How CIS SecureSuite Drives New Revenue Opportunities for Service Providers

Dewpoint Inc. Uses CIS SecureSuite Membership to Drive New Revenue Opportunities. The Challenge: Balancing Cost, Practicality, and Ease of Use

The Challenge: Balancing Cost, Practicality, and Ease of Use

Michigan-based Dewpoint provides project management, agile, application, infrastructure, security, and tailored professional and managed services solutions utilizing local resources with global experience. The company is distinguished by its depth and quality of delivery experience, focus on client success, ease of doing business, and track record of consistently delivering for its clients over a 25+ year history.

The company has deep expertise in the hosting and data center services, helping support key strategic initiatives such as data backup and recovery, data storage, virtualized environments, database services, performance improvement, and overall architectural design and implementation.

Many of Dewpoint's customers are small- and medium-sized businesses with limited technology resources or expertise in-house, especially in cybersecurity. When Don Cornish joined Dewpoint as Chief Information Security Officer five years ago, he recognized a need for a cybersecurity framework and platform to meet the needs of Dewpoint and its clients alike. For the company's clients, he was keen to solve a particular challenge: find a practical framework that’s relatively straightforward and cost-efficient to operationalize.

The Solution: CIS SecureSuite

After researching several commercial solutions, Dewpoint selected CIS SecureSuite, a comprehensive set of security best practice recommendations and integrated cybersecurity tools.

CIS SecureSuite appealed to Cornish because he was confident that Dewpoint's operations team could quickly learn the tools, use them to identify opportunities for improvement, and ultimately create a strong cybersecurity foundation for his company and its clients to build upon. He also felt that CIS's broader resources upon which the CIS SecureSuite tools were built provided the value and confidence Dewpoint and its clients were seeking.

"It's good value for money, very useable, and highly relevant to our industry," Cornish said. "The Membership economically simplifies very complex processes. Our teams don't have to pore through pages and pages of standards."

"We also like that CIS constantly stays abreast with what's happening in the world of cybersecurity. We can be confident that the tools and resources in our Membership are always evolving to meet the security needs that come with new technologies and environments."

Dewpoint undertook an extended evaluation period. The company used CIS SecureSuite for six months before fully adopting it.

Initially, it focused on hardening technologies it used in-house and securely configuring its systems according to the baselines and best practices provided in the CIS Benchmarks. This approach delivered a strong foundation for building a hardened platform – what Cornish calls a 'gold build' – that employees could use internally and with their client engagements.

The Impact: A Quick Return on Investment

Cornish said he's worked with other organizations doing the 'gold build' process internally. He's glad Dewpoint went with CIS SecureSuite. In his words, devoting several engineers to this kind of effort – even part-time – would "significantly exceed the cost of a CIS SecureSuite Membership." That's before calculating the costs associated with ongoing maintenance. By contrast, Cornish said that CIS SecureSuite Membership delivered a positive return on investment after just three or four months.

The internal benefits are just half of the story. Looking beyond the company's four walls, Cornish noted that CIS SecureSuite Membership had given Dewpoint a real competitive advantage.

For example, the company recently won an engagement to help the Michigan Department of Health and Human Services (MDHHS) run cybersecurity assessments based on CIS frameworks. A key factor was Dewpoint's ability to use the CIS Controls Self-Assessment Pro Tool (CIS CSAT Pro), helping MDHHS assess the security posture and maturity of Michigan Counties that have contracts with the MDHHS Office of Child Support and then identify remedial actions and improvement roadmaps.

In addition, Cornish indicated that Dewpoint is leveraging its CIS SecureSuite Membership to help a client build a roadmap to improving its cybersecurity posture. A 2021 law requiring licensed insurers and producers in the State of Michigan to comply with more stringent data security requirements necessitated this engagement.

What's Next?

According to Cornish, Dewpoint will continue to build on its use of CIS CSAT Pro going forward.

"We like what the CIS CSAT Pro tool provides from an assessment and an implementation perspective," he explained. "We've taken the product to market with clients and prospects and have helped a number of them conduct security assessments, create maturity scores, and identify areas of improvement that our consulting teams can assist with."