In early 2025, as EPSD spun out into independent operations, we made some bold strategic technology decisions. We made initial up-front IT investments of less than 10% over “good enough” choices, and that increase delivered us a 31% insurance savings. Spending just a bit more on IT significantly raised the complexity and the cost attackers must bear to breach us, and resulted in measurable operational gains and user happiness.

For executives considering similar investments: strategic IT spending isn’t about computers or protection — it’s about creating measurable and sustainable business value.

Here’s how we did it.

No Pay-to-Play

All companies rely on technology for business operations, and therefore are constantly balancing IT and security investments against operational benefits. As consultants advising companies on maximizing the business value of technology investments, we have an affirmative responsibility to follow our own advice, ensuring every piece of our tech stack maximally supports our business objectives.

To that end, each piece of technology we’ve implemented is the result of research and vetting by our expert team, and is featured here because of our satisfaction with their performance. It’s important to note that EPSD never accepts discounts, referral fees, or other incentives to recommend products or services.

Standardizing on Quality to Reduce Complexity

For hardware quality, performance, ease of use, and developer advantages, we standardized on Mac hardware, leveraging Apple Business Manager for seamless, lid-lift device provisioning.

This eliminated the operational overhead of managing multiple operating systems while providing enterprise-grade security features out of the box. Every device arrives pre-configured and ready for deployment, reducing onboarding time by more than half and eliminating the IT friction that typically slows new hires.

Eliminating IT Friction and Security Gaps

Rather than treating device management as a cost center, we built it as a productivity multiplier. Jamf Pro serves as our unified mobile device management platform, with Jamf Protect setting secure configuration defaults and Crowdstrike Falcon providing advanced threat detection and response.

We’ve configured strict policies atop the Mac’s mandatory encryption, including disabled administrative access and automated compliance monitoring; these are all invisible to users but essential for risk reduction.

Beyond endpoints, we control the entire network attack surface. NextDNS blocks malicious and unwanted web resources while providing comprehensive DNS request logs for threat intelligence. Sublime Security enables custom mail processing rules and community-written rules to augment our native mail platform security, stopping threats before they reach inboxes.

Streamlining Access While Hardening Security

Rather than the traditional trade-off between security and usability, we achieved both. Our identity and access control is passwordless, multifactor, and contextual. Duo Premier implements strong multi-factor authentication and Single Sign-On (SSO) across all systems, while adaptive authentication provides conditional access based on application, user location, network, and device health.

This streamlined approach has created multiple protection layers that adapt to emerging threats in real time while being simple enough to reduce help-desk calls to nearly zero—even among non-technical staff who previously struggled with password management.

Building Intelligence for Proactive Risk Management

Strong log pipelines feed comprehensive monitoring systems that transform security from reactive to predictive. SaaS posture management tools, including Obsidian Security, provide continuous visibility into our cloud security stance. This observability framework enables proactive threat hunting and rapid incident response, often identifying and neutralizing threats before they impact operations.

The Insurance Impact

We use Alliant Insurance Services, whose cyber underwriters engage meaningfully rather than sending dreaded spreadsheets with hundreds of outdated infrastructure questions.

Alliant’s cybersecurity experts spent two hours understanding how we manage cybersecurity risk. Our comprehensive security framework, documented policies, and demonstrated incident response capabilities qualified us for nearly one-third off premiums for both cybersecurity risk and Errors and Omissions.

“Those guys are squared away,” one underwriter said.

ROI Beyond Premiums

While insurance savings were substantial, broader benefits include reduced cybersecurity incidents, faster compliance audits, and improved client confidence. Our approach serves as a competitive differentiator in client engagements.

Most important, we have technology that supports our business. Each investment reduced ad-hoc processes and workarounds that slow revenue-producing delivery, removed inefficiencies that waste time, and helped us deliver value to customers faster and more securely.