reports that there are a bunch of sharks threatening
to file class action lawsuits against this place.
From my perspective, a proactive approach that
includes technical security, education and cyber
risk insurance would have prevented the situation
all together. So there are benefits that you may not
be able to quantify up front but which are equally
important.
Adviser: Can you talk about pricing and how to replicate
St. Ann’s approach?
Sanket: Let’s talk about it from the perspective
of point solutions versus an integrated approach.
There are a couple of ways that it is typically priced.
One model goes by the number of users but when
you start looking at some of the reporting and the
volume of data being processed and stored, it [the
pricing] is actually based on that volume, so you
have a hybrid pricing model.
St. Ann’s has been this amazing customer that got
to this progressive solution over time. We put in
an encryption update, anti-spam, email archival,
web filtering and over time it [the system] has
been integrated. We have a new initiative [at
Securolytics] to kick-start your organization and
give you this quick entry point into the solution and
give you visibility into your environment. It is called
Zero-to-Secure. What Zero-to-Secure does is it
actually consumes your organization’s logs without
any engineer intervention. Within 10 minutes
of installation the organization will see its own
data and whether or not they have ransomware,
compromised devices and insider threats. It also
provides device and user details when threats are
discovered. The total package price for Zero to
Secure is $2,000.
Adviser: What are some of the lessons learned from
point solutions versus an integrated strategy?
David: I have been here [at St. Ann’s Community]
five years. I’ve run technology across different
industries and what I’ve found is that in general, the
point solutions they want are a firewall appliance in
the server room and a SPAM filter in front of their
mail server. That was basically the whole way of
doing this.
For St. Ann’s, Securolytics is really not a point
solution but rather an integrated approach. We had
a firewall in place, we had an anti-SPAM filter, we
had an appliance that would do some of the email
archiving. Then we wanted to do email encryption.
So we did what every other good company does and
we went out and implemented ZIX as a solution –
that’s what MVP and Excellus used. Now we had
another point solution. Then we started looking
at these fixes and saying, “Wait a minute, there’s
a capital investment every single time we do this.
There’s a server administrator that actually has to
look at these things and keep them up to speed
every time.” We still had to contract for expertise
from the outside and we still had develop our
people by sending them off to seminars and so
forth, but we didn’t have a view of our holes or gaps.
We didn’t know what we didn’t know!
So we went out and started putting this umbrella
around the network and every one of those point
solutions was moved up to the Securolytics cloud.
(Continued)
leadingageny.org 32