Case Study: City of Dothan

Dothan, Alabama is preparing for a rebirth. After years of careful planning, the city has broken ground to revitalize its city center. Dothan’s transformed core will become a hub for culture and recreation, tied together by a network of public parks and plazas. We are growing to meet the desires of Dothan residents, and these plans will take us closer to becoming a “next-level” city.

Becoming a next-level city requires next-level cybersecurity, which my team and I have been building for years.

Only One Solution Could Meet Our City’s Compliance Needs

The City of Dothan IT Division supports around 1,300 users and 1,100 endpoint devices across various city departments and agencies. These devices include computers, servers, kiosks, and things that didn’t exist when I arrived here seven years ago, but now fall under our responsibility for support. As the city undergoes its transformation, we are increasingly offering labs and other amenities to the public, too.

Within seven years of arriving at the City of Dothan, I had gone from system specialist to IT Division Manager of Customer Service. My job today is all about helping people. I lead the day-to-day operations of the help desk, while also planning ahead, thinking about what we will need to help people in the future, and the platforms that will help us do that.

The most critical platform in our tech stack is our remote support tool. Dothan is Alabama’s eighth-largest city by population and its fifth-largest city by area. Our size means that our IT division has always required a remote support solution, but it’s not as simple as picking something off the shelf.

Our previous remote support solution was unreliable and couldn’t keep up with increasing security regulations. As a government entity, we handle sensitive information and must be HIPAA, PII, and CJIS compliant. A basic regulatory requirement is for this data to be stored in the continental United States. The problem is that many remote support companies aren’t based in the US. In addition, CJIS compliance requires that we shore up our security with multi-factor authentication (MFA).

When looking for a replacement for our old system, the Remote Support solution from BeyondTrust was the only one that fit the bill.

Layering Security by Building Our BeyondTrust Ecosystem

BeyondTrust is, first and foremost, a cybersecurity company. As we grew our Remote Support instance, we started exploring some of the other BeyondTrust products for additional security.

For example, we needed a way to safely store and rotate passwords within Active Directory. We adopted BeyondTrust Password Safe, a complete privileged credential and session management solution, which automates local and domain account password resets and control for us. People hate changing passwords, but the longer they stay the same, the easier passwords are to crack. A moving target is harder to catch, and Password Safe ensures our privileged passwords rotate at a time we designate.

The platform also maintains a list of those current passwords and allows my team to control how many people can use a set password. I can also share comments and notes with a team member on items to help communication and descriptions.
Once we secured our passwords, we thought, “What’s next?”

Getting Buy-in When Budget Is Top Priority

Buy-in for security can be an uphill battle. The best case for IT leaders is to operate in an environment where decision-makers prioritize security. A security incident can turn ugly very quickly, and there’s no sense in taking that chance by making budget the only consideration. Fortunately, the City of Dothan is ahead of the curve compared to some of our counterparts, and they support our security efforts.

Don’t get me wrong, budget matters. I could arguably have hired an additional person to do some of the things BeyondTrust does. Instead, we chose a digital solution that does it all, 24/7, never takes a sick day, and gives time and effort back to the people on my team. BeyondTrust makes it easy to make the case for prioritizing security, especially for government organizations concerned with compliance and audit requirements. All these years after implementation, BeyondTrust is still one of only a few CJIS-compliant options available.

I Measure Security By What It Helps Me Achieve

How do you quantify security? Reporting? The incidents that don’t happen? I live by direct feedback from my staff. I ask them questions like, “How does this help you do your job?” “Do you see value in the product?”

I recently taught a new employee how to use Remote Support to facilitate a three-way remote desktop support setup for an outside vendor. (The vendor had initially proposed using another platform, but we suggested Remote Support instead.) After I walked my colleague through the process, they said, “I had no idea we could do this!” I hear comments like that all the time from new hires who have never used BeyondTrust. They tell me that what we do is much easier than what they’re used to at their previous employers.

BeyondTrust Remote Support is incredibly stable. That stability is critical—losing access to Remote Support would be life-threatening for us. We would have to go onsite to perform all repairs and set up emergency remote desktop connections. It’s scary to think that, until a couple of years ago, that’s how we used to do things. We’ve become dependent on these systems because they work so well, and in addition to keeping us safe and secure, they save our division a lot of time and effort.

It’s important to select a product that can grow with your organization and comes from a partner who thinks the same way you do. Being forward thinkers, we’re developing our own wheels as we go forward, but it’s nice to work with BeyondTrust because our alignment means we can trust their decisions. The city has invested more in our security journey than we initially planned, but we’ve become much more secure than we ever expected. For security-minded organizations, BeyondTrust provides a great way to take your city or organization to the next level that modern services require.