One of your clients is the victim of a ransomware attack. The attackers have stolen and encrypted their data and are asking for a ransom. In a panic, the client calls on you for help. Is your MSP ready to get them up and running as soon as possible?
For CEO Luis Alvarez and his MSP Alvarez Technology Group (ATG), the answer is a definitive “Yes.”
He has seen situations like these before, putting in place the proper preventative measures and working with the client and insurance companies to get clients back on their feet while reducing any damage as much as possible.
Based out of Monterey County in California, ATG is an MSP aimed at serving small to mid-sized businesses with a focus on cybersecurity. With fewer options available to smaller companies for IT solutions, Alvarez wanted to be the premier resource for businesses across the central California region.
For Alvarez, leading a premiere MSP starts with a focus on security. Founded in 2001, ATG has grown to more than 25 employees serving Monterey, Santa Cruz, and San Benito counties. Over the past 21 years, the MSP has developed its primary offerings around managed security services.
No longer just an add-on for clients, security services are now the primary driver behind ATG’s client partnerships and Lifecycle Manager has become an important part of that process. By using the asset lifecycle reports, warranty lookups and renewal service, and hardware monitoring, ATG is able to keep detailed records of a client’s tech environment. With these records, ATG can provide accurate and timely asset information allowing clients to make informed decisions for their business and security.
The Security-First Approach
In 2017, Alvarez began to address the growing problem in the MSP space: the threat landscape was dangerous and only getting worse. With increasing sophistication in cyber attacks and the growing wave of cryptocurrency fueling criminal activity online, Alvarez recognized that security and safety had to become a priority for his MSP and clients. Since then, he has worked with his staff to successfully prevent several attempted attacks on his clients.
Increasing threats to businesses weren’t just a theoretical trend for Alvarez. He has dealt with this issue before, successfully leading a client through the recovery process. ATG was able to leverage Lifecycle Manager’s asset monitoring and reporting to make the recovery process as easy as possible.
Alvarez explained his experience in assisting a new client recover from a malicious attack. During the first two months of onboarding this new client, attackers hit the business with ransomware. Working data and backups were compromised before the client could replace their backup system as ATG recommended as part of the early onboarding process.
When Alvarez heard the news, he and his team got to work contacting the insurance company and working to assess the situation. ATG’s client did have cyber liability insurance, but insurance isn’t a complete solution to the issue, he said.
As the insurance company conducted a forensic review of the situation, ATG was able to get some of the client’s systems in working order and used Lifecycle Manager’s comprehensive report of the client's hardware and software environment to aid the insurance company’s assessment.
The Lifecycle Manager asset lifecycle report accurately documents and categorizes all of a business's hardware and software assets into detailed, color-coded categories. Information like age and warranty status are listed alongside the assets. Items marked red are at high risk due to several reasons including being outdated, no longer covered by warranty, having not been updated to a supported version, and more. The report includes an amber category that notes which assets are close to being high risk, and a green category that notes assets in good standing.
Being able to track their clients’ asset lifecycle details was a key factor in earning cyber insurance approval, a notoriously difficult process to work through. A thorough asset management policy meant that the client was able to recover.
Alvarez recalled this example as a way to illustrate why taking every precaution available is vital to the security and safety of the business and its employees.
The ATG team implemented their own Security Operations Center and developed education and training programs for clients to get buy-in to security initiatives early in their working relationships.
Initially, these security discussions led to clients adopting additional security services, but now Alvarez bakes in the security measures in the core of what his business provides. It’s not an option anymore.
Knowing your tech environment
One of the early lessons for Alvarez was that you can’t always build walls high enough to prevent all attacks. Making sure they have the tools and services in place to develop that “alarm system” is an important step in monitoring security status.
You can’t manage what you don’t know exists. So Alvarez made it a point to find tools that would give the MSP granular visibility to everything that they do with their clients. Accurate monitoring doesn't just help with security but is crucial for MSPs to work with clients in strategic planning.
To get a comprehensive state of their clients, Lifecycle Manager, then known simply as ScalePad, has been a part of ATG’s toolset for years. Before Lifecycle Manager, one of the big holes in ATG’s service was its ability to provide strategic guidance to its clients. Lifecycle Manager’s asset management, warranty lookups, and hardware/software monitoring have also been helpful in understanding the security landscape as well.
An out-of-date operating system is one of many examples Alvarez pointed to when discussing the potential vulnerabilities for businesses.
By incorporating Lifecycle Manager into their workflow, ATG has been able to leverage the benefits of the asset lifecycle management and warranty services for both strategic planning and client success, as well as continued monitoring for security vulnerabilities.
Alvarez Technology Group’s success was supported by their deep understanding of security. As the sophistication behind cyber attacks grows, an MSP’s ability to protect their clients will be more important than ever.
How Lifecycle Manager Helped Alvarez Technology Group Close Gaps and Boost Security
| Category | Before Lifecycle Manager | After Lifecycle Manager |
|---|---|---|
| Cyber Incident Response | Manual scoping, limited asset visibility, reactive support during ransomware incidents | Fast recovery aided by detailed Lifecycle Manager reports and scope-of-work for insurance approval |
| Asset Visibility | Incomplete awareness of hardware/software age and status | Full asset inventory, categorized by risk (Red/Amber/Green), with warranty and support visibility |
| Security Posture | Security was an add-on service | Security-first approach integrated into every client engagement |
| Insurance Support | Limited documentation for cyber liability insurance processes | Lifecycle Manager reports used as audit-grade documentation for insurance approvals |
| Hardware Lifecycle Planning | Uncoordinated, reactive replacements | Strategic planning of replacements based on lifecycle data |
| Warranty Management | Warranties often missed or expired | Systematic tracking of expirations, leading to increased warranty renewals |
| Client Conversations | Advisors lacked data to guide infrastructure decisions | Business advisors use lifecycle insights to guide proactive, strategic upgrades |
| Security Vulnerability Tracking | Harder to identify outdated systems or end-of-life software | Automated tracking of OS age and support status for proactive risk mitigation |
| Onboarding New Clients | Reactive security assessments after issues occurred | Early visibility and recommendations during onboarding using Lifecycle Manager |
| Security Education | Security upsells dependent on client interest | Security baked into core services, supported by client training and SOC oversight |
| Cyber Incident Response | Manual scoping, limited asset visibility, reactive support during ransomware incidents | Fast recovery aided by detailed Lifecycle Manager reports and scope-of-work for insurance approval |
|---|---|---|
| Asset Visibility | Incomplete awareness of hardware/software age and status | Full asset inventory, categorized by risk (Red/Amber/Green), with warranty and support visibility |
| Security Posture | Security was an add-on service | Security-first approach integrated into every client engagement |
| Insurance Support | Limited documentation for cyber liability insurance processes | Lifecycle Manager reports used as audit-grade documentation for insurance approvals |
| Hardware Lifecycle Planning | Uncoordinated, reactive replacements | Strategic planning of replacements based on lifecycle data |
| Warranty Management | Warranties often missed or expired | Systematic tracking of expirations, leading to increased warranty renewals |
| Client Conversations | Advisors lacked data to guide infrastructure decisions | Business advisors use lifecycle insights to guide proactive, strategic upgrades |
| Security Vulnerability Tracking | Harder to identify outdated systems or end-of-life software | Automated tracking of OS age and support status for proactive risk mitigation |
| Onboarding New Clients | Reactive security assessments after issues occurred | Early visibility and recommendations during onboarding using Lifecycle Manager |
| Security Education | Security upsells dependent on client interest | Security baked into core services, supported by client training and SOC oversight |