A critical server crippled by ransomware. Multiple C-level executives falling for phishing attacks and sending 6-figure wire transfers. Major security incidents were becoming increasingly common across our client portfolio, bringing with them major financial and productivity loss for our clients and our team. It was becoming clear that it was time to stop talking to our clients about security and start taking action.
Kinetix is a traditional Managed Service Provider pushing security services like Single Sign-On (SSO) and Multi-Factor Authentication (MFA) as optional “best practices.” In our Quarterly Business Reviews, we would line up a battery of strategy recommendations hoping that clients would take security seriously, but knowing that they would just end up using their IT budget to replace failing infrastructure and improve WiFi speeds. Clients found the latest, greatest security tools interesting and recognized their importance, but usually ended up treating them as proactive nice-to-haves that they’d “definitely do next quarter.” Just about the only thing that would convince most clients to take action was a major security incident actually happening. Saying “I told you so” only feels good for about five seconds.
After analyzing our client’s security incidents over the past several years and researching publicized reports, we came up with a short list of five essential security tools that would have prevented more than 90% of those incidents. Since almost all of our incidents happened because of account hacking, the most effective of all these tools was a clear winner: OneLogin SSO with MFA. We then asked ourselves what would happen if all of our clients had OneLogin, along with the other critical tools we identified. It was tempting to think how easy life would be if we could stop fighting fires and bending over backwards to convince clients to protect their best interests, but we still didn’t know how to convince them all to go for them.
With the help of some valuable partnerships—best of all with OneLogin, with whom we had been working closely for several years—we were able to bundle these critical tools into our new Security Essentials package. We devoted several months to honing large-scale deployment processes to dramatically lower our cost of implementation, to the point where we could afford to waive implementation fees. The overall monthly cost we could offer for the package was cheaper than any individual company could get licensing the tools individually and, in the most crucial part of our strategy, we enrolled all clients in the Security Essentials service on a compulsory basis. The monthly cost increment wasn’t much more impactful than a cost-of-living price increase for most clients, and to our surprise, only a few clients balked. Almost all were grateful for the deal and to have the decision taken off their plates.
We were anxious about taking this plunge, but so far, we have been extremely happy with the outcome of the Security Essentials program, and our clients have been thrilled to get peace of mind through quality tools like OneLogin at a no-brainer price. Even better, no client has experienced a major security incident since completing their deployment—a significant win for everyone involved!
81% of hacking-related breaches used stolen and or weak passwords. By deploying OneLogin with MFA, we have effectively replaced an estimated 10,000 customers passwords with security assertion mark-up language (SAML). Furthermore, we have wrapped more than 3,000 customer apps like G-Suite and Egnyte with a second authentication factor, so even if a credential were compromised, it would still be protected with MFA.
We couldn’t have had the success we had without the assistance of the OneLogin partnership program. Their responsiveness, openness to feedback, follow-up, and strategic guidance was key to the successful launch of this program. As the capstone to our Security Essentials package, OneLogin’s software and high-touch partnership program has brought a major value add to Kinetix and our clients.