The Heartbeat of the Business: Strengthening Cybersecurity in the Era of Remote Work

Everyone wants to feel safe. It’s foundational to our well-being—so much so that after physiological needs, safety is the second-most important thing to us, according to the well-known Maslow’s Hierarchy of Needs. Safety goes beyond physical security—it extends to our emotional, psychological, and financial needs, too.

In the digital realm, the same concept applies when you're connected to a network. You need the proper hardware and software, data center, and more to be in solid condition, but you also need to protect what you can’t see at first glance.

We are no longer in the early stages of the new digital age. Cybersecurity isn’t a nice-to-have anymore—it’s critical that we protect our systems just as we would ourselves or our physical property. And at Per Mar Security Services, we know safety.

The Heartbeat of the Business: The 20-Year Evolution of IT and Cybersecurity

Per Mar Security Services has been a family-run business for almost 70 years. It’s unique to see a business survive a third-generation transition, yet here we are.

Per Mar is headquartered in Davenport, Iowa, with over 30 offices, primarily in the Midwest. We're also unique in that Per Mar is a full-service security provider. We do home and business security: cameras, access control, CCTV, fire alarms, and more. 

We have almost 3,000 employees, most of whom are uniformed security guards protecting locations such as manufacturing facilities, hospitals, and higher education college campuses. We also do special events security such as NFL and college football games and temporary businesses like political conventions.

I've been here for almost 21 years and have watched the company grow up around me and with me. Back when I was first starting my career, businesses wanted a lot of IT experience. I joined Per Mar to get some IT experience and move on. But I stayed. It's been a fun little ride. 

Twenty years ago, our role in IT was just to keep the lights on. Our computers weren’t networked. It was just a PC sitting on a desktop. Not everybody had access to email. The Internet wasn’t very common at all. We've watched the explosion of the internet and smart devices, and our business has transformed along the way.

Alarm systems that were linked into our central station were probably the initial Internet of Things (IoT) because we were monitoring thousands of connected devices all on telephone lines. Now, most of that data comes to us over interconnected networks like the internet, cellular and satellite technologies. IT is now in charge of making all that technology work to protect people's property and give them peace of mind at the end of the day.

It’s been incredible to watch my job evolve from just making components of a PC work to becoming the heartbeat of the business. Without that heart—the infrastructure we have—we can't provide services for our customers.

From Blizzards to Heatwaves: 24/7 Security Means Zero Downtime

Our business operates 24/7, 365 days a year. We have guards posted around the clock, morning, noon, and night, during everything from blizzards to heatwaves. We're expected to be on post, so we must be able to communicate with those folks. There is no downtime, so our IT shouldn’t be any different. 

That’s why communication is key. We have to protect the security of our 75,000 customers and our staff in the field. We also have about 800 knowledge workers within our 30 offices who work more traditional office hours, and 250 technicians in the field. We need to ensure that our people can continue doing their jobs no matter what.

Once COVID-19 hit the United States earlier this year, we leveraged our existing infrastructure to spin up virtual workspaces for all our employees within a week so that they could work from home. While everyone else was panicking about how to work remotely, we were already prepared. We were ready because it involved careful, clear planning that began years before.

The Setup: Re-Envisioning a True Cybersecurity Plan 

As the CIO of a security company, cybersecurity is paramount to my function now. And we're a very self-critical company. We always feel like there's a better way of doing things. About five years ago, I began to coordinate a change within our systems, re-envisioning what a true cybersecurity plan looks like.

At Per Mar, IT went from the back office to the front office as part of the sales process—part of the way we do business. So cybersecurity started becoming very central to our business, ensuring that we're keeping our customers' data secure, and keeping our operation centers up and running.

One of our challenges is that our 250 in-the-field technicians use their own laptops. They very rarely touch our internal network, but they touch all of our customers’ networks. Not everybody practices clean cyber hygiene. All of a sudden, if a technician plugs into somebody's compromised network, they can pick up bugs, which can infect my network. 

There’s also the everyday concerns about malicious links, phishing attempts, social engineering, and more. If these viruses or hackers start trying to go after all my Personally Identifiable Information (PII), we now have the tools in place to catch that behavior. We can stop it before it causes any damage, isolate it, and remedy it.

Early Adopters and Enterprise Agreements: Choosing Cisco for Cybersecurity

We started having conversations with Cisco about how they see the world. We've always been strong Cisco users, and we've formed deeper partnerships with Cisco now because they've taken the time to learn our business. Cisco’s account team understands that security is central to the way we approach the world, and our business model. 

This deep relationship was crucial when we were deciding between vendors as our cybersecurity needs evolved. It’s not always about the price. I feel a lot of vendors think it’s a “race to the bottom” when it comes to pricing, but we’ve always looked out for the right solution for our needs.

We were early adopters of Cisco Enterprise Agreements (EAs) for voice, collaboration, and security. And when it came time for renewing our EAs, Cisco recommended a bundle that would stabilize our costs while adding new functionalities. It was an easy decision to make. We now use Cisco Meraki, Umbrella, various firewalls, Stealthwatch, Identity Service Engine (ISE), AMP for Endpoints, and especially Tetration, which we started using a couple of years ago.

We have seen the value of those solutions, especially when this pandemic hit. Having all our AnyConnect licenses set up beforehand made life straightforward and relieved stress. All we needed was a quick how-to document for our users to review, and we were ready to go.

Secure Both Inside and Out: Building a Zero Trust Network With Cisco Tetration

About two years ago, we decided it was time to modernize our data center and our core switches, since they were over seven years old. We flew out to a Cisco Executive Briefing Center in San Jose, and we saw what a modern data center would look like.

We discussed our needs and Cisco helped us build a solution from the ground up. We put security at the core of the network, and built out from there. And Tetration is the foundational piece for us.

Tetration is at the heart of our network. It analyzes all of the connections, different networks, and more. Tetration is Cisco’s solution to create a Zero Trust Network, which means it can identify both external and internal threats. You build networks in a micro-segmented fashion. 

If, all of a sudden, you start to see an anomalous behavior, Tetration can connect to our Application Centric Infrastructure (ACI) fabrics. It can talk to Cisco ISE and it’s as simple as alerting us that, "Hey, we see some bad behavior." And if the unusual behavior hits certain thresholds, we just disable the network port. This happens in minutes rather than hours or days.

We can do all of this with eight IT people on staff and two developers, managing systems for about 3,000 employees. With a limited IT staff, when we do these big projects, such as deploying Tetration, we definitely engage Cisco’s Professional Services team. The team from Cisco did a fantastic job, helping us to understand the depth and scope of this project. 

They walked us through the resources that I needed to allocate to my staff, and ensured we had a successful project. Our Tetration implementation was completed in 90 days, so spinning it up and getting it deployed was incredibly easy. 

We also paired Tetration with an ACI switch refresh and completely re-orchestrated our data center. We went from the 1985 version of a Cisco network, to the 2020 version of a Cisco network.

Keeping the Heart of Per Mar Security Services Beating Strong

Our Cisco systems and security frameworks allowed Per Mar to move quickly and safely to support our employees when the pandemic hit. Spinning up 800 employees within a week—while supporting our people in the field—was possible because our security systems were fused with the network. 

Per Mar has done a complete 180-degree cybersecurity turnaround thanks to our Cisco partnership. I attribute a lot of that to our Cisco team building a strong relationship with us and understanding our business needs. Cisco has personally given me peace of mind, not only for the security of our company, but also for our 75,000 customers who rely on Per Mar for safety. This keeps the heart of Per Mar Security Services beating strong so that our business and our customers’ safety is taken care of. That way, we can both focus on achieving true self-actualization.