“We saw such value in this service. Anytime you can save yourself one headache, it allows you to be more focused on other critical areas.” – Customer’s CEO

 

Challenge

 

After experiencing a shift in the legal space and larger firms inquiring about their security posture, the client realized that in order to scale their business, they needed to promote security and inject this culture into their firm. As part of Knox's onboarding strategy, they interviewed the CEO and other executives to gain a solid understanding of the pain points from both a regulatory and cultural front. 

 

After hearing how Knox's executives had a deep understanding of injecting security into a rogue culture, the client felt confident that Knox would not only ease regulatory concerns, but increase profitability. 

 

Solution

 

Upon entering the facilities, Knox had developed a strategic roadmap for the client based on the data they housed and implemented a security roadmap. Knox aligned the client with the ISO framework as a guideline to success and compliance. In meeting with the teams both technical and non-technical during the risk assessment process, they were able to gain a solid understanding of the inner workings of the business and began to outline all risks throughout the business.

 

By gaining a solid understanding of overall risks, Knox was able to quantify those risks and begin to strategize technical and non technical solutions based on cost and metrics.

 

Lastly, the most crucial step was meeting with the Board, setting up a governance team and getting approval. This process allowed members of the team to work together to improve their efficiency and tackle security holistically and not as a one off. 

 

 

Execution

 

First Knox identified all third party vendors and began to call those vendors and gauge their security posture alignment. The Board was one hundred percent behind Knox in understanding that if the third party was not following a security program, a decision needed to be made whether to sever the relationship. If the company decided to enter our program, we would enforce first party compliance on the third party for adherence. This test case resulted in the client terminating engagements with risky vendors which decreased their risk profile.

 

Other steps in the process included meeting with Finance and Human Resources to gain a solid understanding of inputs and outputs. Once we had a solid understanding of this flow, we were able to change some operational processes to increase efficiency and security.

 

Meeting with the Information Technology department was crucial as the IT department did a great job setting up the systems, but never maintained the systems for security or refreshed the resources. Security solutions implemented were endpoint encryption on all servers, laptops and desktops along with email encryption, digital signatures, redundant Cisco Firewalls with intrusion prevention, vulnerability assessments and more. 

 

Traveling to the client's branch offices were no challenge because the risk assessment (the blueprint) was executed first, so Knox understood where the challenges resided.

 

 

Conclusion

While there is never a conclusion for information security as security must evolve throughout the lifetime of the business, the client has seen more business through a sound security protocol. In today’s environment, larger firms are beginning to vet information security as part of the sales process and if their security is not up to standards, they will loose the opportunity to do business with medium to larger firms.

 

To date, the client has closed deals with numerous large fortune 500 firms for long term engagements due to their security posture and adherence to regulatory compliance.