was like, oh, they're smallerthan that.

Craig (32:03):
Well, some of them are, yeah, have one, it was like a
little cube, but I don't know ifI have it on my desk anymore, it
was really small.
I think it was four inches.

Blake (32:11):
Yeah.
It's just enough to plug in to,dVI or whatever.

Craig (32:15):
That's right.
Yep.
And you could do dual screen,like you're saying, and then
some of the models, some oflarger ones support four screens
at one time.
So really the biggest the videocapability on the model that you
choose.
they are running an embeddedoperating system.
Like I said, it could be awindows operating system or a
Linux operating system.
Those are the most commonthere's USB ports in them for
physical devices that youconnect like printers or

(32:37):
scanners and things like that.
And those, by the way, can getmapped over through the virtual
desktop connection so that youcan still use those physical
connections print to them andthings like that.
But yeah, it takes of thatheadache away from the end point
level.
it removes that central point offailure and puts it all at the
data center.

Blake (32:53):
Yeah, it seems like some of our clients that we're lucky
because we've already beentalking about these things for
years, like 5, 6, 7, 8 years,and they already ready.

Craig (33:02):
we still have clients that are using them that are
seven plus years old.
They're in thin client setups,but it's perfectly fine to do
that.
You could escape that three-yearcycle with a computer because
listen, it doesn't matter whenthat thin client dies.
It will die one day, as long asyou're prepared, as long as you
have an extra, you literallyplug it in.
You could be midstream typingthat email or working on that

(33:24):
proposal.
The whole thing can blow up.
You literally unplug it, put thenew one in log in and your,
email is still on the screen.

Erin (33:31):
That's crazy.

Craig (33:32):
you finished your email and finish and you have zero
downtime.
Now we've designed systems likethis for a very long time.

Blake (33:38):
Not only that too, but the responsibility of
maintenance and hardware andperformance all falls on,
whoever's providing that to you.
If think about the hardwarelives at the data center.
So like, oh, when we see thehardware needs to be upgraded or
it needs to be modernized orsomething.
I've been there with some of ourteam members who have upgraded
the Ram and the data center and,that purpose, because we had so

(34:00):
many users that were usingremote desktop environments from
us that our Ram was just like,Hey, upgrade me, upgrade,
Imagine if you do the laptopthing and you cheap out, right?
We've segwayed right into thisperfectly.
You might three grade laptops,

Craig (34:14):
Yeah.

Blake (34:14):
Let's just say the last Three to five years.
That would be a good, purchase,I don't know any home grade
laptop that'll last, you fiveyears personally.

Craig (34:20):
And if it did it, be slower.
It just wouldn't be ideal.
And, even in this kind of thing,client with server backend and
compute coming from the datacenter, instead of you putting
all the money in the laptop orthe desktop, like you said, the
Ram or the storage or thingslike that you're moving that
cost to a rented model or anoperating expense model at the

(34:42):
data center.
So let's say, you would normallybuy a one terabyte hard drive
for all your stuff.
And maybe you'd buy like 32 gigsof Ram or whatever your
resources you would buy in alaptop or a desktop that would
meet your.
Well, you would still carve thatout at the data center level for
your user session, but here'swhere it gets interesting.
Maybe you don't need 32 gigs ofRam and maybe you don't need a

(35:05):
terabyte.
Maybe you just bought that stufffor future-proofing yourself.
Well, here's the best part withthe total cost of ownership
model on the data center side,you only pay for what you use
and what you need.
So if, and when the time let'ssay you only need 512 gigs
storage and maybe you only needeight gigs of Ram and then, Hey,
you need more.
You just buy more, you expandit's scalable, but you only pay

(35:28):
for it when you need it.
So think about it from theperspective of you could really
be saving a lot of money becausemaybe you overbought
forecasting, oh, I'm going toneed 32 keys gram, but maybe
utilization really sits ateight.

