Customer stories

Customer stories

How MSPs are winning with enhanced.io

How Shinka IT delivers DORA and NIS2 aligned security with EU data residency to regulated clients

The Belgian MSP serves regulated mid-market and enterprise clients across three countries. It needed security operations that satisfy auditors and keep client data in the EU.


In short: Shinka IT, an MSP in Liege serving regulated mid-market and enterprise clients across Belgium, Luxembourg and France, needed security operations that meet DORA and NIS2 expectations and keep client data in the EU. With enhanced.io, Shinka delivers 24/7 security operations with EU data residency, compliance reporting mapped to DORA, NIS2 and GDPR, and coverage that extends to its manufacturing clients’ OT, all under its own name.

Location

Liege, Belgium. Serves clients across Belgium, Luxembourg and France.

Founded

2011, by Steve Pezzani and Nicolas Daems

Size

About 40 staff, around 15 million euro revenue

End clients

Regulated mid-market and enterprise organizations, 20 to 500 employees, across manufacturing, transport, logistics, healthcare and local government

Security stack (before)

SentinelOne endpoint protection, but no in-house SOC and no SIEM. No 24/7 monitoring, correlation or incident response, and no way to evidence DORA, NIS2 and GDPR obligations to clients and auditors at the depth regulated clients required.

Partnership start

2021

Location

Liege, Belgium. Serves clients across Belgium, Luxembourg and France.

Founded

2011, by Steve Pezzani and Nicolas Daems

Size

About 40 staff, around 15 million euro revenue

End clients

Regulated mid-market and enterprise organizations, 20 to 500 employees, across manufacturing, transport, logistics, healthcare and local government

Security stack (before)

SentinelOne endpoint protection, but no in-house SOC and no SIEM. No 24/7 monitoring, correlation or incident response, and no way to evidence DORA, NIS2 and GDPR obligations to clients and auditors at the depth regulated clients required.

Partnership start

2021

Location

Liege, Belgium. Serves clients across Belgium, Luxembourg and France.

Founded

2011, by Steve Pezzani and Nicolas Daems

Size

About 40 staff, around 15 million euro revenue

End clients

Regulated mid-market and enterprise organizations, 20 to 500 employees, across manufacturing, transport, logistics, healthcare and local government

Security stack (before)

SentinelOne endpoint protection, but no in-house SOC and no SIEM. No 24/7 monitoring, correlation or incident response, and no way to evidence DORA, NIS2 and GDPR obligations to clients and auditors at the depth regulated clients required.

Partnership start

2021

What problem was Shinka IT trying to solve?

When the market shifted

When the market shifted

Shinka’s clients are regulated. Manufacturing, transport, logistics, healthcare and local government sit among the essential and important sectors NIS2 covers. Where a client has financial-sector or ICT-provider obligations, DORA applies on top. These organizations do not just want protection. They have to evidence it to auditors and regulators.


That raised two demands a basic security offering could not meet. The first was compliance depth. Clients needed monitoring, detection and incident response that maps to DORA, NIS2 and GDPR, with reporting an auditor will accept, not a dashboard screenshot. The second was data sovereignty. EU clients in regulated sectors expect their data processed and held in the EU, with a clear answer on where it sits and who can reach it.


Shinka also had clients in manufacturing whose estates run operational technology, so the security operation had to extend past IT into OT to cover those environments. Building a SOC in-house to meet all of this, across three countries, was not realistic on Shinka’s scale.

“Our clients sit on boards. They attend conferences. They read about breaches. They come to us expecting the same calibre of security that a large enterprise would have. And they should. The threats targeting them are just as sophisticated.”

Steve Pezzani

Founder, Shinka IT

“Our clients sit on boards. They attend conferences. They read about breaches. They come to us expecting the same calibre of security that a large enterprise would have. And they should. The threats targeting them are just as sophisticated.”

Steve Pezzani

Founder, Shinka IT

“Our clients sit on boards. They attend conferences. They read about breaches. They come to us expecting the same calibre of security that a large enterprise would have. And they should. The threats targeting them are just as sophisticated.”

Steve Pezzani

Founder, Shinka IT

“Our clients sit on boards. They attend conferences. They read about breaches. They come to us expecting the same calibre of security that a large enterprise would have. And they should. The threats targeting them are just as sophisticated.”

Steve Pezzani

Founder, Shinka IT

Why did Shinka IT choose enhanced.io?

Shinka needed an operation it could put in front of a regulated client and an auditor, not another tool to run. enhanced.io provided that as a service Shinka delivers under its own name.


Compliance reporting was central. enhanced.io configures reporting against the frameworks Shinka’s clients answer to, including DORA, GDPR and NIS2 alignment, so the evidence a regulated client needs comes out of the security operation rather than being assembled by hand.


