https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-logo.png
Banking Technology
    • Newsletter
  • Home
  • Technologies
    • Back
    • Analytics
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
  • Intelligence
    • Back
    • Content Resources
    • From the Industry
    • Galleries
    • Our Sponsors
    • Podcasts
    • Videos
    • Webinars
    • White Papers
  • Think Tank
  • Awards
    • Back
    • Circle of Excellence
    • Digi Awards
    • MSP 501 Rankings
    • Talkin’ Cloud 100
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
  • More
    • Back
    • About Us
    • Advertise on Channel Futures
    • Contact Us
    • Editorial Calendar
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
  • Home
  • Technologies
    • Back
    • Analytics
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
  • Intelligence
    • Back
    • Content Resources
    • From the Industry
    • Galleries
    • Our Sponsors
    • Podcasts
    • Videos
    • Webinars
    • White Papers
  • Think Tank
  • Awards
    • Back
    • Circle of Excellence
    • Digi Awards
    • MSP 501 Rankings
    • Talkin’ Cloud 100
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
  • More
    • Back
    • About Us
    • Advertise on Channel Futures
    • Contact Us
    • Editorial Calendar
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Cybersecurity

As Competition and Regulation Increase, MSPs Must Provide Security to Survive

  • Written by Raffi Jamgotchian
  • April 12, 2018
Recognizing that "in compliance" is not the same as "secure" can be a competitive differentiator.

Given the current environment, I predict one of three fates for MSPs in the near future: You’re going to become a security-providing MSP, you’re going to partner with one or you’re going to go out of business.

Demand for effective data security looms larger than ever on the MSP landscape. With small and midsize businesses increasingly targeted in data breach and ransomware attacks – and with compliance auditors targeting these same businesses for more thorough regulatory enforcement across industries – the role of an MSP is shifting dramatically. If you can’t provide security services to fill this need, watch out: Your MSP competitors are likely jumping on this bandwagon as the tools to provide security become simpler to use. It gives them something new and popular to sell. 

The fact that so many MSPs are now developing their own security offerings is a positive development for the industry, one that ultimately helps us all raise our games; however, whether putting together services yourself or partnering with a traditional MSSP, it is critical that MSPs now have the necessary security stack and expertise in place to secure clients’ data and navigate the nuances of regulatory compliance. This isn’t just good for the client, it is necessary for an MSP business’ longevity. 

Assembling a stack takes more than just the right tools, although the tools are certainly important. Building an effective security program requires a deep understanding of the client, and the risks specific to its company and their industry. It takes a thorough knowledge of the difference between compliance and security, the laws regulating the client’s industry, and how to communicate with clients as a trusted resource and expert. 

Compliance isn’t security — and you must provide both. Implementing effective data security can bring you compliance, but compliance doesn’t necessarily achieve security. At the same time, pursuing compliance with a blind eye to truly effective security can leave you with neither. Take this scenario as an example: Say you do everything possible to ensure that a client’s environment is compliant but ignore real security needs, and a data breach occurs. Your company might still be held liable to the breach. For example, just three months before Target announced it had 40 million records compromised, it had passed a qualified PCI audit.

Given this reality, my recommendation is to focus on doing the right thing as far as security best practices go, mitigating as much risk as your resources allow from a business point of view. Then you can review the customer’s compliance needs and fill in any gaps not covered by your stack. In Target’s case, they hadn’t identified where their third-party risk was, and they hadn’t properly segmented their payment processing network from the rest of their environment. 

As a security-providing MSP, you cannot truly know if the security you implement in line with your interpretation of the law will pass muster in the auditors’ eyes until an audit happens. Because of this, the best practice is for MSPs to document those interpretations and actions in detail. Record and explain why specific tools and practices were put in place, and what area of the regulation they’re intended to address. Orient everything around increasing security for practical reasons, not just to posture for compliance. If an audit does happen, pursuing security in this way will maximize the chances of your decisions being upheld. 

Additionally, it often makes sense to look at the minimum regulatory requirements and then go beyond those to provide more compelling service and ensure compliance. For example, FINRA requires financial-services businesses in its purview to have a business-continuity plan in place, and to test it once a year. It doesn’t define details beyond that. To address this, an MSP might decide to implement a relativity high-quality backup system able to recover data from a secure cloud, not instantly as the most expensive solution might, but within hours. This is an interpretation that will hold up in an audit, and it also protects uptime and provides a superior experience for the client.

Alternatively, an MSP could use offsite tape backup – the regulation doesn’t say not to – but the client’s uptime and the outcome of an audit would be at greater risk. In cases like these, there’s benefit in going beyond the “letter of the law.” 

Tailor solutions to each specific client and their industry. Each client performs different activities, uses different equipment, and adheres to different industry rules. To be effective, security-savvy MSPs need to study a client’s specific risk profile and tailor a security program to those needs. For example, we use Beachhead Solutions’ SimplySecure as a tool that can encrypt data and remotely lock and wipe data from compromised devices in the field. This gives us a strong fit for securing our financial-services clients that have employees that carry sensitive data on laptops or mobile devices, which might be lost or stolen.

However, for our clients relying solely on stationary desktops, different tools are more appropriate. At the same time, each industry is governed by regulatory agencies and specific rules with enough variance that an MSP can’t successfully provide security for companies in that field without being deeply familiar with those nuances. 