Blake (35:39):
if we could wind back and we could preach about this six
years, six years ago,

Craig (35:44):
Yeah.

Blake (35:44):
imagine how much people would have saved money,

Erin (35:46):
Money time headache.
So many things.

Blake (35:50):
everything stress.

Craig (35:52):
I think it, depends on the mindset though, because I've
talked to people years ago aboutthis model and some people just
really wanted to buy traditionalgear because they wanted that
right off.
Usually it's section 1 79, I'mnot an accountant or a financial
person, but you can check.
But my point is that usuallythere would be accustomed to
buying computer equipment,buying the servers, buying the

(36:13):
laptops, and that's fine.
And you can buy these thinclients and things.
like that.
But beauty of this model islongevity.
You're escaping that three-yearcycle.
even if you were to buy it andspend 50 or a hundred grand on
that purchase, if you changethat into an operating expense,
you're moving farther ahead thismodel because just escapes that
three years.

Erin (36:33):
Yeah.

Blake (36:33):
something to, I do know, and this is only because I do my
own taxes, but again, not, a taxadvisor or anything or a lawyer,
but the disclaimer or the lawthat you're talking about has a
term limit.
You can only write off of theappreciating for, I don't know
how many years.
I think it's three to five.
or something.

Craig (36:50):
Yeah.
I think it's five.

Blake (36:51):
So, it just doesn't make sense.
you pay all upfront and then youget a smaller life period or pay
over time and expression thisfrom a business perspective,
cash is king to every business.
That's the reason why apple hasa billion trillion, how don't
know how many billions ofdollars in cash reserves Ilan
Tesla.
But then what they're doing isI've heard from the Twitter take

(37:13):
over, which has now been haltedfrom Elon.
I've heard that he has enoughmoney do the acquisition in
cash, but what is he doing?
He's raising money.
because cash is king He can getlike a point, 2% interest rate
or something for that amount ofmoney.
And you should hold onto yourcash if you're a business.
in my opinion, common sense, butif you're spending thousands and

(37:34):
thousands and thousands ofdollars on all the stuff you
have to buy, first of all, youbuy the laptop, got to buy them
headphones and go buy the mouseand keyboard, and then you gotta
buy them extra monitors and yougot to, oh, they're going to be
traveling.
Okay.
You got to buy them a nice case.
Then you've got to, who knows.
It just keeps adding up and thenmaintenance and blah, blah,
blah,

Craig (37:49):
to, be Frank, if some of that stuff you still have to
buy, you still might need amicrophone.
You still might need headphones,but the root or the brain, or a
lot of people will call it thetower or the CPU.
that device is what we'resaying.
You can virtualize and put inthe cloud.
So you no longer have a piece ofequipment that big bulky tower
or mid tower at your foot thatyou kick you're outsourcing that

(38:11):
role.
And you're connecting all yourdevices, your mouse, your
keyboard, your printer, yourscanner, whatever you use your
microphone for zoom meetings,your headphones, things like
that, all of that gets connectedinto the thin client.
And then you're virtualizingthat compute power.
And as your needs grow andchange, you rent more of that,
from the data center.

Blake (38:29):
Yeah, sorry.
I probably should have clarifieda little bit better, but you're
going to get a much longerinvestment

Craig (38:34):
That's right.
and that's where that total costof ownership is so much cheaper.
That's what I was saying.
I graph that out on thespreadsheet and it basically on
the spreadsheet, I have you justplug in the details.
like.
how many people do you have?
How much compute power does eachperson need on average, what's
the storage, and then it showsyou, okay, this is your lifetime
over a three-year term or afive-year term.

(38:55):
This is how much you're going tosave versus buying it.
It's a really powerful visualdiagram.

Blake (39:00):
It's surprisingly low too.
Cause I've seen some of ourcustomers and I've seen the
compute power that they'reusing.
it's less than you'd expect,Cheap.

