Reliable IT is a company’s most valuable commodity, says Trent Milliron, CEO and founder of Kloud9 IT. Still, many companies are adding layers of security tools instead of establishing a strong security foundation, and it’s problematic.
After Trent Milliron graduated from Ohio University, his first job was like living in a dream. Many aspiring tech professionals like Trent moved to San Francisco during the dot-com Internet frenzy of the late ’90s and early 2000s. A “work hard, play hard” mentality characterized the lifestyles of those in Silicon Valley, and night after night Trent and his colleagues dined in the glitz and glam of company-catered rooftop gatherings. Trent worked for a print and online magazine called The Standard, which covered the buzz in the dot-com industry. Though Trent was green in the tech industry, he was thrown into an advanced systems administration role, where he thrived by figuring things out for himself.
In between sips of champagne, young Trent remembers thinking, “This can’t possibly be sustainable,” but the allure of a fast-paced career and urban lifestyle was irresistible. As with a Grimm Brothers fairy tale, we know how this story ends. The dot-com bubble burst and investors lost $5 trillion. Between 2001 and 2004, an estimated 200,000 jobs were eliminated in Silicon Valley alone, including 70% of Trent’s colleagues at the magazine. “That was an introduction in my life to how not to run a company,” Trent says. “Run it with sound financials, not a bubble that’s keeping you afloat.”
The key to being successful in the IT industry, Trent knew, was finding a balance between the accelerated pace of the latest hype (like the dot-com era) and the sloth-like stride of a public school system, where he worked after leaving the West Coast. Go too fast, and you risk bottoming out your funds and sacrificing sustainability. Go too slow, and you miss out on the benefits of a scalable technology strategy. After several years of swinging from one side of the technology pendulum to the other, Trent built balance in his IT firm, Kloud9. “Between the dot-com era and the school system, I witnessed a disorienting way of being. I knew I could do it better; I could go to clients and establish parameters, standards and policies,” he says. Trent sought to provide a Fortune 500 suite of services his business clients could depend on. “Their IT would always work; they would always be able to do their jobs— and that’s a very valuable commodity to a business. That’s what we do at Kloud9.”
Standards And Policies Are Efficiencies That Companies Can Recognize
After the Internet bubble burst, Trent moved back to his home state of Ohio and sought a more sustainable career. He negotiated his ambition for crafting effective IT solutions and a desire for predictability by working as an IT tech with the Cleveland public school system. What he gained in predictability in the government center, he gave up on productivity. “You can’t get anything done without seven layers of approval, compared to San Francisco, where they throw you into something and say, ‘Get it done,’” he says. This working method presented challenges to Trent’s autonomous work ethic and inclination toward improving system efficiencies.
In the early 2000s, Cleveland Metropolitan School District students were given laptops at a 1:1 ratio. It was the first time many of the students had used a PC. The school had no policies, and students were given unrestricted access to their devices. It caused innumerable problems for the IT department, everything from game installations to pornography downloads. “The students were administrators on the devices and could install or do whatever they wanted,” Trent says. “They quickly destroyed the machines, and every day we were overwhelmed with fixing broken laptops. I couldn’t believe this would be a normal thing the school allowed to happen.” Trent solved many of those issues by restricting student access to the devices. “It reduced the overall problems and kept the kids where they were supposed to be,” he recalls, but Trent couldn’t reinforce the policy without leadership approval. “I got a good talking to,” he says, and he was forced to stop. “It’s a lesson that, as upper management, you should listen to people’s ideas, hear the pain points,” he explains.
Trent understood that nonprofits and businesses would benefit from outsourcing their IT to expert talent and get a better outcome. Some businesses, like public school systems, lack vision. Other companies are hyperfocused on security tools or the latest trend and lack stability. Both lack policy and standardization, and that’s where Trent felt he could be a differentiating factor. “Standards and policies create efficiencies that companies can recognize. That was my mindset going into the business,” he says. In 2007, Trent founded Kloud9 IT with a best-practices mindset, which has proven to be successful as IT trends come and go. A best-practices mindset, Trent says, always works to keep clients’ systems secure and at peak performance. After 15 years of the company’s operation, no Kloud9 IT client has experienced a cyber breach.
Real Cyber Security Comes Down To People
The greatest vice of the cyber security industry, Trent says, is believing that security tools can fix your problems. He talked about this one year ago in his co-authored book, Cyber Storm: How To Protect Your Business From A Data Breach And The Resulting Cyber Storm Of Fines, Lawsuits, And Customer Loss, and always makes it a focus during client conversations. Businesses must acknowledge that cyber security starts with the basics, and that begins with people.
“Ultimately, cyber security is a mindset you need to establish at your company. Properly set-up and secure IT is the most important piece,” Trent explains. “You can overlay with cyber security tools, but if you don’t have a properly set-up infrastructure, those tools don’t matter.” Trent points out that when we read about big companies getting breached, it’s not because they didn’t have the best security tools. “It’s because people weren’t doing the right thing, or something was missing from the standards and procedures side,” he explains, like an employee inadvertently sending payroll credentials via e-mail to a criminal posing as the company CEO. “If you’re not doing those basic things, no tool will save you. They are things people need to do.”
Many of Trent’s clients work in professional services, including CPAs, financial firms, and law firms. Historically, those companies have not understood the gravity of security practices. Then, highly confidential client data is breached. “Taking a serious security stance and hiring a professional company to handle that is paramount for them right now,” Trent says. The first thing Kloud9 does when onboarding a new client, like a CPA, is spend time getting them to a best practice of standards. “Once we get them there, their problems will magically disappear,” he explains. “That’s where all IT fails: a lack of upfront planning and standardization, especially in businesses. We must get them to a place of best-practices standards. It’s very sustainable, and our long-term clients recognize that their problems went away, just like we said they would.” Doing the work upfront, Trent says, is how problems reduce over time. It’s not magic – it’s standardization.
Prevent Vulnerabilities In The First Place With The “Core Three” Approach
Kloud9’s approach to best practices is based on Trent’s Core Three standards. When companies perfect these three standards, they’ll drastically reduce vulnerabilities. The Core Three pillars are proper user management, data management, and device management.
Here’s how it works: An employee is assigned a username and password. That information is stored in a central location, and those credentials are tied to specific users. From the central location, users are permitted only the data and files they need access to. The final step is tying users to their devices, including computers and phones.
It sounds basic, and it is, Trent says. Still, he’s amazed at how many businesses are drawn to hyped-up security tools without perfecting fundamental security elements first. “Sometimes in a business, there’s no main corporate directory that everybody’s kept in. It’s not tied to their files or data. There’s no system; the permissions are completely wide open,” he explains. “Another problem I see is when devices are not locked now. If Suzy leaves her computer in her car with the corporate payroll on it, all a criminal has to do is turn it on and log in. If you’re not doing the Core Three, no tool will save you.”
Since 2007, none of Kloud9 IT’s clients have been breached, and most don’t use high-end security tools.
“I attribute that to the fact that we set them up in a best-practices manner from the start,” Trent says. When businesses utilize the Core Three approach, it prevents holes in company systems – that’s effective cyber security. “There’s hype around selling cyber security tools, but that’s not real cyber security. Those tools are looking for holes that shouldn’t be there in the first place. If businesses set up their networks in a best-practices manner, they won’t have many of these holes, to begin with.”
More and more companies are catching on that cyber security comes down to fundamentals like Trent’s Core Three. “That’s the holy grail to profitability in any industry,” he says. “Scale, standards, and processes – that’s how you get there.”
For more information on Kloud9 IT, please visit www.kloud9it.com