This week some food for thought.
How a Service Provider's Claims Made Me Go on a Diet
One of our customers is changing their managed service provider.
From my first conversation with the old service provider, something felt wrong.
What they claimed didn't make sense.
The last claim I heard from them came during a recent security audit.
"Because we have ISO-27001, by implication, means you have multi-factor authentication enabled on all your accounts."
I am sure the service provider's ISO-27001 certification - completed two years before signing this customer - does not cover the customer's configuration.
The way a service provider works and their customers are entirely different.
The configurations are different.
The scopes are different.
I've talked previously about why deciding a scope is so important. And unsurprisingly, it is the first step of any certification.
While explaining this to our customer, I searched for an analogy.
It's like having a personal trainer...
Just because a personal trainer has a healthy lifestyle with lots of exercise doesn't mean the client has the same level of health and fitness.
They are two different people.
With two different scopes.
Personal training and security are about doing.
Not about talking and what could be done.
It's reassuring that the service provider has done the necessary work.
But it's meaningless unless that work has been done in the client's business.
You'll know I'm fat if you've met me in person.
My physique doesn't prevent me from doing day-to-day things.
If you need a 100m of new fence installed by hand - I can do that.
Walk for miles, go swimming - yes and yes.
Notwithstanding - I am in the worst shape ever.
This made me look at how we work with new customers.
Their IT works.
Surely it's fine...
...but they have more security holes than a sieve.
Both of us know what we need to do.
We both know the benefits.
We may even talk about doing it...
But it's the action that counts.
Doing - not talking.
So if Fresh Security continues to ask our customers to make changes - to become more secure...
Why aren't I prepared to make changes and lose weight?
I started a little over a week ago.
Starting weight: 133.1 kg (293 lbs)
Weight loss so far: 2.5kg (-1.9%)
Here's to doing.
And incremental improvement.
Oh... and the service provider had not configured MFA.