Padgett, Stratemann & Co. Leverages Catapult Expertise to Ensure Rigorous Security
Maintaining strict security and confidentiality of data has always been a top priority with Padgett, Stratemann & Co., L.L.P. (PS&Co.). As Derek Vorpahl, Director of Technology at PS&Co., explained, “Our clients entrust us with their sensitive financial records, so we are very serious about preserving the integrity of our data. We are also keenly aware that federal laws like the Sarbanes Oxley and Gramm-Leach-Bliley Acts require regular security assessments. Our aim has always been to meet or exceed security requirements for our industry.”
To evaluate the current state of their security, PS&Co. asked Catapult Systems to undertake an enterprise-wide network security review. Catapult brought an extensive range of business and technical knowledge to the table, including practical, real-world experience gathered by helping numerous organizations with security issues. Catapult also offered a unique level of problem identification and resolution that PS&Co. considered essential.
“We quickly realized that Catapult had the background we needed,” said Vorpahl. “We felt confident that by working together, we would ensure the caliber of security that our clients expect. We can take advantage of what Catapult has learned with other organizations facing similar issues. That increases the value of their consulting enormously.”
Catapult performed an efficient and comprehensive network security assessment, covering all aspects of physical devices, firewalls, software and other critical areas. The process began with in-depth interviews of selected IT and management staff. As Mike Eldridge, Infrastructure Practice Manager at Catapult, said, “Our interview process enables us to quickly identify all security requirements, policies and procedures.” Eldridge added that Catapult also studies existing network documentation and business requirements involving their clients. “The information we gather at the beginning helps us to customize the assessment according to the client’s specific requirements and issues.”
The next step was an external review that measured how well PS&Co. could protect itself from intrusion or attacks from their Internet gateway. Consultants from Catapult Systems scanned all IP addresses at the firm and then searched for known vulnerabilities. Additional tests were conducted to see if intellectual property could be accessed or compromised by outside parties.
Complementing the external review was an internal assessment that involved the same scanning process, only from inside the firm’s network. “Anything connected to a network can be a potential point of vulnerability,” explained Donald Loewe, Catapult Senior Consultant. “We looked at their servers, PCs, laptops, firewalls, routers, switches, dial-up services, spam and anti-virus applications, desktop utilities, management software—you name it."
The final results of the assessment were carefully analyzed and presented to IT management in a presentation that included an executive summary backed by detailed documentation. Catapult was able to identify important issues and make recommendations based on Best Practices that they had successfully implemented with other organizations. Catapult also helped resolve the identified issues. “We always try to think in terms of total solutions, not just identifying what needs to be done,” said Eldridge. “All areas of concern have already been addressed and resolved,” he added.
Reduced risk of compromised or stolen data through efficient, comprehensive network security testing and validation
Enhancements and new approaches based on proven methodologies and Best Practices
Complete documentation of security measures, serving as a baseline for future changes and enhancements
Resolution of all issues identified during the assessment
Improved access for external auditors and consultants while still maintaining the highest levels of security
"We can take advantage of what Catapult has learned with other organizations facing similar issues. That increases the value of their consulting enormously."
- Derek Vorpahl, Director of Technology, PS&Co.
Management at PS&Co. has given high marks to the security assessment. Vorpahl cited a number of benefits from working with Catapult, starting with the depth and scope of experience the consultants brought to the project. “We generally focus on technology designed for finance, but since Catapult works in a number of other industries, they were able to show us new products and services from vendors outside our industry that we would never have considered."
Catapult’s assessment provided PS&Co. with a thorough validation of security, both internally and externally, that included remote connections with external auditors and business partners in Mexico, Europe, Alaska and Asia. In addition, the firm now has complete documentation of security measures which can be used as a baseline for future changes or enhancements. Along with an improved understanding of security issues and procedures, PS&Co. appreciates the efficient, cost-effective methodologies that they can repeat on a regular basis to ensure ongoing security.
“I definitely plan to work with Catapult again,” said Vorpahl. “They bring an outstanding level of commitment to every project they undertake.”