Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security Cloud App Security: Advising Your Clients on Application Usage
Security

Cloud App Security: Advising Your Clients on Application Usage

By SolarWinds MSP
18 March, 2020

These days, businesses increasingly rely on cloud services for day-to-day operations. While some infrastructure remains in-house, businesses frequently use cloud services because they’re convenient and often cheaper. Cloud computing in general is secure. However, individual cloud services often have flaws and vulnerabilities—and each service your client adds to the roster increases their security risks.

With this shift toward the cloud, the role of MSPs has changed from pure providers and vendors to advisors. While you’ll always need to monitor and maintain your customers’ systems, you now need to play a role in helping them make smart technology decisions, including which applications present potential risks. So when a customer calls and they want to switch to a local software vendor for their customer resource management (CRM) solution, how should you advise them? 

Advising your client

CTA Image

Password and Documentation Management

Request a Demo Learn More

Before you begin, it’s worth making sure you and your customer are on the same page about what constitutes a cloud service. When people think cloud services, typically the major players like Microsoft Office 365, Salesforce, or NetSuite come to mind. However, [ital]anything[/ital] you provide credentials to must be vetted. I want to present a high-level process you can use to audit the services a customer uses; however, you can use this process any time customers want to add a new app into the mix.

Step one—criticality: First, divide applications between two categories: mission-critical and nice-to-have. Breaking them into tiers lets you make critical decisions later. If you determine a nice-to-have application is risky, you can make a strong argument to the customer for dropping the application. If a mission-critical app carries a similar risk, you can take additional security precautions or suggest replacement applications for the main app. 

Step two—risk factors: Next, determine how risky each service is across a few dimensions. Here are some starting points:  

  • Size: In general, larger, established companies will have more resources than smaller ones. A local CRM provider that just launched will likely be a larger risk than an established behemoth like Salesforce or even a smaller provider who’s been in the game for a few years. The smaller companies may not have the right protocols in place, but they also may lack the capacity for proper response after an incident. You can check this information out by doing research on the company—but to some extent, even a bit of intuition can go a long way. For instance, if a company’s website seems sketchy, they likely won’t invest much in their security either. Another benefit of being a larger, more established company is that when they’re breached, that breach gets headlines. You can get a better sense of how they respond, and assume they have skin in the game. 
  • Security and trust centers: Many software providers have portions of their websites dedicated to security and privacy. It’s a good sign if a company has a trust center that describes their security, development, and data handling practices. If your customers are in regulated industries, check if the vendor is certified. However, even if you don’t have to worry about regulations, demonstrating certifications for frameworks like NIST, ISO, or FIPS, they’ll likely be lower risk than those who don’t. 
  • Prior breaches: If a company shows up in the headlines for being breached, this shouldn’t disqualify the vendor. In fact, this gives you additional data on the vendor and how well they responded to the incident. You should check to see if they were transparent with customers and timely in their responses. For instance, if people on Reddit spent days waiting for a resolution, that should tell you something about their responsiveness. At a minimum, for critical services, check the vendors’ press statements around the incident. You want to find out what happened, how fast they responded, and—most importantly—what they’ll do to avoid similar breaches in the future. 

Step three—recommendation: Finally, make a recommendation to your customers. If a service is mission critical, but their security seems spotty, consider offering alternative recommendations. This also gives you the opportunity to clock additional hours on a migration project if required. However, in the end, make sure the decision remains in your customers’ hands. 

Keeping customers safe in the cloud: These days, MSPs need to play the role of trusted advisors for customers. While monitoring and protecting devices and networks still tops the list of MSP duties, MSPs should also help them avoid security challenges due to choosing the wrong cloud application should play a role. Your customers rely on your expertise to make sound strategic decisions for their businesses—so make sure to follow some of the tips I mentioned above. You could greatly reduce your customers’ risks in the long run. 

Regardless of vendor, staying safe in the cloud requires employees to use strong password practices. Often, all it takes is one username and password combination falling into the wrong hands to cause a serious data breach. That’s why it’s essential to use a strong password manager. SolarWinds® Passportal is purpose-built for MSPs to help technicians generate strong passwords while offering one-click access to services. On top of that, SolarWinds Passportal Site allows you to offer password management as a service to your customers, helping them stay safe with their cloud applications and offering you additional revenue. Learn more today by visiting passportalmsp.com. 

 

Additional reading

Protecting O365 and G Suite Email—A Layered Approach 
4 Tips for Rock-Solid Mobile Security
Moving to the cloud: Help ensure your cloud-based web security
You might also like...
Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Security

What Is FIPS-140-2 Standard and When Is It Required?

Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Automation (37)
  • Cybersecurity (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (11)
  • Service Desk (5)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • GDPR (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.