Customer Success: Education Services Provider Improves Confidence in Security

CUSTOMER SUCCESS STORY: FOLLET CORPORATION

Paul Groisman, Director of Cyber Security and Chief Information Security Officer for Follett Corporation. At a high level, what our security environment looks like at Follett is: we have a hybrid, we have traditional on prem, we have cloud environments, we have security technologies in the Azure environment, we have AWS, as well as IBM WebSphere.

We have approximately 20,000, endpoints 12,000 of which are spread among our retail environments and the rest among our business units. Some of the challenges in our environment included the lack of visibility, the lack of knowing what’s actually out in our environment, what potential threats are we experiencing? What type of activity are we seeing as well as what activity are we not seeing?

That was a major concern with some of our legacy traditional antivirus software, that we really did not have a great consistent process to manage across our environment. Before GuidePoint Security we had very limited confidence. Because of our network architecture, the way our retail environment is, there is a delay in getting updates and patches out to our endpoints. We have traditional anti-virus software. And it was limited success in detecting your more advanced threats, as well as some that may have been pervasive in our environment for a longer period of time.

After having GuidePoint assist us with our endpoint visibility, it’s been a significant difference. We feel a lot better about the capability, the product and the services we have in place now. It allows myself to sleep at night knowing the fact that we have a service provider providing 24/7 coverage and visibility, and has the ability to respond within our environment in a quick and timely fashion.

Prior to GuidePoint, we did not have a formal application security program. By performing several application security assessments as well as a gap and map assessment around our application security program, we’ve been able to identify key opportunities for improvement, identify key milestones and key objectives on how to measure, monitor and develop an overall application security program.

We’ve seen a lot of value in bringing in a managed service partner to help with vulnerability management. We see a lot better engagement, we see a lot better in quality and timely results from vulnerability scans, as well as risk and managing our remediation activities. Not having that expertise in- house, but being able to call upon a trusted partner like GuidePoint has been a game changer for us. We have consistent engagement, we have consistent quality and consistent results now.

The reason why we chose GuidePoint was the personalized approach to our situation at Follett. We’re a smaller company, our IT runs very lean in multiple areas. And I had a small group when it comes to cybersecurity, but I really needed that trusted advisor and that personalized approach as opposed to a one size fits all, and GuidePoint Security has met that need for me.

GuidePoint has taken the opportunity to learn about our business, understand the Follett environment, understand our leadership structure, what our current challenges are, what our issues that we dealt with in the past and develop an approach that’s customized for our organization. That’s been quite significant. Some examples of that include our assistance with our board of directors reporting, as well as producing cybersecurity metrics that apply for our organization as well as setting a current state analysis and developing maturity model customed to our organization.

So from a high level strategy perspective, having GuidePoint assist with our board of directors, visibility has been significant. It’s made a tremendous difference for me. It’s allowed me to tap into expertise that I currently do not have in-house, but are industry-specific subject matter experts aligning our program with the NIST cybersecurity framework and maturity model.

This has allowed me to articulate a message to our board of directors that frankly they were not aware of prior so it’s made a significant difference and benefit for our organization as a whole. And I credit GuidePoint for their assistance and helping us out with that.

One thing that says GuidePoint apart from others is their regional partnership model. This allows customers such as myself to reach out to the most accountable people within the GuidePoint executive team. I have access to my account executive, I have access to our regional partners. I have the ability to ask questions and get immediate responses as soon as I need them. This is what clearly sets GuidePoint apart from some other competitors in this space–having this local touch, but national capability sets them apart from others in this space.

I would recommend GuidePoint to other CISOs because GuidePoint takes a customized approach and tailored approach to their customers. Rather than trying to push certain products, they really take the time to know and understand the customer environment. No one understands what their dependencies or what their problems are. They take the time and opportunity to build trust more. Most importantly, trust is the foundation of all cybersecurity initiatives. Without trust you don’t have anything. I think GuidePoint takes a really a hard stance in trying to build trust with their customers and be that trusted security adviser.