“We want control”- In conversation with Craig Faiers (arc systems)

Many thanks to Craig Faiers, Commercial Director at arcsystems, who speaks about the organizational changes due to the growth with managed security services.
Olaf: When and how did the managed service journey at your company start?

Craig:  It was an unusual path for us because we were 20 years old. It started with support.  We have practiced this in other solutions that our customers wanted to choose a better service. So that was an internet service provider because we provide internet through an ISP in the UK. We had a lot of our engineers with people on cell phones and couldn’t solve the problem as quickly as we wanted. We said we can do better. That’s how we really grow.

We have built very close sales negotiations over the years and have put ourselves in hand with best of breed to provide best experience and the best service in terms of maintenance and specific times.

When we have more control over things, and it sounds a little strange that we want control, but we do that because that means we can move the things that are a problem. For us, it was all about the people providing the technology and service to get the topic covered as quickly as possible and prevent less time.


And when did you decide whether we might need to change something in our internal processes or structures?

That is an interesting point. When we started as a support faction, and then introduced leadership procedures, it was very much a break-fix view that we lived in the world. The world we live in now, with fast internet communications, means that everything we do can fix 95% more of the problems we see.

Our team has grown a lot during this time. When I first joined the company there were around 15 of us. We are now only over 60 and our team is almost half the company.

We structured it in a typical 1st, 2nd and 3rd line. But we also established Proactive Security Monitoring and a Proactive Security Team who then go through the 1st, 2nd and 3rd line into a teaching and architect style who are consultants for design personalities rather than from a support-perspective to work.

Play Video
Let’s see what their portfolio is in terms of managed or managed security services. What are the important pillars of the portfolio if you want to convince me to become a new arcsystems customer?

The first thing we like to do when we take someone with us is to look at what they already have. If we already have an antivirus, we need to look at what the antivirus does. It’s about visibility, what we can see. And if there are also the right vendors. We go with Sophos and MIMECAS for email filter and the endpoint security. We also use Sophos’ MDR service so we get 24-7 security there too. This means that our team does not always have to be online.

Because the support is definitely a 24-7 operation.

We typically sit with the customer and go through a baseline security audit what they currently have, where the risks are in terms of user mobility, where the risks are in terms of how the customer is set up with their customers. Because sometimes we see customers who need to send information securely to each other who don’t use email securely. So a good baseline where the risks are is crucial and then we can resolve these risks by using these particular services.

Because our customers don’t want to sit there and worry about their safety. They want us to do this for them. And they want us to say they have the best intelligence to be sure that they can do what they do as a business and we do what we do as a business and we merge those two together. We spread it and we make sure they are safe however and have the least disruption and the best possible security conditions.


How did you develop this baseline security audit?

Some of these applications come from the Cyber Essentials System, which is a government framework that everyone should use in the public sector. It’s also becoming a big piece of the trends now, and we’re seeing a lot of security issues and applications coming from cyber insurance. Many cyber insurance companies now want to see that you look at your Microsoft 365 score, that you look at your Cyber Essentials so they understand they are not at risk. That makes it easier for them in terms of security, but it also makes it easier for the customers. The baseline is a mixture of us and the industry standards, and also the vendors. What do the vendors bring to the table? If we include a service in the panels that prevent a lot of security, then that’s great. This makes it very easy for everyone.


Is there a sort of roadmap that you walk the customer through?

Yes absolutely. I think for years we’ve seen customers start with support. What we’re seeing now is that we’re bringing in customers that are bringing us day 1, five or six services.

It certainly makes customers more stuck, because all of these services. But as long as we understand that with customers, we can help them understand what we can overcome. Maybe we’ll start with the support and say we’ll support you on Day 1 of X-Day. And then in three months we track the email filter. A few months later we will move the antivirus and then we will include the M365 when the time comes. Because as I said, we want to be in control as soon as we can, so we are responsible forthe systems that our customers have with us.


What are your plans for dealing with the managed service at ARC Systems? What are you trying to acquire, test, or evaluate?

We talked about MDR earlier. This is a relatively new thing on the market. It’s about standing close to the vendors so that when something new comes along, you know it’s coming. And you know how it fits into your product portfolio.

It can sometimes be difficult to see what the future holds. There is a lot of AI that the vendors bring to the software. That also brings a lot of fear. But there are also many vendors bringing AI into security and distribution.

We work very hard with ISO, ISO 9001 and ISO 270001, so as business leaders we are very procedural. We can’t just say, here’s a new service, we’re launching it tomorrow, there’s a facility that’s going to get us on stage to prevent our teams from being trained and as accredited as they need to be in order for us to can convey correctly.