Be the expert the client needs. Software tools alone can’t secure a client. It takes participation by the people involved, from company leaders to employees. A security MSP is the point of contact that guides the client in ensuring individuals exhibit secure behaviors. In addition to putting training tools in place, it’s just as important that an MSP can understand and explain the human-error risks those tools mitigate. 

In our own case, we use Breach Secure Now! to train client employees in security best practices, as well the aforementioned SimplySecure management system and the Carvir-provided SentinelOne endpoint detection and response solution to further support employees in protecting data on their devices. However, an effective security MSP must do what the tools cannot, and be proactive in communicating in real-time as breaches occur or new, massive vulnerabilities make headlines.

It’s important to take the lead in explaining major issues and events to clients, so that they fully understand how it affects them, and what actions you as an MSP and they themselves should take to mitigate risk. That process of demonstrating expertise and initiative in addressing issues not only makes clients more secure, it enhances your relationships and reputation as well.

As MSPs adapt to the new reality in which all clients and providers must address data security, good solutions are essential, but they can’t do the job alone. Knowledge of laws and technology, understanding of specific client needs, and great personal communication are the ingredients that ultimately help MSPs ensure customer data is secure — and strengthen their businesses for the long haul.

Raffi Jamgotchian is the founder of Triada Networks, an IT services firm that caters to boutique investment and other security-conscious firms in the New York metro area.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Best Practices Cloud Mobility Security Specialty Practices Strategy Technologies

Related


  • Big Data
    SUSE Linux Adds Support for Intel Persistent Memory on SAP HANA
    New abilities to support Intel Optane persistent memory.
  • Threat Intelligence
    Why SMB Networks Need Advanced Threat Intelligence
    Automated attacks make it imperative SMBs look to their security precautions.
  • Launch
    Dell EMC Launches 2019 Partner Program Focused on Growth
    The Dell EMC team gets pretty detailed on how partners can make money with the company.
  • Deadline for Digi Awards Applications Approaches
    Are you, say, a Cloud Builder? Perhaps a Master of Disaster? Apply now!

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Nvidia GPU-Powered Workstation Service Released in Microsoft Azure Marketplace
  • Amazon, Microsoft See Sharp Revenue Gains in Cloud
  • IoT Is Complicated, But Building an IoT Practice Doesn’t Have to Be
  • On Your Mark … The Annual MSP 501 Survey Is Preparing for 2019 Launch

From the Industry


Sponsor Content

10 Ways MSPs and MSSPs Can Deliver Managed Detection and Response Services

February 21, 2019
Sponsor Content

Email Security: A Smart Addition to Any MSP’s Layered Security Strategy

February 20, 2019
Sponsor Content

Grow Your Business by Reducing Complexity for SMB Customers

February 20, 2019
view all

Galleries


Check Point CPX360 Featuring VMware, Versa Networks

February 8, 2019
view all

Webinars


Sponsor Content

Social media and email phishing: How to protect financial information from fraudsters

February 19, 2019
Sponsor Content

Double Your Revenue with Backup and DRaaS

February 12, 2019
view all

White Papers


Sponsor Content

A Business Owner’s Guide to Cybersecurity

February 6, 2019
Sponsor Content

The Seven Types of Power Problems

February 6, 2019
Sponsor Content

The Lean MSP

January 29, 2019
view all

Videos


Sponsor Content

Video: Ivanti Unified IT: Automate Service Requests

January 14, 2019
Sponsor Content

Linksys Cloud Manager Tutorial – Dashboard Overview

January 13, 2019
Sponsor Content

Linksys Cloud Manager Tutorial – How to Set Up a Network, Access Points, and SSID

January 13, 2019
view all

Twitter


ChannelFutures

@Arcserve unveils new disaster recovery capabilities for #SMBs through virtual machines on the #cloud goo.gl/fb/W2vSn6

February 21, 2019
ChannelFutures

.@Lastlineinc signs first #distribution agreement in NA with #Synnex. goo.gl/fb/fxXAAz

February 21, 2019
ChannelFutures

@HarmonyPSA hopes to build on 2018 growth and cement its place in the crowded #MSP mgmt software space @MSP_501 goo.gl/fb/16XbRG

February 21, 2019
ChannelFutures

@googlecloud #CSP lets enterprise run cloud workloads on-premises #hybridcloud @awscloud @Azure goo.gl/fb/bjze9r

February 21, 2019
ChannelFutures

.@HP rolls out updates to its #Device as a Service (DaaS) program. goo.gl/fb/HxxCNQ

February 21, 2019
ChannelFutures

CMIT Solutions of the Outer Banks (CMIT of OBX) goo.gl/fb/YGs885

February 21, 2019
ChannelFutures

Latest #SecurityRoundup features @ThreatConnect @solarwinds @FollowContinuum and @365datacenters. goo.gl/fb/6AQoqm

February 21, 2019
ChannelFutures

10 Ways MSPs and MSSPs Can Deliver Managed Detection and Response Services goo.gl/fb/8QrFmP

February 21, 2019

MSSP Insider

Newsletters and Updates

Sign up for the Doyle Report, Channel Futures Update, MSP 501 Update and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

Channel Futures

© Channel Futures 2019. All rights reserved.

  • About Us
  • Contact Us

Related Links

  • Privacy Policy
  • Terms of Service

Follow us

Websites are now required by law to gain your consent before applying cookies. We use cookies to improve your browsing experience. Parts of the website may not work as expected without them. By closing or ignoring this message, you are consenting to our use of cookies.
X