At a glance: Tips and experiences from GOESYS
How did you introduce lywand to your customers?
We simply added lywand to our customers with maintenance contracts. At the same time, we also actively offer the solution as part of our consulting services.
How can lywand be added to the business model?
Lywand has become a kind of "order book" for us. It is an integral part of our maintenance contracts and managed services offerings. We use lywand as a standard tool for quality assurance of our managed services. This is how we communicate this to our customers as well.
What added value does lywand have for your customers?
Through the management reports from the regular security audits, they continuously receive a reliable overview of their security situation. This also creates legal certainty, which can be converted into cash through a suitable tariff, especially in the case of cyber insurance.
How can you position lywand in your services?
For us, lywand is integrated as a standard component of the solution scope for all maintenance customers. For us, lywand is not a product with which we earn money on the licence, as this is highly affordable. Instead, the added value of it lies in the verification of our work and the generation of new orders. Therefore, it makes sense for us to always offer lywand in bundles, i.e. in combination with at least one service or other products.
How are you dealing with a bad rating?
We are not afraid of a negative assessment. However, it is important for us to make sure that we have enough capacity to eliminate weaknesses immediately, especially when it comes to customers for whom this has not been included in the contract so far. If the client does not want the resulting measures implemented, we ask for a written confirmation. And not just once, but after each subsequent scan, as long as there is a need to act on vulnerabilities.
The success story: an interview with GOESYS
"I understood lywand in five minutes," is how Peter Bruchmüller, Managing Director of GOESYS AG, describes his first impression. In this interview, he explains how GOESYS uses the lywand solution to optimise and sell its service offering.
Introduction
Who are you and what do you do? Can you tell us more about GOESYS?
I am the managing director of GOESYS AG. Our company has been in existence for over 40 years, is one of the leading IT system houses in the region of southern Lower Saxony and mainly serves medium-sized companies as well as customers from the public sector.
In our consulting services, we focus on optimising the IT strategy. This includes the analysis of existing systems and networks as well as the creation of tailor-made concepts that meet the customer's needs not only for the moment, but also in the long term.
Our company is based in Göttingen, where we employ around twenty people.
Decision for lywand
How have you carried out security scans so far?
In the past, we have not carried out any security scans ourselves. Where we have done so for our clients, we have brought external partners on board.
What convinced you to use lywand?
My colleague Andreas Kuchenbuch, technical director at GOESYS, showed me the test version of lywand for the first time. I was impressed that within five minutes I immediately understood how the solution worked and how to use it. What I found unbeatable was the renovation plan, which is understandable even for technical laymen. This perfect, generally understandable translation of technical details, and the fact that the cloud-based solution enables a quick roll-out, convinced us completely.
In general, our philosophy is to use as few software solutions as possible for our service offering. Lywand fits in as a helpful addition to the workflows with our RMM and security tools.
Positioning of lywand in the solution portfolio
How do you position lywand in your portfolio?
On the one hand, we actively go out with the name by suggesting a lywand scan to customers, in a package with other services. On the other hand, we have simply integrated it into the existing solution package for our maintenance contract customers.
In addition, it is now a fixed component of our managed services. A practice that has proven successful for us. Already years ago, we combined various products under a specially created brand with logo, "SNS" (Südniedersachsen). We offer backups for servers, PCs and in the cloud. For customers, the manufacturers behind the products are of secondary importance. For them, it is crucial that the solution offered works.
Designing the offer in this way is a lesson from the past: Previously, we had also communicated the manufacturer names to the customers in the field of storage. When we once had to change a provider, there was a great deal of uncertainty and a need for explanation among them as a result. We had to have many discussions, although effectively nothing had changed: they still received the agreed service in full.
We learned from this that we offer customers a better service experience by simply delivering on our value proposition, without committing to specific products or manufacturers in our solution offerings. And that is ultimately our added value as a service provider: to develop practical solutions from good products for customers. We have therefore switched to creating bundles, meaning that we always combine products with other products or services and market them as a solution, for example SNS Security Check.
