One of your clients is the victim of a ransomware attack. The attackers have stolen and encrypted their data and are asking for a ransom. In a panic, the client calls on you for help. Is your MSP ready to get them up and running as soon as possible?
For CEO Luis Alvarez and his MSP Alvarez Technology Group (ATG), the answer is a definitive “Yes.”
He has seen situations like these before, putting in place the proper preventative measures and working with the client and insurance companies to get clients back on their feet while reducing any damage as much as possible.
“Our mission is to keep clients safe, secure, and successful,” he said. “So whether we are recommending a product or service, we approach it from a security-first perspective.”
Based out of Monterey County in California, ATG is an MSP aimed at serving small to mid-sized businesses with a focus on cybersecurity. With fewer options available to smaller companies for IT solutions, Alvarez wanted to be the premier resource for businesses across the central California region.
For Alvarez, leading a premiere MSP starts with a focus on security. Founded in 2001, ATG has grown to more than 25 employees serving Monterey, Santa Cruz, and San Benito counties. Over the past 21 years, the MSP has developed its primary offerings around managed security services.
No longer just an add-on for clients, security services are now the primary driver behind ATG’s client partnerships and ScalePad Lifecycle Manager has become an important part of that process. By using the asset lifecycle reports, warranty lookups and renewal service, and hardware monitoring, ATG is able to keep detailed records of a client’s tech environment. With these records, ATG can provide accurate and timely asset information allowing clients to make informed decisions for their business and security.
In 2017, Alvarez began to address the growing problem in the MSP space: the threat landscape was dangerous and only getting worse. With increasing sophistication in cyber attacks and the growing wave of cryptocurrency fueling criminal activity online, Alvarez recognized that security and safety had to become a priority for his MSP and clients. Since then, has worked with his staff to successfully prevent several attempted attacks on his clients.
Increasing threats to businesses weren’t just a theoretical trend for Alvarez. He has dealt with this issue before, successfully leading a client through the recovery process. ATG was able to leverage Lifecycle Manager’s asset monitoring and reporting to make the recovery process as easy as possible.
Alvarez explained his experience in assisting a new client recover from a malicious attack. During the first two months of onboarding this new client, attackers hit the business with ransomware. Working data and backups were compromised before the client could replace their backup system as ATG recommended as part of the early onboarding process.
When Alvarez heard the news, he and his team got to work contacting the insurance company and working to assess the situation. ATG’s client did have cyber liability insurance, but insurance isn’t a complete solution to the issue, he said.
As the insurance company conducted a forensic review of the situation, ATG was able to get some of the client’s systems in working order and used Lifecycle Manager’s comprehensive report of the clients hardware and software environment to aid the insurance company’s assessment.
“Because we had a full inventory of everything, we knew what everything looked like prior to the attack. When the insurance company said ‘What is it going to take for you guys to get back up and running?’ We were able to provide a very detailed scope of work,” Alvarez said. “In fact, the insurance company said ‘This is the best scope we’ve ever seen from anybody. You guys know what you are doing.’ It made it really easy for them to get approval from the insurance company to move forward.”
The Lifecycle Manager asset lifecycle report accurately documents and categorizes all of a businesses hardware and software assets into detailed, color-coded categories. Information like age and warranty status are listed alongside the assets. Items marked red are at high risk due to several reasons including being outdated, no longer covered by warranty, have not been updated to a supported version, and more. The report includes an amber category that notes which assets are close to being high risk, and a green category that notes assets in good standing.
Being able to track their clients’ asset lifecycle details was a key factor in earning cyber insurance approval, a notoriously difficult process to work through. A thorough asset management policy meant that the client was able to recover.
Alvarez recalled this example as a way to illustrate why taking every precaution available is vital to the security and safety of the business and its employees.
“When we implemented Lifecycle Manager, it suddenly gave us visibility into [unknown parts of a client’s tech environment], we could now see all of the systems, their age, their warranty status, and it became a really valuable tool for our business advisors to work with their clients to say ‘Let’s strategically plan a PC replacement,’” Alvarez said. “But you also have other systems, like servers for example, that don’t necessarily need to be replaced every three years but do need warranties because they are critical systems… so that was the other advantage of having a tool like Lifecycle Manager. We started selling a lot more warranties because now we knew when they were expiring.”
The ATG team implemented their own Security Operations Center and developed education and training programs for clients to get buy-in to security initiatives early in their working relationships.
Initially, these security discussions led to clients adopting additional security services, but now Alvarez bakes in the security measures in the core of what his business provides. It’s not an option anymore.
One of the early lessons for Alvarez was that you can’t always build walls high enough to prevent all attacks. Making sure they have the tools and services in place to develop that “alarm system” is an important step in monitoring security status.
You can’t manage what you don’t know exists. So Alvarez made it a point to find tools that would give the MSP granular visibility to everything that they do with their clients. Accurate monitoring doesn’t just help with security but is crucial for MSPs to work with clients in strategic planning.
“The account managers that work with our clients, they need to know what our clients’ systems look like because they need to provide strategic direction and strategic advice for things like upgrade paths, ongoing support and maintenance. You don’t want them going in blind and calling a client the day before a firewall is end-of-life,” he said.
To get a comprehensive state of their clients, Lifecycle Manager, then known simply as ScalePad, has been a part of ATG’s toolset for years. Before Lifecycle Manager, one of the big holes in ATG’s service was its ability to provide strategic guidance to its clients. Lifecycle Manager’s asset management, warranty lookups, and hardware/software monitoring have also been helpful in understanding the security landscape as well.
An out-of-date operating system is one of many examples Alvarez pointed to when discussing the potential vulnerabilities for businesses.
“The bad guys are out there knowing all these vulnerabilities exist and they are just chomping at the bit to have Microsoft say ‘That’s it we are going to stop patching,’ because then they can swoop in and take advantage of the fact there are no more patches for those vulnerabilities.”
By incorporating Lifecycle Manager into their workflow, ATG has been able to leverage the benefits of the asset lifecycle management and warranty services for both strategic planning and client success, as well as continued monitoring for security vulnerabilities.
“When we implemented Lifecycle Manager, it suddenly gave us visibility into that. We could now see all of the systems, their age, their warranty status, and it became a really valuable tool for our business advisors to work with their clients.”
Alvarez Technology Group’s success was supported by their deep understanding of security. As the sophistication behind cyber attacks grows, an MSP’s ability to protect their clients will be more important than ever.