A growing government contractor in the Washington DC area had a small in-house IT team who had always provided excellent support. However, they were starting to be overwhelmed by day-to-day support requests as the business expanded.
This meant that they no longer had the time to tackle the strategic projects that were necessary to help the business compete, nor did they have the time to keep up with constantly changing requirements for regulatory compliance.
Outdated software and hardware were starting to be a concern from a security point of view, not to mention it was costing the firm unnecessary IT dollars to maintain.
Furthermore, no one was completely confident that they were still NIST 800-171 compliant, a top priority for any government contractor that wants to maintain their Federal contracts.
Ntiva was called in to do to a one-time audit of their existing IT infrastructure and operations, including a NIST risk assessment and gap analysis in order to triage, track and treat gaps in their current approach.
After a deep dive investigation, the first recommendation was to update their data center. Eliminating outdated hardware and software via server consolidation and virtualization not only dramatically lowered maintenance costs but reduced their exposure to attacks.
Comprehensive training on how to maintain the new data center operations was delivered to the existing IT staff, along with detailed documentation.
A complete System Security Plan (SSP) was created, documenting in detail all of the necessary security measures that needed to be put in place to achieve NIST compliance, along with a Plan of Action and Milestones (POA&M) which outlined the action items that needed to be done.
One of the key missing elements was a compliant data backup and disaster recovery solution. Ntiva quickly implemented an up-to-date solution, not only with an eye to federal government requirements but to ensure business continuity.
Even though the contractor was in a solid place to manage ongoing IT operations with confidence, they knew they still needed extra help to remediate all the outstanding issues that were called out in the POA&M.
They also decided it was to their benefit to outsource ongoing cyber security monitoring and incident response in order to maintain NIST 800-171 compliance. Their small in-house team simply didn't have the bandwidth to take on critical cyber security tasks.
For this contractor, it was the right move to outsource strategic initiatives to a qualified third party for much-needed expertise.