Roll Out:

You should plan an implementation process that works for your team and from within the constraints on your resources. Many teams choose to plan a staged rollout where subsets of users are added over X period of time. The benefits of a staged rollout include the ability to provide hands-on support as needed and collecting common questions from users.

Depending on your team’s culture, you may find an email campaign, a Slack campaign, a Lunch and Learn series, or a mixture of these strategies will be the most effective method of communicating a pending Kolide launch. Whichever method you choose, the most important aspect is that you communicate to your colleagues about Kolide early and often before the implementation date.

Feel free to use the following information as a starting point, or to write up your own messaging from scratch. The below suggestions were written in expectation that you'll be rolling Kolide out through the Slackbot. If, instead, you'll be using an MDM service be sure to update language where applicable.

Important note! Please do not just copy/paste these messages over to your team, but instead read them as suggestions for ways to talk about Kolide and why you have chosen to move forward with this tool over others that you were evaluating. Many of the prompts below require customization before sending.

First Message

In the next few days, you will receive a Slack message to download Kolide:

The message reads: 

"Hi there, I'm the Kolide App!"

"Kolide is a user focused security platform which your team uses to inform users when their device has issues that affect system stability or security."

"To get started, let's enroll your device. Click the Download button below to get the installer package." 

Dropdown List: "Get Download Link for..."
Button: "Questions about Privacy?"

Caption: Kolide’s welcome message and enroll a device prompt

When you receive this message, please download the appropriate installer for your platform and open it to complete the installation. Going forward, [Company Policy here; for example: new employees will get this message automatically when they join Slack.]

What is Kolide?

Kolide is an app that regularly checks your laptop for security issues such as: whether your hard disk is unencrypted; alert when important security updates to your browser and OS are available; and, you are running software with known vulnerabilities. Kolide will not alter anything on your device. Instead, it simply notifies you on Slack when your laptop is not following best practices or is not compliant with your company’s security policies and lets you know how to fix the issue. Messages from Kolide will explain each problem in detail and give you step by step instructions on how to fix them yourself. If you run into difficulty, you’ll also be able to escalate to the IT Team for assistance.

The Kolide Slack app will prompt you with step-by-step instructions about how to get started and how to use it. If you ever need a reminder on what Kolide can do, just send a message saying, “help” and Kolide will respond with your available options. It looks like this:

The message reads: 

"Here are the things that I can help with:
Connect: Connect and subscribe a channel to Kolide Events
Status: Show information about the state of your assets
Manage: Manage your slack integration
Privacy: View data collected by Kolide and who can see it
Enroll: Enroll a new device in Kolide
Help: Show help information"

Caption: Commands for the Kolide app

Second Message:

Why do we need Kolide?

Kolide helps us be consistent about our approach to laptop security. It makes sure we are meeting a basic standard across the company, without compromising the control you have over your laptop. There are three basic drivers behind it:

  • For our customers

<Mention needs for customer compliance and your internal culture of caring for the data customers entrusted. Examples include: access to information that belongs to others, access to systems that run critical business infrastructure, and applications that are regularly impacted by security vulnerabilities.>

  • For our own sake

<You might be surprised to learn that almost no one passes all Checks with their first try. Among testers, Checks like X, Y, Z failed. (Examples: a hard drive was found unencrypted, multiple sets of 1Password recovery keys were found stored in plaintext, encrypted SSH keys were found). This is surprising, but it reveals an important insight: security is hard to get right, even if you know what you should be doing. Kolide helps you stay on top of it with minimal fuss and stay aware of new issues.>

  • For the future

<Where are you as a company headed in the near term and long term security requirements? Is there an audit you’re working toward? An important development to your product that needs to be kept “stealthy”?>

How does it work?

Kolide uses osquery to aggregate data in a fashion that allows it to be queried like a database individually or collectively as a fleet. It is specifically designed to be lightweight on your computer and transparent so that you know what data was collected, when it was collected, and who has access to it. Check out the Privacy Center for more details:

Once you have enrolled your device, you will be prompted to resolve any current issues on your device. Most people are surprised to find that there are issues present that they were not aware of! Some common issues that pop up when Kolide is first downloaded are: needing to update your operating system or browser; SSH key encryption is off; and, backup codes for common apps like GitHub or 1Password are stored in a plain text file on your computer. Kolide will walk you step-by-step through how to resolve any issues. Your first experience might look like this:

The Kolide app has surfaced three issues that require resolution. Two are under "App Security" and one is "Basic Device Security". The message reads:

"App Security: 
Google Chrome Requires Update
(Kolide detected 1 unique issue on this device) 
Button: More Info / Resolve

Root account is missing a nologin shell
(Kolide detected 1 unique issue on this device) 
Button: More Info / Resolve

Basic Device Security:
Google Chrome Requires Update
(Kolide detected 1 unique issue on this device) 
Button: More Info / Resolve"

Caption: The Kolide app has surfaced three issues that require resolution

Clicking “More Info/Resolve” will provide a new prompt that explains what the issue is, why it is a problem, and what steps you can take to solve that issue.

In the specific instance above of needing to update Google Chrome, the more info button will provide the below information. One aspect that is really helpful is that Kolide will also provide expectations for the amount of time that resolving the issue will take you.

Selecting the button More Info / Resolve will take you to an explanation screen that outlines why an issue is a problem and the required actions necessary to resolve the issue. In this example of Google Chrome requiring an update, Kolide also lists the pertinent version numbers and release dates.

Caption: The More Info / Resolve screen provides specific information about the issue and the steps required to resolve it.

Once you have resolved the issue, ask Kolide to “Check Again” and then, if the issue is truly fixed, Kolide will mark the issue as resolved. You could also contact your Admin for assistance, if needed.

At the end of the explanation screen, just above the messaging field, are two buttons. One reads: "I've fixed it. Check again" and the other says "Contact Admin for help".

Caption: The final step in resolving an issue is to click the button that reads “I’ve fixed it. Check again”.

It is both normal and expected that you will have open Issues as you get started with Kolide. This is one of the reasons we choose to buy the service. Work towards resolving any Issues within the first three days, and reach out for assistance as needed.

Third Message:

Kolide’s Privacy Center

Kolide reports data it collects to a central server. It then analyzes that data to alert you and the IT team and you of any failure in security policy or issue with your laptop.

The Privacy Center allows you to get a better understanding of which devices Kolide knows about, what data is collected from those devices, what checks the IT team has enabled, and who in the company can access the collected data.

You can access this privacy center at any time by sending the word “privacy” to the Kolide app in Slack. Or by accessing this link:

This message from the Kolide app reads: 

"User Privacy at Kolide:"
"Kolide takes user privacy very seriously. Our goal is to provide a security solution that puts you, the user, first."

"Who can see my data?"
"Only Kolide administrators within your organization can see the data collected about your device. Link: View in Privacy Center"

"What data is collected?"
"Kolide collects the information necessary to determine if your device is passing or failing your organization's security checks. After you enroll, you will be able to see all information collected about your device, anytime at the following link: View in Privacy Center"

Caption: Kolide’s User Privacy Guarantee. As a company who cares about Honest Security, Kolide cares about transparency for you in every step of the process.

Onboarding Users:

Now that you have communicated with your team about what Kolide is and why you chose this service over the other available options on the market, it is time to onboard. You can roll Kolide out to your end users via your MDM service or through Slack.

If you choose to roll out using MDM, be sure to assign full disk access to the app profile. You can read more here:

If you choose to roll out using the Slack process, don’t forget to relay your expected completion timeline to your team. Nothing motivates like a deadline!

As users begin to enroll their devices in Kolide and resolve Issues, you may receive questions about why Kolide is collecting specific types of data. We recommend thinking through your data collection policies prior to rollout.

Links to our Getting Started Guide:

Did this answer your question?