Data residency was the other deciding factor. EU clients’ data is processed in an EU region, selected at onboarding, and replication stays inside that region so data does not leave it. For Shinka’s regulated clients, that is a clear, defensible answer on where their data lives.

The named Fractional Security Director gave Shinka a senior security lead to put in front of clients and into audit and board conversations, without hiring one. And because enhanced.io is channel-only and never sells to Shinka’s clients, the regulated relationships Shinka holds stay Shinka’s.

enhanced.io

Your Team

Your Clients

“We evaluated providers who wanted to sell us a platform and wish us luck. enhanced.io offered to become our security operations team. That’s a fundamentally different proposition.”

“We evaluated providers who wanted to sell us a platform and wish us luck. enhanced.io offered to become our security operations team. That’s a fundamentally different proposition.”

Steve Pezzani,

Founder, Shinka IT

What does the Shinka IT and enhanced.io security stack look like?


Shinka’s security operation covers IT across its regulated clients and extends into OT for its manufacturing clients, delivered and monitored by enhanced.io’s 24/7 SOC with EU data residency.

What does the Shinka IT and enhanced.io security stack look like?


Shinka’s security operation covers IT across its regulated clients and extends into OT for its manufacturing clients, delivered and monitored by enhanced.io’s 24/7 SOC with EU data residency.

Endpoint

Endpoint

SentinelOne, kept in place and ingested by enhanced.io for cross-surface correlation

Network

Network

enhanced.io network detection and response across client environments, including Cato, Zero Trust and SASE based networks

Cloud and SaaS

Cloud and SaaS

Microsoft 365, Azure and AWS telemetry monitored for account takeover, mailbox rule abuse and data access anomalies

Identity

Identity

Identity monitoring across the client’s identity provider and directory, covering sign-in activity, account takeover, credential and MFA abuse, and privilege misuse

OT

OT

Monitoring extended to operational technology across manufacturing, transport and logistics client environments, correlated with IT, identity and cloud in one SOC

SOC delivery and compliance

SOC delivery and compliance

enhanced.io 24/7 SOC with cross-surface correlation, incident response and EU data residency. Compliance reporting configured to DORA, GDPR and NIS2 alignment. Named Fractional Security Director for audit and client conversations.

What results has Shinka IT achieved with enhanced.io?

Client data kept in the EU

Shinka’s EU clients have their data processed and stored in an EU region chosen at onboarding, with replication held inside that region so it does not leave. For regulated clients asking where their data sits, Shinka has a clear, defensible answer.

DORA and NIS2 obligations evidenced, not just claimed

Compliance reporting is mapped to the frameworks Shinka’s clients answer to. DORA reporting and GDPR measures are configured into the service, with NIS2 alignment supported, so a regulated client can show monitoring, detection and incident response to an auditor rather than describe it.

Coverage extended to manufacturing OT

For Shinka’s manufacturing clients, monitoring reaches the operational technology estate alongside IT, so the industrial environments that sit outside a standard IT security tool are covered under the same operation.

One security operation across regulated verticals

Manufacturing, transport, logistics, healthcare and local government each carry their own obligations. Shinka delivers all of them from one security operation, rather than standing up a separate capability per sector.

A named security lead for audits and boards

When a regulated client’s board or auditor asks who runs security and how obligations are met, Shinka brings a named Fractional Security Director to the conversation. The senior expertise is there for the questions that decide regulated contracts, without Shinka hiring a security director.

“We serve clients from 20 employees to 500. They all face real threats. They all deserve real protection.”

“We serve clients from 20 employees to 500. They all face real threats. They all deserve real protection.”

Steve Pezzani

Founder, Shinka IT

What would Shinka IT say to other MSPs facing the same problem?

Steve Pezzani’s point is that regulated clients buy evidence, not promises. They have to satisfy auditors and regulators, and they expect their MSP to make that straightforward.


For an MSP serving regulated sectors, the questions that decide the contract are where the data sits, how obligations are evidenced and who answers for security in an audit. An MSP that can answer all three, under its own name, wins work that an endpoint tool and a certificate cannot.

Frequently asked questions

Questions we get asked

How can an MSP package security as a service it can sell?

Partner with a SOC provider that delivers under the MSP’s own name, then wrap the monitoring, detection and response into a named service with a clear price. The MSP sells the outcome, 24/7 protection and response, rather than a tool or a certificate. enhanced.io delivers the SOC and the named security lead, so the MSP has a product to sell from day one.

How do MSPs price a managed SOC service for clients?

How can an MSP win higher-value contracts with security?

How does an MSP stop competing on price against national providers?

What is the commercial model for SOC as a service for MSPs?

How does the named Fractional Security Director help win business?

Does enhanced.io sell directly to our clients?

Ready to deliver a complete cybersecurity solution?

Let’s talk

Ready to deliver a complete cybersecurity solution?

Let’s talk