Craig (39:07):
And it's more affordable than you would expect to.
Obviously we have to do anassessment to figure it out, but
the pricing, sometimes it's lessthan$200 a user.
Sometimes it's more than that.
It just depends engineeringcompanies used to be.
The big ones have to get woundit's called virtual GPU or video
card virtualization, things moreor more expensive if you have to

(39:27):
do CAD and things like that.
that pricing is going to go upbecause now you need a high
powered, video card in theserver that can then be
virtualize, but all of thistechnology is available now and,
it's really easy and you couldstill take advantage of that
total cost of ownership savings.
And it's significant.
it's a lot of money savings.

Erin (39:44):
And it's cleaner

Craig (39:45):
Yup.
Way cleaner.

Erin (39:46):
the inefficient.

Blake (39:47):
I just like how clean it is,

Craig (39:48):
Yup.

Blake (39:49):
we have a customer.
I'm always adding new users andtaking away users and they
operate from a desktopenvironment.
Aaron knows who I'm talkingabout is just smiling.
But now it's just so clean causethey do that they send out an
onboarding instructions.
Hey, here's how you're onboard.
Here's how welcome to thecompany.
First of all, how you onboard.
If you need some help, reach outto Petronella tech, we'll help
you on board.

(40:09):
And then, yeah, at the end ofthe month, if they get clipped
or the same day, within 20minutes, they're clipped from
the server and they no longerhave access to their desktop.
Their company can literally hopin and jump right into their
virtual environment and take thefiles if they need to, and then
we can absolve the virtualmachine or it's just so clean
and it just feels right.

(40:31):
it feels, like is the future.

Erin (40:33):
Yeah.

Craig (40:34):
Yeah.
And it's proven.
It's been around for a while.
It's good, good technology.
like I said, there's two flavorsof it.
Most people do the lessexpensive option, which is
called remote desktop services.
And then if your needs are morecomplex and you need, more
compatibility that they work inan RDS environment, then you
have to go full VDI or virtualdesktop infrastructure.
But which is more expensive.

(40:54):
It's not a lot more expensive,but it is more expensive because
you need virtual machines foreach of your users.
But the point is it is a cleanerdesign from a regulatory and
compliance and cyberperspective.
It's more scalable.
It's easier to script out.
It's easier to pass audits andbe more aligned with compliance.
So Yeah.
It's definitely good way to go.

Erin (41:13):
Is there anything else, any other recommendations that
you would give them, like somequick and dirty?
These are going to help you themost,

Craig (41:20):
I think that for this podcast and for our discussion
today, I think that the bestthing I would advise is just
only to our assessment processand methodology and reach out to
us and we'll start thatconversation and any other
improvements can be made for youspecifically.
But yeah, for our conversation,there's so many different things
that can be done, but that'sacknowledged that we talked

(41:40):
about within clients and RDS andVDI.
Those are some really commonapproaches to really
accelerating the compliance andcybersecurity initiatives and
just really paving the way for alot of people, because know that
a lot of the folks, they don'thave ideal configuration.
It's almost like a clean slateor a fresh start, so to speak.
And it doesn't necessarily meanthat you're going to have to go

(42:02):
buy all this stuff either.
One thing that I'll just kind ofleave before we close our
podcasts for the day, say youhave an endpoint that's at home
user or operating system.
You can use that as a thinclient, but here's the caveat.
And the thing to think about ifthe thing is outdated and no
longer supported.
So it meaning you can't patch itin.
It still would pose a securityrisk.

(42:24):
And that's why like Blake wassaying, if it's beyond that
three or that three years is themanufacturers end of life,
right?
if you're lucky.
the most stuff, nowadays comeswith 90 days or a one-year
warranty.
But if you're lucky and you havea business relationship and you
have a business warranty, youcan typically buy a three year
warranty on very rare occasions,you can buy a five-year

(42:47):
warranty.
But my point is, if you're outof warranty and your device is
no longer supported, that iswhen you have to just start
over.
Yes.
I understand for the people thatif it's not broke, don't fix it,
but that's a differentmethodology.
And in the cyber security world,if it is end of life, consider
it broken because you can't getpatches for it anymore.

