The report mentioned the debate over whether the cloud itself is secure has been settled in favor of “yes.” However, there’s a tendency for people to assume that cloud vendors will handle everything. Unfortunately, this simply isn’t the case, and it gives people a false sense of security.
For instance, the report mentioned many cloud services get compromised via spear-phishing attempts. Email protection like the kind afforded by SolarWinds® Mail Assure can help cut down on some of these attacks. But you’ll need other processes in place as well on the off chance something goes wrong. And if the service itself is compromised, you should have alternative processes to allow normal business operations to continue.
This speaks to the need for having strong backup and recovery in place for internal systems and cloud data such as that contained in Microsoft Office 365. This should be part of supporting a more comprehensive business continuity plan. Your users can’t afford a lot of downtime, so make sure to prepare for the worst ahead of time.
Also, I can’t overstate the importance of user training. Take the time to teach your customers what they can do to guard against potential phishing or social engineering attempts. Additionally, make sure accounts have multifactor authentication enabled, preferably with an authenticator app or a physical device like a YubiKey.
Hire a Little More Broadly
The report also mentioned thinking outside the box when it comes to hiring. While this applies a little more to managed security services providers (MSSPs) or in-house cybersecurity teams, this point has its own twist for MSPs.
The report specifically refers to the oft-mentioned security skills gap. This gap can plague security firms. The report mentions getting a little more creative in hiring practices—that the critical thinking skills needed to become a SOC analyst and be a strong security professional aren’t as easily taught as the technical skills. So, looking for someone who can think well matters more, and can open the hiring field for security teams.
This applies directly to MSPs as well. If security teams with large, dedicated budgets have a hard time hiring security experts, MSPs could struggle even more to find quality security pros to join their teams. Yet, the market demand remains for those who can offer security services.
Instead, MSPs should consider partnering with MSSPs. They can handle some of the more specialized security work, while your team sticks to its forte—keeping customers up and running. These arrangements can be both mutually beneficial and lucrative.
Staying Ahead of the Curve
While I covered the big pieces, there’s a lot of good content in the report, so you should read it when you have a chance. However, these three main points apply directly to today’s MSPs. Hopefully, they will help you stay prepared as 2020 progresses.
My final point focused on how MSPs can keep up with market demand through partnerships. To help, we offer our Threat Monitoring Service Provider program where you partner with one of our approved security providers to offer security services to your customers. They run the back-end by detecting advanced threats while you keep the customer relationship. Find out more by visiting our website today.
Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim’s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics.