Case Study
As Makaye InfoSec took on more customers, they faced two mounting problems: growing client cybersecurity threats and increased corporate compliance regulations. When George Makaye, CEO and Founder, brought inSOC into his offering, he generated better relationships, services, and security assurance for his clients. As efficiency increased, so did growth for Makaye InfoSec.
Makaye’s original goal, is to “make the world a safer place” by bringing better IT to small businesses. The conflicts started immediately. “What we’re finding, obviously, is that more and more small businesses have been required to meet minimum security controls and requirements, and that those requirements have been forced by large organizations.”
If the SMBs who serve these larger companies do not take the appropriate actions to secure their customers’ most sensitive data, they risk breaches, lawsuits, and potential government fines. Makaye also understands that SMBs don’t have the budget for high-ticket cybersecurity. Makaye tried assigning his own engineers to solve the problem, but they couldn’t keep up with security training, upgrades, and compliance.
“It was just a total disaster. And I think the challenge is that … there’s so much to do. There are so many competing priorities and there are so many different demands on your clients.”
Wiith 20 years of experience, Makaye knew to trust the experts. He researched best practices of Fortune 500 companies, where cybersecurity and IT worked as separate departments. “It’s a whole different mindset and it’s not really a typical IT mindset. A typical IT mindset is about support, administration, set up, and optimization of the information assets.”
Banks had one set of compliances, and hospitals another. The manufacturing and health care sectors typify the increased pressure on SMBs. HIPAA controls passed down to nonprofit SMBs are particularly vulnerable to security and compliance issues as they are being enforced by their customers,” Makaye said.
“They want to protect their clients’ … private information. They don’t want a cyber breach that could result in a reputation issue.”
“So the customers that have that both IT and cybersecurity, it’s just a perfect marriage. Because IT companies focus on administration, support, optimization of the systems they’re not worried about cybersecurity. They’re really focused on making sure that IT is usable and working well. The security vendor is focused on making sure that all those information assets are secured, have the right controls, are in alignment with the regulatory requirements, are keeping up with the changing laws, and ever evolving cybercriminal tactics. And then who really wins is the customer because they have the best of both worlds.”
Makaye tried other SOCaaS providers. “They were just too heavy. They took too much time to implement and customize for each customer, and right size for clients. They were just not feasible for us to do that at scale.”
Makaye contacted inSOC and found their practices and outcomes exceeded those of competitors. inSOC focused on the CIS Critical Security Controls controls and configuring enterprise security tools to meet common security frameworks, instead of stagnant best-practices.
“Most of the SOC services and the SIEM appliances out there… they only do one or two things out of the Top 20 CIS Critical Security Controls. And what was really attractive for me about inSOC is they focus on implementing the relevant critical security controls working with my team to onboard the customer and harden their environment. inSOC’s SOCaaS solution is built on a tried and trusted cybersecurity framework, which is part of a layered security offering that monitors all those controls and lets us know that the customer is compliant based on the framework. And if it’s not, we get an alert and we’re able to go in and do remediation. This was very attractive to me.”
Makaye rolled out the inSOC services in early 2019 by selling inSOC services as part of a monthly MSSP consulting package.
“I’m trying to provide the customer with a full solution and not a piecemeal set of tools. I think inSOC is a perfect fit. They help us drive the outcomes that we want the customer to experience. I found that inSOC’s value proposition and the service they provide enables us to deliver the full package, the whole, what I call chocolate cake. Not just lots of separate ingredients.”
“One of the things that I think has been a game changer is when clients realize that they can actually use their cybersecurity investment to their own advantage. If let’s say they become … HIPAA compliant, they can use that to market themselves and to show differentiation against their competitors because most of their competitors are not going to have these controls.”
Smarter business owners partner with inSOC because “they care about their business, they care about their clients, they care about their users, and they want to make sure that they’re secure.”
By working with Makaye InfoSec and leveraging inSOC’s services, SMB customers get the high-level expertise of cybersecurity experts and the benefit of enterprise level tools with 24/7 SOC wraparound services at a fraction of the cost.
“The ability to provide cybersecurity services based on an established security framework ensures that Makaye Infosec can help their clients to differentiate themselves from the competition, as well as scale their cybersecurity services cost effectively,” Makaye said. “So that’s a huge differentiator, especially when you’re going after big clients who are more security sensitive. With inSOC, businesses can demonstrate that they have their stuff together, security wise… that their systems are locked down, and compliant. They gain the peace of mind that their business is secure, and that they’re not going to suddenly get breached tomorrow and be out of business. That’s a huge selling point.”