(43:07):
And if you can't get patches forit anymore, and you can't band.
It's a security risk and it'sgoing to cause your company more
harm than good, which is why, ifyou're entertaining a model,
like the virtual model thatwe're talking about today, this
is where it would be importantto go through our assessment
process because we can then say,okay, well you can get them
clients and they're this cost.

(43:27):
And by the way, they're going tooftentimes be a lot less
expensive than you're used topaying for that laptop or that
desktop, especially with pricesnowadays, with pricing going
through the roof, thin clientsare still great options for a
lot of businesses.
So my point is that Yeah, we cango into various different kinds
of technologies, but I thinkthat for today to keep it more
simple, would say reach out tous.

(43:50):
Let's do an assessment process.
Start off with just aconversation.
Doesn't cost anything to have aconversation with us.
And if there's a fit, we'll godown the road of mid assessment
process.
Fine tune and customize it andshow you with our spreadsheets
that we have show you how muchmoney you can save.
oftentimes it's a lot of money.
Well, usually it's, six figures.

Erin (44:09):
Wow

Blake (44:10):
we talked about in one of our other podcasts too, I think
it was what we like aboutworking in cybersecurity or
something,

Erin (44:15):
a day in the life.

Blake (44:16):
Yeah, I just kind of want a segue because the reason for
the assessment is because everyorganization is different.
Every company has differentneeds.
Every company has differentpeople in place, in different
assets and resources.
And the reason why I bring thatup is because every company is a
new challenge, no one size fitsall.

(44:37):
There's no magic pill.
There's no magic potion.
There's no waving of the wandand Hey, your cyber secure now

Craig (44:43):
That's right.

Blake (44:44):
and people expect that business model has changed.
The internet has changed.

Craig (44:48):
yeah.

Blake (44:49):
has changed with the internet within the past five
years.
That's what they expect.
They're like, oh, I can just goonline and order it.
And then there's the fixed myproblem, right.
That doesn't exist incybersecurity.

Craig (44:57):
Yeah, exactly.

Erin (44:59):
and Craig too, before we leave.
If you don't mind, I would lovefor you to explain to people a
little bit about the importanceof an assessment.
I really like the analogies thatyou tend to use with that.
I think that, cause I think alot of people think that they're
unnecessary or a waste of moneywhich is so far from the truth.
It is so far from issue.

(45:19):
So maybe if you want to take theopportunity to just explain why
that is such an important firststep in the process of coming up
with an effective cybersecurityportfolio.
I think that would be helpful.

Blake (45:29):
you should talk about RF assessment process as well the
end of that.
And then, so they'll know why wedo it.

Craig (45:35):
sure.
Yeah.
So we have a four pillarsassessment process, and we have
different flavors of the fourpillars, depending on if you're
at a regulation such as HIPAAfor healthcare or Nisty forest,
and CMMC compliance for defenseindustrial base.
So we have different versions ofour four pillars, but we go
through all seven layers of theOSI model start from the

(45:55):
physical layer of yourinfrastructure, your wiring.
And we go all through that.
If you have a corporate buildingor you're leasing space, through
all of that a fine tooth comb.
And then we identify gaps andareas of issue that could cause
downtime or cause loss ofproductivity.
So we go through all of thisprocess and by the way, if

(46:15):
you're in a regulation of somesort, which most in some type of
regulatory mandate security riskassessment processes, an annual
requirements.
So we're able to check that boxand get you that requirements
on.
So you should be not just doingthis one time, but you do this
every year.
it's very important to followour process because it's really

(46:36):
a way for us to deep dive intonot just your technology and
your cyber and your compliance,but your business.
Like we look at your business,we look at what you do, what
your workflows are, how you'reusing technology.
look for ways of areas ofhighest opportunity to improve.
How can we do things faster orcheaper?

