As managed service providers (MSPs), you work diligently to protect both yourselves and your customers against compromise by adopting a layered security strategy. But are you taking the level of care you should with your remote access solution?
Your remote access tool—whatever it may be—is a gateway to your customers’ resources: their machines, their IP, and, ultimately, their data. What steps do you take to ensure your remote access tool is working to maintain the integrity and trust you’ve worked so hard to earn? Let’s talk a bit about layered security and look at some of the key areas you need to consider when it comes to ensuring the remote access tool is part of your security armor and not your Achilles heel.
The first area we want to look at is the perimeter of the solution: the login.
Nearly every web-based application we use today needs a login—usually a username and password—to get you started. In the case of your remote access solution, this login provides you with immediate access to all your client resources, as well as giving insights into your team’s activities. You need to vigilantly protect all of these.
As a starting point, some form of multifactor authentication is essential. This means, in addition to the usual username and password combination, you should also use something like a time-based, one-time passcode, which can be retrieved via an authenticator app in order to get into your remote access tool. This way (almost regardless of how strong your passwords may be or who may be trying to misuse your credentials if they fall into the wrong hands) your account is still protected. Two-factor authentication is a great way to do this.
You also need to know what safeguards are in place around how those credentials are being stored. SolarWinds® Take Control™ uses the SolarWinds single sign-on (SSO) system, which allows us to store login details in accordance with the best industry standards. Furthermore, SSO enables you to seamlessly navigate between different SolarWinds MSP applications with one set of credentials.
Once you feel you have the perimeter of your remote access system secured, you should look at the perimeter security of your clients’ devices themselves, including your list of installed devices.
Here’s why: The moment a member of your team needs to know a customer machine’s password, or perhaps even the password(s) associated with an escalated account, such as a local admin or even a domain/enterprise admin account (yikes!), it is immediately incumbent upon that person to handle that data with the utmost discretion and sensitivity. A security breach at this stage could not only have devastating consequences for your customer, but could result in you losing their business.
How do your techs tackle these challenges? Do they have robust protocols to follow? If not, this part of your process should take priority.
Take Control allows you to store anything—from a master password, or a note or set of notes, to username/password pairings—in a Secrets Vault. These vaults are fully managed, and manageable, and your data can only be decrypted using your own key, providing a robust solution for the secure storage of data. You also have full management capabilities—including permissions and device and technician grouping. And with every action logged, you also have great auditability.
The data itself is stored using multiple layers of encryption, the final one a password unique to each technician with access to the Vault. The data is secured using a multifaceted implementation of the AES-256 algorithm and your password is essential to make the decryption. This means even if the Take Control database was compromised, an attacker could not decrypt your data without the correct password.
What’s more, the use of these keys is strictly limited to the Take Control Viewer application. Other mainstream password management solutions necessitate copying a secured string to your clipboard, but the Take Control vault only delivers the secrets directly to an in-session viewer. This means secure data is delivered with the utmost discretion and integrity directly to the target endpoint with no middleman. Not only is the data more secure, the possibilities of misuse are, by both necessity and design, extremely low.
So in addition to helping you manage the perimeter of your remote access solution, Take Control also helps you manage the perimeter of your customers’ networks, helping secure their trust—as well as their systems.
In my next blog, I’ll look at what sort of things you need to consider when selecting a remote access tool.
Gerry O’Donnell is the product manager for the SolarWinds Take Control system and RMM products.
Read Gerry's previous blog here: Remote Access—Is Security Built into the DNA of Your Solution?
To find out more about how SolarWinds Take Control can help you secure your and your customers’ remote access, click here.
The SolarWinds and SolarWinds MSP trademarks, service marks, and logos are the exclusive property of SolarWinds MSP Canada ULC, SolarWinds MSP UK Ltd. or its affiliates. All other trademarks are the property of their respective owners.