Cybersecurity
Here at RDW, we understand the importance of protecting your brand. That’s why we take a strong stance on cybersecurity. We’re proud to have:
- a Microsoft Secure Score that sits around 94% for our environment
- a 98% Microsoft Secure score for our Windows laptops
- roughly 94% CIS compliance for our Macs
- all RDW laptops tied to an employee’s online identity and managed through MDM (mobile device management) solutions
This impressive status is just a top-level look at the success of our security protocols. The following Q&As provide more detailed information.
Q&As
Are you on-prem, hybrid, or cloud-based?
Outside of our endpoints and one piece of physical infrastructure (our physical firewall used for data integrity), RDW Group is entirely cloud-based via Microsoft Office 365 and Google Workspace.
Do you use 2FA?
2FA is required and enforced on all RDW accounts created and used by RDW employees.
How/what do you use to manage your machines?
What MDM (mobile device management) platforms do you use?
Our PCs are managed through Microsoft InTune. Our Macs are managed through Jamf Pro.
Are users local admins?
What type of local accounts do your users have?
Do you restrict local machine access?
Almost all user accounts on RDW laptops are “standard” users, meaning they are not local administrators. We have a very small number of developers and IT staff with laptops on which their primary user account is a local admin. Users are only provisioned these rights once they have taken RDW’s local administrator training and passed the accompanying assessment.
Some of our Mac users (who are not developers) have undergone this training and have been provisioned temporary admin rights and privileges. This allows these employees to request 15 minutes of admin access once they have verified their primary identity.
Our PCs utilize Admin By Request. If you’re unfamiliar, the workflow steps are:
- A user makes a request for temporary admin rights and provides an explanation.
- Our MIS director reviews the request.
- The user is provisioned 15 minutes of admin access, and all actions are audited.
Do your machines have local admin accounts?
Our PCs have break glass admin accounts managed via LAPS (local admin password solution) in InTune. Our Macs have break glass admin accounts managed via LAPS in Jamf.
Do your employees undergo cybersecurity training?
Yes. RDW Group observes Cybersecurity Awareness Month (October), and conducts annual training accompanied by a required assessment.
How often do you patch software?
What do you use for software patching/patch manager?
RDW uses Jamf Pro for third-party software patching on Macs, and Action1 for patching our PCs.
How do you protect your laptops/endpoints?
Do you use an endpoint detection response (EDR)?
What do you use for anti-virus/malware protection?
RDW works with an MSP (managed service provider) that provides a suite of security software. Part of that suite is SentinelOne, our EDR (endpoint detection response). SentinelOne is deployed on every RDW Group endpoint and monitors all of them in real time. Along with that, RDW Group uses ThreatLocker as our zero-trust endpoint security. As with SentinelOne, ThreatLocker is deployed on all RDW Group endpoints.
Do you use a SIEM (system information and event management) platform / log collector?
RDW Group works with an MSP (managed service provider) to use a proprietary SIEM (system information and event management) product called VantagePoint. Our SIEM retains all logs for at least 365 days.
Do you use Microsoft or Google?
What kind of Microsoft licensing do you have?
What kind of Google licensing do you have?
RDW Group uses a combination of Office 365 and Google Workspace as the backbone of our IT infrastructure. We use Office 365 (Business Premium) licensing for our primary identity, which allows us to reap the benefits of Microsoft’s cloud-based Defender portal for deeper security monitoring and remediation. RDW Group uses Google Workspace for data access.
iFactory uses Google Workspace (Business Plus) for their primary identity. This tier of licensing allows for secure LDAP (lightweight directory access protocol), which is used for endpoint identity management via Jamf Connect.
Along with that, RDW’s Jamf licensing provisions access to Jamf Protect, another layer for endpoint security on our Macs.
Do you use anything to manage passwords?
RDW Group uses 1Password for credential management.
Do you have a password policy?
Yes. All RDW passwords must be at least 15 characters long, contain at least one lower case letter, one upper case letter, one number, one symbol, and cannot be one of your last 24 passwords. RDW follows Microsoft and NIST’s recommendation for password expiration, and only requires that a password be changed when there is suspicion that it has been compromised.
Are you SOC 2 compliant?
We are in the auditing phase of our SOC 2 compliance journey, and have committed to generating a Type 1 and a Type 2 report. Our infrastructure is in place for our auditors, and we are in the data collection phase. While we’re collecting this data, we are happy to share with you our various IT policies, cybersecurity training module, local admin training module, results from our external penetration test and SOC 2 gap analysis performed by a trusted third party, our IT Risk Assessment, and our Network Topology Report.
Do you use a VPN?
Why do you use a VPN?
How do you protect your network traffic?