(46:56):
Like I said, with the thinclients, maybe there's a fit
there that we can deploy thatmodel to save you a lot on costs
there.
So it's a thorough, dive intoyour organization.
We go through that with a finetooth comb and the output is a
blueprint and a plan of exactlywhat needs to be done and where
your opportunities and your gapsare.
And like I said, it's not onlyrecommended for regulated

(47:18):
businesses.
It's really recommended for anykind of business to go through
to really figure out, where areyou?
What's your score?
What can be improved?
And we do the it side as well asthe cyber and the compliance
side, and we meet with you andwe go through it together,

Blake (47:34):
I would talk a lot about doctors and stuff like that, but
a good example in that peopleare used to is like, you go to
the doctor and you say, Hey,this is what's wrong with me.
Right.
And the doctor's like, Hey, letme run all these tests and we'll
do blood work and we'll do this.
And then they come back and theysay, okay, well, here's the
results of your blood work.
Here's what action steps we needto take make you feel better.

Craig (47:54):
Yup.
That's right.

Blake (47:55):
That's what people are used to.
It's never really been in thatway, because people and some of
our competition, and we've seenit before, where they come in
and they say, Hey, here's asolution, right?
Bam, bam, bam.
then ultimately the clientdoesn't get what they need.
They get underserved, they getovercharged.
And the solution is entirelywrong.

Craig (48:16):
that's, so true.
So the analogy, you don't go tothe doctor and you say, Hey, I
want this drug.
You, have to go through thedoctor's methodology and we've
worked hard for the past 20years to develop this
proprietary four pillarsmethodology.
It's very easy for a competitorto say, oh, we'll sell you this
solution.
And it costs X, but it's notfair to you, the consumer or the
business to get pitched a pricelike that, or a solution without

(48:40):
a proper discovery andassessment process.
Because every business, everyperson is.
So you have to go through thatprocess to figure out what are
your options?
What can and cannot be usedbecause maybe throwing that
certain solution out without aproper assessment.
Maybe it's not compatible.
Maybe you do something in yourworkflow where it's a deal
breaker.
It's just not going to work.

(49:00):
So we find those gotchas beforeyou invest a whole lot of money.
before you go down that wholerabbit hole, and oftentimes in
the end, we're saving you money.
Anyway, we're improvingefficiencies in cybersecurity.
So it's very important.
it's an eye-opening experiencefor sure.
A lot of our competition doesnot follow this methodology.
They're just quick to pitch outnumbers and throat cheap

(49:21):
numbers, but,.
like I said, it's an invaluableexercise that we highly
recommend for all the folks thathave gone through it, they would
agree that it's an eyeopeningexperience that has really
helped them significantly savecosts, but ultimately design a
much more robust and solidfoundational framework.
That's really been the pillar ofgrowth.

Erin (49:40):
If you think about it, you really can't solve a problem
unless you know that the problemexists.
Right.

Craig (49:47):
That's Right.

Erin (49:47):
So how are you going to solve your cyber security puzzle
when you don't even know whatthe pieces are?

Craig (49:54):
Yep.

Erin (49:54):
You're not.

Craig (49:55):
That's right.

Erin (49:56):
You can try, but it's like throwing spaghetti at a wall.
See which one sticks, but that'swasteful, it's inefficient, it's
expensive, I know people look atan assessment and they're like,
oh my gosh.
just, fix it.
I don't care.
Just fix it, but it's just not,that easy.

Craig (50:10):
Yeah, everybody wants to jump to the solution and, know,
fix, fix, fix, but you can't fixsomething unless you run proper
tests and diagnosis first, andonce you zero in on the problem
and find the root cause of it,we can write a prescription of
what's the plan of action.

Blake (50:24):
I think you said that stuck to me too, is you talked
about growing, right?
That's the thing, everybodyhere, who's listening, who's a
business owner they're focusedon growing their business.
if you say, Hey, look, here's myneeds currently.
And this is what we do with ourmethodology as well.
We look at your needs currently.
And then we look your possibleneeds in the future.

