For most MSPs, competition was assumed to be the biggest threat for retaining customers. MSPs had to deal with the uncertainty that there may be someone out there who could perform services faster, better, and cheaper. Yet, that fear may be misplaced, as another threat manifests in the battle to retain market share.
A recent survey and report by market research firm VansonBourne casts some light on the implications of cybersecurity practices and why those practices may cause customers to fire their MSPs and move onto other service providers.
The report, which was commissioned by cybersecurity solutions vendor Continuum, offers some sobering facts for MSPs attempting to grow their businesses and avoid customer loss. The survey comprised 850 global organizations with sizes ranging from 10 to 1,000 employees. Some 64 per cent of respondents reported that their organization has suffered a cyberattack, which indicates a trend discovered in previous surveys, that cyberattacks among businesses of this size are becoming more and more commonplace.
What's more, some 93 per cent of respondents would consider moving to a new MSP if that MSP offered the "right" security solution, even if they weren't planning to change. Simply put, cybersecurity has become a hot topic for small and medium businesses and those businesses are relying on their MSPs, solution providers, and integrators to keep ahead of cybersecurity issues. However, the question remains, how can an MSP address cybersecurity concerns and convince customers to stay on board?
Establishing a New Paradigm of Trust:
MSPs will need to educate their customers about the concepts of trusted computing. Or, more simply put, cybersecurity has its foundation in trust. While trust may mean different things to different people, it can be surmised in the digital world as establishing trusted connections between systems, people, and services. An important component of digital trust comes in the form of privileged access management (PAM), where policies are established to ensure that users have the properly assigned privileges to access digital resources. Simply put, trust, privileges, and credentials have a symbiotic relationship, which can be contained within PAM.
For the most part, breaches occur because of a lack of privilege management. In other words, proper security practices dictate the who, how, and when of access, along with the permissions associated with that access. At the Beyond Trust Partner Summit, cybersecurity expert Derek Smith offered "privileged credentials exist everywhere and 100 per cent of all advanced attacks rely on exploits of privileged credentials".
A sobering thought for MSPs charged with managing user credentials and cybersecurity hygiene for their customers. Smith added that "some of the best practices around PAM include track and secure, govern and control, and record and audit". Best practices that are best serviced using a platform approach for PAM.
Many security vendors servicing the MSP market have brought forth platforms that institute PAM, creating an ecosystem where trust can be exemplified and assuage customers that have concerns about breaches and other malicious activity impacting their operations. However, to be fully effective, PAM has to be incorporated in such a fashion to not only address the "who" and "what" of access, but also address the "where", "why", and "when" of access, which proves to be a more complex endeavor.
Vendors such as Beyond Trust have embraced the ideology of Just In Time (JIT) PAM, where granular control driven by policies and automation controls have eliminated the problem of improperly assigned privileges, while also incorporating accountability. The JIT PAM approach aims to eliminate the types of security problems that confounded enterprises, such as national retailer Target, which was the subject of a major breach due to improperly assigned privileges to an HVAC contractor. Target's problems are relatively common, caused by the fact that administrators and managers often forget to revoke the rights of temporary workers, contractors, and other non-employees when a project is complete.
The concept of JIT PAM addresses those issues by controlling access based upon a number of different policies, which are further enhanced with behavioral data. JIT PAM can be summerized as a new paradigm of trust, one that builds policy around the who, what, why, where and when of access. The concept offers valuable lessons to MSPs, lessons that entail incorporating the proper security elements into the application and infrastructure layers of service delivery.
What's more, JIT PAM can also be used to secure legacy applications, giving MSPs and their customers more breathing room to define and re-engineer legacy applications as they transition to the cloud.
Some say performance, others say money but it may be systems and processes that carry the day
Japanese vendor sells product development, manufacturing and logistics base in Bavaria to S&T subsidiary, Kontron
'MSPs are all scared to death. They don't want end users asking, what am I paying you for?' - Datto CEO
Tim Weller tells CPI that he sees MSPs struggling to update how they package and deliver security, and opens up on what he makes of MSPs trying to rebrand as MSSPs
In its Q4 results, Microsoft reveals its cloud unit is now its biggest business segment