Yes, we use a VPN. RDW Group’s primary office is located in a work co-op in Providence, Rhode Island, which provides wi-fi service that would co-mingle our data with the other companies on site.
To avoid that comingling — and to ensure that your brand and IP are protected — our Providence office uses a dedicated SSID that routes our traffic through a VLAN port into our WatchGuard Firewall, effectively and securely segregating our traffic.
Our VPN allows our employees to work in public locations, and gives us peace of mind that our data — and yours — is protected behind RDW’s firewall.
Do you use a firewall?
Yes. RDW Group has a WatchGuard Firebox T85. This is where we route all network traffic that isn’t coming from our individual at-home networks.
Are your endpoints/laptops/machines encrypted?
What do you use for device encryption?
Do you require disk encryption?
We use BitLocker for disk encryption on PCs, and store these keys in our cloud environment. We use FileVault for disk encryption on Macs, and stores these keys in our cloud environment.
Do you use an internet/network content filter?
Yes. We use an internet content filter on multiple levels. Our wireless network uses internet content filters through our physical firewall. On a machine level, internet content filter functionality is provided by Microsoft Defender for PCs and Jamf Security Cloud (previously Wandera) for Mac.
Do you have a spam filter?
How do you protect email?
RDW has a two-layer spam filter. RDW uses Barracuda Email Gateway Defense as our top layer spam filter, and Microsoft Defender as our secondary layer.
Has RDW ever been involved in a data breach?
No. RDW has never been involved in an incident in which our or a client’s data has been compromised.
Do you have data redundancy?
Yes. Our working data resides in the cloud. This data is backed up daily to an encrypted physical disk located behind multiple locked doors.
What is your process for hardening your environment/endpoints?
RDW adheres to as many CIS standards as possible for both our IT environment and endpoints. Similarly, RDW adheres to as many Microsoft Defender recommendations as possible.
Tell me about your cybersecurity posture?
How would you describe your IT infrastructure?
Can you summarize your IT/cybersecurity infrastructure/posture?
RDW Group takes cybersecurity very seriously. We’re almost entirely cloud-based, with our firewall being the one piece of physical infrastructure outside of our laptops (endpoints). We have a physical firewall and a VPN that routes traffic through our firewall for data integrity purposes. All of our endpoints are managed through one of two MDM (mobile device management) platforms. All endpoints are tied to our employees’ online identities; either Google or Microsoft. All endpoints forward their logs to an SIEM (system information and event management) and are behind an EDR (endpoint detection response) and a zero-trust access platform. All of our user accounts are locked behind 2FA and we use passkeys where able. Lastly, all employees are subject to annual cybersecurity training and assessment. Please ask for more details about any of these vital elements of our infrastructure.
Can you provide a summary of measures you’ve taken?
What have you done to harden your IT infrastructure/cybersecurity posture?
What improvements have you made to your IT infrastructure/cybersecurity posture?
RDW has made great strides in our infrastructure/cybersecurity posture. We’ve migrated from a hybrid environment to a cloud-based environment. We’ve partnered with a cybersecurity MSP (managed service provider) to provide a SOC 2 Gap Analysis and an External Penetration test. This vendor has also helped us tie each endpoint into an MDM (mobile device management), EDR (endpoint detection response), SIEM (system information and event management), and zero-trust access platform. We stay current with CIS’s and NIST’s evolving security practices and implement recommended enhancements into our systems and protocols.
Can you provide a summary of potential lacking areas?
How could you improve your IT infrastructure/cybersecurity posture?
What are the vulnerabilities in your IT infrastructure/cybersecurity?
The cybersecurity landscape changes daily, and sometimes several times a day. RDW Group is always paying attention to the evolving recommendations of trusted cybersecurity agencies like CIS and NIST, while adhering to Google and Microsoft recommendations. RDW is proud to partner with a national cybersecurity MSP (managed service provider) to help us discover areas that need improvement and to quickly implement necessary changes.
What is your server infrastructure?
Can you describe / can you tell me about your server infrastructure?
What kind of servers do you have?
RDW is a cloud-based organization. We have no physical servers; all user accounts and data exist in the cloud. Outside of our endpoints, our firewall is our one physical piece of infrastructure.
Do you have LAPS (local admin password solution) in place?
What do you use for LAPS?
Do you have a Local Admin Password Solution in place?
RDW Group use Microsoft’s built in LAPS (local admin password solution) via InTune. To allow our staff to move more nimbly, our PCs can gain temporary admin access via Admin By Request. On the Mac side, RDW leverages Jamf Pro for both LAPS and requesting temporary admin rights. With Admin By Request, RDW’s MIS director must approve all temporary admin requests. The workflow for Jamf and Macs does not require MIS director approval; as a result, temporary admin rights are only provisioned to employees who take and pass an in-house local admin training and assessment.