A lot of MSPs are jumping on the security bandwagon in the wake of so many recent major data breaches. But are MSPs using password management tools, and are they passing that best practice onto their customers? Here's a closer look.

Stuart Crawford, Consultant

October 16, 2014

4 Min Read
Is Your MSP Ready to Take On Growing Concerns Over Password Protection?

I called Colin Knox, the CEO of Passportal, a password management systems provider based in Calgary, Alberta, to congratulate him on hiring former Level Platforms Vice President Dan Wensley as an advisor for his company. As someone with over 20 years’ experience in the managed services industry, Wensley is a great addition to Passportal’s team, and will help them focus on improving their mark on the security market.

That lead to my asking Colin where he saw the security market going in the next 18 months or so, and he shared some interesting insights with me about the concerns over password management as a key part of security offerings for MSPs.

“I think [not securing passwords] is an issue that puts MSPs at risk to an equal level as their clients,” said Colin. “The fact is that a very high percentage of MSPs aren’t using a true password management tool. As external exploits become more and more easily and readily available, like we saw with Heartbleed earlier this year, there’s a lot of risk being put there to their clients.”

And that’s certainly true. We’re seeing a lot of MSPs jumping on the security bandwagon in the wake of all the recent major data breaches, like the JP Morgan Chase scandal. I’ve seen and encouraged my clients to talk about how any business can be targeted by hackers and encourage even small businesses to think long and hard about their security settings.

But are MSPs actually stepping up to the plate to deliver the true protection a company needs?

“If going after passwords is what somebody is looking to do,” Colin continued, “they’re going to start knocking on doors of systems that PSAs are dropping passwords in because the data in those databases are not encrypted, and many times its purely visible in plain text. [Hackers] might not even need to necessarily hack the database, but just get past the first login procedure with brute force.”

In other words, just encouraging your clients to use better security and entrust their passwords to you won’t keep them safe unless YOU are doing your best to secure the data entrusted to you.

Is your MSP talking about password protection yet? Colin thinks that it’s something that will really be needed for MSPs in the time to come. “It stands out to show that they have the tools and processes in place to successfully operate their business in a controlled fashion. More than anything, I think it identifies the level of maturity within their business.”

It also provides a selling point for MSPs to show off when bidding for new business. “When you go into a sales meeting,” said Colin, “it’s really easy to talk about the weather or what’s happening with the local sports team, but after that it’s just ‘Yeah, we give good service and we have this knock and we use ticketing and escalations and automated workflows to make things happen.’ But EVERYBODY is talking about that, everybody is doing that, and it’s not differentiating them.

“If you come in and say, ‘This is how we protect your passwords and how we audit the access to your passwords,’ that kind of makes you stand out from the rest that AREN’T talking about these things with their prospects. It makes [the prospective client] question what their current situation is, and maybe question the other MSPs bidding on the job on how they do that.”

Colin believes that Remote Management Module (RMM) providers are waking up to the growing concern over password security, and that it won’t be long before they start including robust password protection in their offerings.

“Encryption will probably start to take on a lot more, and we’ll likely see other RMM companies likely making acquisitions or consider building their own within their platform to stay competitive with the other providers out there.”

Of course, Passportal is ahead of the curve there, having already built two-factor authentication into their platform. If Colin’s right, other RMM providers are going to be scrambling to keep up as more data breach stories are shared on major news sites. We’ll be seeing a lot of partnerships start popping up between RMM providers and password management companies, perhaps even with other third-party companies as well, as the average business owner starts to demand solutions to stop the kind of breaches they hear about in the news.

Colin has positioned Passportal to be ready to welcome the changes with open arms, providing their service as ready to integrate into a complete remote security offering. “The RMM provider would save the time and hassle of trying to recreate the complexity of a product like what we’ve built. Partner with us and build an integration to have a quicker answer to the market and not have to put too much focus on continued development and management of password management for their MSP partners.”

Read more about:

AgentsMSPsVARs/SIs

About the Author(s)

Stuart Crawford

Consultant, Ulistic

Stuart Crawford is Creative Director and MSP Marketing Coach with Williamsville, NY and Burlington, ON-based Ulistic, a specialty firm focused on information technology marketing and business development. He brings a wealth of knowledge and experience pertaining to how technology business owners and IT firms can use marketing as a vehicle to obtain success.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like