Managed Service Providers (MSPs) are highly attractive to small and medium sized business as they often face lack of funding, quickly changing technologies, increased requirements, and lack of IT trained employees. From a security standpoint, MSPs can greatly benefit these businesses. However, MSPs are not only attracting new clients. Over the past year, as many of you are aware, the cyber-attackers have been increasing their attention on supply chains, like those supporting Managed Service Providers, in order to infect a larger number of companies through finite entry points. Solarwinds and Kaysea are examples of these types of attacks that occurred over the past year.
As a result, clients have more expectations and questions about security measures and precautions MSPs are taking to prevent and combat cyber-attacks. Insurance carriers are also concerned about the aggregate risks and security postures of MSPs, which result in increased limits, increased premiums and increased security requirements to qualify for coverage. As an MSP, there are several controls that can be put in place to protect yourself and your customers by reducing the attack surface and improving your ability to prevent and respond to threats. In fact, the Center for Internet Security (CIS) lists a number of areas that should be addressed.
- Isolate the customer networks from other networks within the MSP’s environment. Maintain a backup and system recovery strategy for the MSP and its customers and ensure those backups are tested on an ongoing basis.
- Manage and restrict access to, and monitor use of, management systems within the MSP environment as well as customer environments. Deploy multi-factor authentication (MFA) utilized for all administrative access and restrict access to those responsible for those specific processes
- With respect to on-premise RMM solutions in particular, restrict access to specific IP addresses, maintain the server on a separate segment of your network and install an IDS or IPS solution to analyze anomalous traffic to that server.
- Maintain a process for the MSP’s administrative environment and customer environments to harden and patch systems and applications and ensure there is a secure baseline (based on industry standards) for servers, endpoints, systems, network, software, and mobile devices to include virtual and cloud environments. Deploy an EDR or MDR solution to stop or mitigate threats.
- Maintain a vulnerability management process to include routine scanning and remediation.
- Have a comprehensive Incident Response plan in place, and run simulations on an ongoing basis.
Maintaining a strong security posture is often seen as an expense center item. Increasingly, however, it is becoming an essential part of any organization, especially Managed Service Providers, if they are to effectively compete for business, let alone remain insurable.