Test driving WithSecure™ Elements CSPM

When we launched our CSPM pilot program, iOCO Solutions felt they had to be involved. But why? We sat down with Craig Allen, their Head of Engineering, to find out. 

So, we’ve been a partner now for about 5 years. We were looking for an endpoint protection partner who had a more complete offering package and who was looking towards being cloud based. 

What stands out for us is WithSecure’s level of engagement with the partners and the ability to speak to pretty much anyone in the organization. Plus, the product was exceptional – it is feature-rich on the protection side and we have the chance to influence product development.   

So, over the last few years, we have been moving more and more into the hyperscale cloud space, as our customers are seeing the need to move their workloads into the cloud – either due to cost or performance. 

The problem is how do you continually evaluate this space? There is a lot of native tooling in these platforms, which comes with a lot of cost. Therefore, we were looking at how to position a tool in that area that solves our customers’ problems and gives them the certainty that we’ve set it up according to the industry’s best practices, while constantly evaluating everything for them. 

It was almost a no-brainer for us to join the pilot, as it gives us the chance to explain to WithSecure exactly what we’re experiencing, expecting and seeing from our customers. Of course, we also want to gain a deeper understanding of what’s involved and how we position ourselves. 

A lot of security stories we hear are not about an organization being attacked, but that people’s family and friends have suffered a breach. That makes security personal. In turn, this has trickled into their working lives, which makes the conversation easier. 

CSPM allows us to look at everything and look at it at the same time. We’re not going to do an audit every six months on your estate and see where it is. No, we are going to monitor it constantly and ensure that it aligns with cloud regulations and frameworks, as well as ensuring that best practice is always followed. 

It’s the ease of configuring. The solution is really easy to get going and has great detail in terms of permissions and roles required. Within 20 minutes, you can have your account configured and be looking at information coming into a console. 

In the cloud model these days, you have to be more dynamic and that ties in to how you monitor, for example, overtime. 

Yes, definitely. In fact, it is solving problems they don’t even know about. It can often be difficult for an in-house security team to have an overview of what is being deployed when you have multiple accounts and larger estates. CSPM allows us to align their frameworks, establish a base point and then begin monitoring.

The value is in the service we can provide. It is a struggle for everyone in the industry to find good security experts and find that balance between their time and money. CSPM helps us make smart decisions for our customers.

By utilizing CSPM for our customers, we’re effectively reducing the number of hours it takes to look after each customer. 

For mid-market companies, many of their people are on the ‘shop floor’ and don’t have resources that will stretch to paying a huge amount of money. However, they still need the same protection and have to follow the same regulations as larger organizations. Elements CSPM is flexible enough to fit any budget while still providing that security. 

They’ve been great. They are excellent at taking feedback – both good and bad!

They have been very honest and upfront, which we appreciate. We have had a couple of teething problems, but it is all part of the process. They also feed us information about the ongoing versions of the pilot, which helps keep us in the loop. 

We want to see the final version! Obviously, the one we have been working with will be outdated soon, so it will be good to get to the general availability stage. 

Most of our security-minded customers have already started the cloud conversation with us, so we are keen to show them what we can offer and how the tool works, as well as the benefits it will bring them.