A discussion with Mark Rowland, Co-Founder & Managing Director at Cutec, about how they solved client problems using NordLayer and what to expect for next cybersecurity's major challenges and possibilities.
Cutec is a Managed Service Provider (MSP) and IT support company from England. Operating in the industry for 25 years, a 20-employee expert team supports a range of small and medium clients across the UK. Whether an organization has a staff of just a few or hundreds of people, Cutec's role is to consult companies with technical focus and accuracy to fill in the vacancy of an internal IT person for the client.
The consultancy firm fills in the IT management and knowledge gap, which is a recurring issue for many businesses, especially smaller organizations Cutec gets to consult. However, conversing with different clients revealed another concern — there’s no cybersecurity mindset. Mark Rowland, a Co-founder and Managing Director at Cutec, shares his insight on how crucial security awareness is for business continuity.
Business case: decentralizing single-site infrastructure
The client has been with Cutec for about 6 years — during this time, the company of 30 people expanded to an almost 300-employee organization. And as this financial services provider grew into a country-wide company, it started facing security challenges.
“As for a managed IT service provider, it is important to be there for your client when they need you. It’s our responsibility to support branches dotted around different parts of the UK — online presence becomes a necessity over physical.”
Being contained in one place and managing 20 people is relatively easy. However, the client business model involved advisors spread all over the country. Combine it with rapid growth during a short time and data sensitivity due to the nature of financial services — the need to protect databases, CRM, and phone systems was critical.
The foundational elements for security were there: the client had two-factor authentication, password management, and fixed IP in place. It’s secure enough for 20 people sitting in one office, but not if numbers jump to hundred users in dozen cities — circumstances urged for an extra layer of security.
An increasing number of VPN connections to internal applications started causing connectivity issues and quickly bogged the network. This was the turning point for Cutec to find a better solution for a VPN route that would ensure security.
Close-up on the solution
One of the available options for the client was to get much more powerful broadband for the HQ office, install hardware firewalls, and achieve the wanted level of security for an outrageous expense bill.
Moreover, the solution would bind everything to one location. From a disaster management perspective, it’s not sustainable for business continuity — if the power is cut off, the internet goes down, and all employees get disconnected despite their location.
The alternative was getting a NordLayer subscription. Although it meant paying per user license, it offered what the company needed — a fixed IP address that provided much-needed flexibility and stability.
Choosing NordLayer allowed upgrading and downgrading the number of member accounts as the staff comes and leaves and, most importantly, eliminating the dependence on the HQ office — if the power got cut off, server design allowed carry-on working.
Sorting out the inconvenience of in-house security
Deployment and maintenance of the on-premise solution meant a lot of man-hours. It included a remote connection to a client's PC and setting up their VPN connection.
NordLayer, on the other hand, provided a simple solution. The MSP had to connect to the Partner Portal and add the user, so they could complete the setup themselves — click the welcome link to install the VPN.
“The solution setup was fantastic as we looked at a massive project and a big headache. Rolling out NordLayer VPN connection to 300 people was achieved in four days. And out of 300 members, we had only five people calling for help, but that's because they were cautious, not because they didn't know what to do.”
It’s worth mentioning that the client has no one in-house with the knowledge and expertise on cybersecurity. In this case, Cutec is an advisor and a guide for organizations’ cybersecurity strategy, closely collaborating with a single point of contact on-premise, the Technology Director, to help steer the business away from cyber threats.
Expert insights: take on SMBs security
The client scope Cutec works with is usually small-medium sized businesses without internally dedicated IT staff. Better to say SMBs have little understanding of cybersecurity. There’s a persistent tendency for a slow but inevitable change in the business mindset:
A now-outdated perspective of ‘antivirus solves all our security problems’ was effective 10–20 years ago — today you have to think outside the box.
Small-medium enterprises tend to give on-premise servers and migrate to the cloud more often. Core IT support is going to change. It will be more about picking the right cloud solution for people driving the migration to the cloud. Over the next three years, people will drop on-premise stuff and go to the cloud completely, and we'll be there to help them with that.
Cloud-edge solutions like NordLayer are going to get more popular over time. Teams work from coffee shops and McDonald’s — they connect to public Wi-Fi and hot spots and must protect their traffic with tools that work well.
A future notion on SMBs from sensitive industries
The cybersecurity landscape changed— now it’s about protecting yourself online. At our company, we notice clients are transitioning to online cloud services. The number of adopted vendors and service providers can be three, five, or a dozen online solutions and tools.
Previously, having a server in the office under lock and key with a firewall allowed us to assume that that was enough to keep the company secure. However, small businesses struggle to comprehend the gravity of cybersecurity.
“Using Office365, therefore, thinking my data is secure is a mistaken approach. Company data might be secure in the Microsoft Data Center, but is it safe where you are accessing it from?”
After Covid, once people started connecting from their home PCs and smartphones, companies without proper security measures risked having their business data on employees' personal devices.
Larger enterprises and governmental institutions already have an awareness - sometimes forced by insurance companies and bank regulations - of owning some security accreditations to filter down the risks. Meanwhile, small-medium enterprises don’t have this perception, and MSPs like Cutec help them drive in the right direction.
Our biggest challenge is overcoming the big issue of clients thinking that security is finite. Threats are layered and complex — getting an antivirus or a firewall might solve only a small part of the potential risks and gaps for threat actors to exploit. Instead, business owners and their teams must keep up-to-date with a cybersecurity mindset to guarantee business continuity.
Pro cybersecurity tips
Education on cybersecurity is increasing, and it is becoming a common topic of conversation. More and more employees and decision-makers now acknowledge a serious lack of digital security knowledge. To make the learning process easier, it’s better to ask questions and have some starting points. Here’re some pro tips you can begin with:
Explore cybersecurity to broaden your knowledge about threats and solutions for managing them. NordLayer offers layered-by-design network access solutions for all kinds of businesses and their team setups to rise to the challenges of a modern company. And at NordLayer, we care about guidance. Thus, explore our Cybersecurity Learning Center and Decision Maker’s Kit for in-depth support for building your own cybersecurity strategy.
Want to join forces to build a more resilient and aware cybersecurity landscape for businesses and organizations? NordLayer invites Managed Service Providers to seize the opportunity to join our Partner Program — reach out to learn more about it.