On April 28th, 2021 Chris Tate, MYKI’s Strategic Alliances Director, met with GreenLoop IT Solutions’ CTO, Stephen Moody to talk about how they were leveraging MYKI internally and positioning it to their clients to improve their cyber threat landscape awareness and overall security hygiene of their ecosystem.
Below is a complete on-the-record interview with no edits. Moody shares his experience with MYKI. A transcript of what we covered is listed further below.
[Chris Tate] It's a pleasure today to be speaking with Stephen Moody, CTO of GreenLoop IT Solutions. Hi Stephen, can you tell us a little about yourself and your MSP?
[Stephen Moody] Yes, so GreenLoop is a managed service provider who has been servicing clients in the Phoenix Metro for over 10 years. We also have expanded into Oregon as well. Most of our clients are small to medium-sized businesses, and in the past year, we've really loved working with MYKI as part of our overall security suite that we're offering to clients.
That's great to hear. What prompted you to get started with MYKI in the first place?
We had been looking for a password solution as part of our recommendations suite for a while. We had looked at a couple of solutions from major vendors as well as some smaller ones. We just weren't finding anything that was a good tool for end user experience where they could self-manage it as well as something that was really oriented towards the channel. We needed a couple of key things there and none of the solutions we had found were doing it.
So, we did some research, found MYKI, I think we ran into one of your reps at a conference, and evaluated that along with some other options and really liked those two features really just the ease of use and the ability to just natively support channel type of functionality.
That's great. How do you generally position MYKI to your clients? I mean, are they currently using a password manager or are you having to introduce the whole concept?
Most of the time they are not. A lot of the clients we have are relatively low on the cybersecurity maturity curve and we're working to get them a little higher. There definitely are some who are farther along. They may already have their own password manager that they use, some sort of LastPass for Teams, or something else.
But we're really targeting MYKI at a lot of the clients that either know that they should have a password manager, but it's really hard to get started, they don't know where to start, or clients who maybe have never even thought of the concept before. So we're rolling it into our overall recommendations suite that we're talking about with clients at their quarterly business reviews, and then they get that as part of that package.
We give them some help getting started, but then from there it really has worked well for us as a primarily end user-managed product. They're the ones handling provisioning users in MYKI. They're doing a lot of the day-to-day management of it, which we love. I mean, our service desk techs don't have to answer very many tickets regarding, MYKI functionality. The users are already taking care of most of it on their own.
Yeah, that's great, and that kind of brings me onto the next point. Over time, do you think that end users are becoming more aware of cyber threats? Obviously, it's in the news all the time, and if not, what more can vendors or MSPs do to educate your user base?
Yes, I mean, our clients are definitely learning more. They're moving forward on that maturity chain. We can always do more. We see, as I said before, that we have kind of a couple of different types of clients. Somewhere they're pretty far along, and they're asking us for, ‘what can I be doing about such and such threat’. And then there are others who don't have a good awareness of the threat landscape, and we're working with both of them.
The way we're doing that is laying out a panel of best practices, figuring out where the client fits on that overall landscape and then picking out a couple of high priority recommendations and moving them forward. It can be as simple as, when we have a cybersecurity incident of some kind, whether a user forwards us an email and we're not sure if it's malicious or not. Sometimes someone's password being compromised.
That's always an opportunity for our VCIO team to have a conversation with them, with the end user and with the management of that client potentially, regarding the nature of the threats we're dealing with, the kind of issues, how to better prepare their users for the modern threat environment, whether it's through security awareness training, some better hygiene practices with email and multi-factor authentication. Just some of the really low-hanging fruit a lot of the time, as well as the bigger picture of that QBR process.
Yeah wow, some really good ideas there. Do you think that, obviously the COVID situation and the transition to more employees of end users working from home, do you think that's kind of put us back or has that accelerated the transition or the awareness of security?
I think for us, it's probably accelerated the trend. I don't know what it would look like across the industry, but for us, as users are working from home more, it has pushed them towards applications and protocols that are really designed more for that remote workforce, whether it's Microsoft Office 365 or some of the other functionality that might be more just kind of cloud-enabled by default.
Those systems have some pretty good security built into them that we can - Our goal is to not roll out something new without considering the security implications of that and helping the client along with that process. Some of those things that they're moving towards, that the client wants to implement, really have had the tools to make that easy for us and we can make sure those don't get rolled out without bringing security into the conversation.
Okay, that seems like it's been a positive experience in some way. The final question then, just a quick one, is what would you say is your favorite feature of MYKI?
Probably my personal favorite is just the seamless multi-factor TOTP integration. Just having that at my fingertips and being able to- I mean, I'm into sites all day long that are using TOTP-based authenticators and this makes my life so much easier. I don't have to pull out my mobile device every time I want to hop in there, as well as just being able to share those across the team.
Yeah, that's great. It's probably my favorite feature as well. So thanks so much for joining us Stephen. If anyone watching is interested in learning more about MYKI and our MSP program that Stephen mentioned, head over to myki.com. But with that, thank you very much, and goodbye.