To what extent is lywand different from other products in your range?
I think you have to realise that lywand is not one of those products where you earn money with the licence. For us, the solution is a kind of "order book", its added value lies in validating our work and generating new orders. It was therefore obvious to use lywand to better communicate the value of our work and expertise to clients. We therefore always offer the solution as part of a larger scope of services.
You also offer your customers security products from Sophos. To what extent can lywand usefully complement these?
Sophos is installed by most customers for client and server security and is indispensable for this purpose in our range of services. As far as detecting vulnerabilities is concerned, Sophos already delivers very good results. In general, there are many software tools with which you can certainly find a large number of vulnerabilities. But only in lywand's security audit platform is it prepared in such a way that you can continue to work with it in a goal-oriented and efficient way.
An example: We also offer Sophos MDR, a 24/7 security service, supervised by security experts. The renovation plan we receive from lywand is a great help for us to be able to set up and implement this service. We need to find out in advance where there are currently problems in order to be able to activate the Sophos MDR service. Although Sophos can do this itself with its client software, we can do it much faster with lywand.
Roll-out of lywand
How was the roll-out of lywand for you?
We were able to roll out lywand perfectly via our software distribution tool using a script. As far as I know, the first scan can take up to 24 hours, but as far as I am informed by the technical team, it worked absolutely smoothly. We received the evaluations as planned and were able to get started.
You have made a strong start with lywand and have already integrated 1000 targets in just a few months. What was your experience with it and how did you deal with the newly discovered weaknesses?
For us, it was an opportunity for self-criticism. We could finally see how many device vulnerabilities there are. Up to now, the technicians who support the customers have always reported back "yes, everything is fine there". With lywand, we were surprised to discover that there is still a lot that can be done to achieve an outstanding level of security.
Before the roll-out, however, we also made sure that we had sufficient staff capacity to promptly eliminate the vulnerabilities that had been discovered. We are aiming for 2000 targets by the end of the year.
Advantages through lywand
What are the immediate advantages of using lywand?
You have much better possibilities to work with the customers, because with the renovation plan you have a constructive basis to develop solutions that exactly fit the customer's requirements and, above all, that they can understand.
Lywand's benefits for cyber insurances
In which use cases can lywand offer your customers particular added value?
We are seeing an ever-increasing prevalence of cyber insurance among our customers. A few years ago, taking out an insurance policy was a simple process, a page with general information was enough. Now the insurers' questionnaires are extremely comprehensive. We have always helped our clients to fill in the detailed questionnaires of the insurers according to the facts.
The lywand platform now makes this even easier for us: we can quickly determine which conditions have been fulfilled. In addition, we can clear up any deficiencies before the insurance is concluded. This makes our service attractive to customers who are taking out cyber insurance for the first time or who are looking for a cheaper price. We help them to save costs and also have a written document of what the situation was like when they took out the insurance. The documentation through regular security scans may also be helpful when it comes to settlement issues in the event of a claim.
Dealing with the rejection of measures
Keyword documentation: How do you deal with clients who refuse to implement the measures listed in the renovation plan?
Documentation is the right way to go in these cases. If we want to implement measures that go beyond the existing scope of the contract, we submit them to the client in a written form for approval. If he rejects the implementation, we also request written confirmation of this and we do this as often as necessary. So if one month later these and further weak points occur, we have it confirmed again that the remedy has been rejected. This also creates legal certainty in case liability issues arise.
Cooperation with lywand
Is there anything else you would like to say about lywand?
Oh yes, and here I also speak for my colleague Andreas Kuchenbuch: The great cooperation with the manufacturer! We are also in regular contact with the lywand team and are impressed by how they deal with our feedback and implement suggestions for improvement. You can tell that this solution is fully tailored to the needs of service providers, and it is a good feeling to be able to contribute to the improvement as part of this community and to benefit from the constant progress.
Dear Peter, thank you very much for this interesting insight, we wish you ongoing success with lywand!
