Every company’s IT environment must be built on standards. I’ve believed that since before ZAG Technical Services was founded. I view this as a “thinking inside the box” philosophy. Manufacturers develop their products with standards in mind (their box) and following them leads to the stability and performance that businesses need.
As ZAG has grown, we’ve come to realize that we have a great deal of collective learned knowledge that makes the networks we manage better. We learned some of these standards when we were brought in to solve disastrous situations. We learned others simply by being in the industry long enough and through professional networking. And of course, some standards were acquired during critical events in environments in which we were involved. I’m pleased to say that this last source of standards is the smallest even though they are the most memorable.
Some of these standards are well known, but amazingly are still not always followed:
- Blocking RDP access from the Internet
- Changing the Default Administrator username
- Configuring DMARC
- Tagging external email for easy identification
- Backing up systems in preparation for a disaster
Other standards are not as often rolled out but are equally important. Some common examples of these include:
- Monitoring for impossible travel within Office 365 to ensure a user hasn’t been hacked
- Alerting when forwarding is set up on an email to send data outside of the organization’s domain
- Utilizing MFA everywhere
- Having tiered administrators so that the damage is limited if an admin password is given up
- Segmenting traffic to protect production systems
Those are just a sampling of some of the protections that should be put in place. If your organization isn’t doing these basic items, you are at daily risk for significant damage. The standards listed above are heavily security-based, but we have many other standards that lead to employee efficiency and enabling our clients to compete better.
Over the years, ZAG has compiled hundreds of these standards. We created an internal program to help our clients meet ZAG Standards, called “Standard Alignment Optimization” (SAO). We did this realizing that often we must partner with our clients to continually move to a standard. We can’t just say, “you should do this” and assume that if they don’t take our advice that any bad things that happen are on them. We have to continually reinforce the recommendation and work to better describe the reason for the standard and the risk of not following it.
We work in this methodical way to move our clients to these standards. In many cases, this may take time as not every organization will immediately implement every one of these standards. But we monitor the gaps and keep working to move towards the standards.
New standards are continuously created as we determine their need. This is where our scale comes into play. As we identify the need in one client, we share it across the rest. Clients have come to realize that the more people we support, the more they benefit from this shared learning and knowledge. This has led to a dramatic uptick in clients referring us to other companies.
Driving to these standards is the foundation needed to deliver on our vision of turning technology into a competitive advantage for our customers.
While we are proud of the standards we have built, we aren’t the only source of them. The goal of this article isn’t to sell what we do. It is to inform every organization about the need to create a formal list of standards that are followed and maintained. This process will make your organization better. It will ultimately turn your IT into a competitive advantage!