Paradyme Management Inc., based in Tysons Corner, Virginia, and Greenbelt, Maryland is a rapidly growing government technology leader specializing in agile software development, DevSecOps, human-centered design (UX/UI), AI/ML, RPA, ERP software implementation, cloud engineering, and enterprise integration for federal government agencies.
The company wanted to land contracts with larger federal agencies, including the DoD. This required implementing much more robust security, especially to stave off the increase in cyberattacks that often comes with high-profile government contracting.
To win federal contracts, the company had to comply with NIST and CMMC standards, the strictest in the federal space. The problem? Paradyme had just one junior IT engineer and lacked the expertise on their internal team to meet these compliance standards.
"We did an analysis that showed what we would need to meet those requirements on our own," explains Jocelyn Hsu, Paradyme Chief Administrative Officer. "We knew we couldn't handle it with the one resource we had, so we did a cost benefit analysis and decided outsourcing was the right option."
Paradyme wanted to make sure they selected a partner who understood government regulations inside and out, which led them to Ntiva. Ntiva immediately rose to the challenge, as every asset belonging to every remote employee and subcontractor had to be tracked down and tagged.
In addition, Ntiva implemented and tested a Security Information and Event Management software solution, completed the company's System Security Plan and Plan of Action and Milestones, and conducted penetration tests and phishing tests.
Ntiva also conducted comprehensive training, teaching Paradyme staff how to guard against phishing attacks, and how to safeguard hardware and data against theft - a vital consideration with so many of the company's employees working remotely.
"One of the biggest advantages of working with Ntiva is they have a whole program for on-going cybersecurity education and training," says Hsu. "The best cybersecurity measures in the world can easily be negated if your people aren't trained. Ntiva not only tests our staff's cybersecurity awareness, they send us metrics and trainings that are very well organized and easy to implement."
Within mere months, Paradyme saw a dramatic and rapid improvement in their cybersecurity compliance scores.
In November 2020, before starting to work with Ntiva, they measured their compliance level using the NIST 800-171 self-assessment tool. The score was -60 points.By April 2021, four months after outsourcing their cybersecurity to Ntiva, their score had risen to +59, a whopping 119-point improvement, purring them well into the zone of compliance with NIST cybersecurity standards.
"Working with Ntiva and improving our compliance has opened up a lot of opportunity," says Hsu. "But more importantly, meeting these guidelines has put us into alignment with best practices for any company dealing with sensitive data or critical infrastructure. Ntiva will help keep us ahead of the new standards as they arise, so we'll always be protected."