Craig (50:43):
That's right.

Blake (50:44):
but if you just get a number from X cybersecurity
company, oh, they're justlooking at what your needs are
now and not considering yourfuture growth.
And that's where we've hadclients that have came to us,
new clients that have said, Hey,look, I just outgrew my service
provider.
They don't enough supportresources.
They don't have the properexpertise to support me, we've
outgrown them.
And that happens so frequently.

(51:04):
And that doesn't happen becauseof our approach one.
And then two, we think aboutscalability.
And then, that's your goal?
Your goal is to grow yourcompany

Craig (51:13):
Yeah.
And you don't just wake up oneday and say, I'm going to build
a building a house.
You need a plan.
You need to have an design it,make sure you have solid
foundation and footing.
Make sure you don't have, ariver running under your land or
what you got all these.
Gotcha.
And that's the thing with oursolution and in our methodology
around our four pillarsassessment process.
And that's why we believe in it.
And it's part of our culture.

(51:33):
To do things right.
And we want customer's bestinterest in mind to be able to
give them that secure foundationfor growth, much like a good
doctor.
You want to be able to trustyour doctor, give you good
advice and find thingsproactively, right?
So that you are in good healthand you have a long life.
It's the same thing with your itand your cyber.
We want to make sure.
You're designed the right way.

(51:53):
We're going to present you withall these different options, but
they're going to be options thatare specific to your business
and your workflow.
But thing I wanted to point outis with the thin client, some
situations you can't use it thenclient there's two types of
solutions, VDI remote desktop.
Oftentimes people start with theremote desktop or the terminal
server option, but there may besome application that you use

(52:16):
that's vital to your businessand maybe it's not compatible.
So maybe you have to use the VDIoption, but we don't want to
just say, oh, you must use theVDI option at all times because
that option is more expensive.
So if we can save you the moneywe're going to help you save the
money and do the alternative.
The same thing with compliance,with NIS and deforestation, CMS.
A lot of other companies won'ttell you about what's called

(52:38):
secure enclaves.
We like to tell our customersabout secure enclaves because it
simplifies the security makes iteasier and more affordable for
businesses to be able to comply.
So instead of if you're a 50user company and maybe you only
have five people working withsensitive information, we can
scope out a five users, secureenclave and save you a huge
amount of costs.

(52:59):
That's what we're about in ourculture.

Blake (53:01):
Something that we've talked about to you and kind of,
we should probably say.
But we end on, we take approachto cybersecurity and most of our
competition takes a reactiveapproach to cybersecurity.
And obviously we're talkingabout saving money and they're
talking about spending money,that's the only way.
And it's the same thing.

(53:21):
We talk about doctors, we justgot done talking about doctors.
What do you think is going to bemore expensive for you to go to
the doctor when you're dying onyour death bed or going to your
yearly checkups and doing yourhealth, your physicals and,
things like that, beingproactive,

Craig (53:37):
we make your vegetables tastes like candy.

Erin (53:39):
The sweetest onions you've ever had

Craig (53:42):
There you go.
Eat your vegetables.

Erin (53:45):
homegrown right here in Carolina.

Blake (53:49):
Yeah.
Cyber security onion, not thelow hanging fruit.

Erin (53:54):
Thank you.
It's always great talking toyou, Craig, and I'm hope we all
have a great week.

Blake (54:01):
next time.

All Episodes

Episode Transcript

Popular Podcasts

Are You A Charlotte?

Dateline NBC

Stuff You Should Know

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}How the COVID Pandemic Paved the Way for the Cybersecurity Pandemic

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}Are You A Charlotte?

Dateline NBC

Stuff You Should Know

All Episodes

How the COVID Pandemic Paved the Way for the Cybersecurity Pandemic

Are You A Charlotte?