Get a grip: Are you really in control of your client's security?

Marc Thaler

Hall of Fame football coach Bill Parcells, an all-time NFL legend, is known as much for his outspoken nature as his championship resumé. He delivered a one-liner nearly 20 years ago that’s Hall of Fame-worthy in its own right – and should give managed service providers (MSPs) something to consider.

Frustrated that he didn’t have final say over picking players for the New England Patriots, Parcells during a press conference famously said the following:

“If they want you to cook the dinner, at least they ought to let you shop for some of the groceries.”

To build and sustain a perennial winner, Parcells argued that he needed the last word on who the Patriots brought on board, and who they let go. He wanted more control.

Cyber-SecurityIt sounds a lot like the present-day picture painted by MAXfocus Security Lead Ian Trump, whose recent article in Business Solutions offers MSPs tips on how to build a stronger security solution for their customers:

“MSPs are challenged because they have to exert a level of control,” says Trump. “But many of the apps that businesses run are not friendly to control.”

Raise your hand if you’ve reached this point with any of your customers, or at least foresee it as a roadblock that’s rapidly approaching?

Where security is concerned, Trump says he encourages MSPs to lobby for a greater degree of control over their customers systems (albeit in a far more respectable manner than the football coach). There are times when your customers need protection from themselves. You need the authority to act.

“MSPs need to say, ‘No.’ But they need to say it in a kind, educated way,” explains Trump.

Convincing customers to relinquish any amount of control – even if it’s to improve their security – is no small task. So how can you do it? Trump offers these pointers to prove you’re trustworthy:

Take stock – constantly

Demonstrate your ability to keep up-to-date inventory of your customers’ devices, hardware and software. This can be challenging for savvy IT pros, let alone non-technical types.

“It’s not unrealistic to find networks completely populated with a wide variety of devices,” Trump says. “For an MSP, you need to understand the technology that a business has and whether it should be accessible to the Internet or available over the Internet.

“There’s a compelling argument that certain devices should not (have such capability).”

ID apps that run at user level

Running a wide variety of business-critical applications often requires users have local administrative privileges. MSPs should research and recommend applications that can be run and managed at the user level to prevent admin-level authority from spreading like a viral video.

Better yet, suggest creating a terminal server environment; build a system accessible for a specific application or small subset of apps, which is hosted on a separate computer.

Think of it as a “computer inside a computer,” Trump says, with the idea being that the application runs on elevated privileges but has no way of “breaking out” and infecting the endpoint.

Focus on resiliency

Lay out a plan that ensures resiliency. (This is in addition to data backup.) Business continuity during downtime should be treated as a priority.

Email – the top tool for business communication – is an excellent example. The Radicati Group’s Email Statistics Report, 2013-2017 predicts business email accounts to grow at an average annual rate of 5%, and crack one billion at the end of next year. What if your customer’s infrastructure goes offline?

“For the MSP community, you really need to figure out how to deliver great email service,” Trump says. “Losing a customer’s email is the most damaging thing you can do.”

Cybercriminals are growing in size and sophistication. Do you need more control over matters involving your customers’ network security? Don’t be afraid to ask for it.

Just be sure to avoid “groceries” references when making your plea.