Today, MSPs (managed service providers) and MSSPs (managed security service providers) face unique challenges meeting the threats and business requirements of cybersecurity. Not only must they ensure that their network service delivery platform is secure from cyberbreaches, but they must also ensure the customers with whom they connect are secure so bad actors can’t use their customer to pivot into their platform. Many are now being asked by their customers for their security policy due to third party compliance.
A recent example involved an MSP that was doing IT work for a small healthcare clinic. A hacker was able to breach a customer connected to the MSP’s service and gained access into the MSP’s network service platform. The hacker then did a pivot into the MSP’s customer, the clinic network, via the MSP service connection and extricated healthcare records. HIPPA fined the clinic and the MSP, which suffered a major impact to its brand.
This scenario could easily happen to any MSP that doesn’t have a strong security strategy that addresses the complexities of its business. To help solve this challenge, I created a ‘get secure’ approach for MSPs/MSSPs, to avoid being the next victim of a cybersecurity breach.
This ‘get secure’ program, offered by Tech Data, involves a set of recommendations I developed to address these issues. The program allows you to build a plan that will secure your environment through the following:
- Using Tech Data’s Recon™ ProServe, conducting an assessment and PEN test, including physical and social engineering for your network and employees.
- Identifying and segmenting your customers based on compliance and their third-party compliance requirements, to ensure their data is protected in your environment.
- Identifying and implementing the necessary security solutions to secure your environment based on assessments. If you have an existing NOC, Tech Data offers design support to add security components to secure your service platform. As you transition to MSSP, you can learn more about the services available for resale in our MSSP product/service catalog.
- Using Tech Data’s Recon™ Policy, identifying and developing a set of security policies; allowing you to meet your customers’ third party compliance requirements when asked for a copy of your security policy. It also provides you with a policy to follow including physical security and social engineering for your employees.
- Using Recon™ SOC and Recon™ Radar, implementing an external security monitoring service to secure your environment 24/7.
- Once you are secure, you can create messaging to communicate your security readiness via the web, LinkedIn, and social media. This is an important competitive advantage for your business, take advantage of it and make sure your customers understand the importance as a service provider for them.
A strategy should be developed to ensure that the new customers you bring into your service platform are secured. You also need to understand your customers’ compliance requirements. Do this by:
- Asking your customer what their third party compliance requirements are. Once you identify your customer’s vertical and match the compliance they fall under, Tech Data can help as we have substantial expertise in vertical markets.
- Developing an outreach program to interview your existing customers by asking them if they conduct regular assessment/pen tests required for compliance. If they don’t, offer them a special compliance bundle for your current customers to secure their environments based on compliance requirements, HIPPA, GDPR, PCI. (Assessments, Quarterly/Annual Pen Tests are managed under one package using the services provided by Recon™ ProServe.
- Develop a security plan with requirements for new customer connecting to your service. Offer a Security package for new customers as part of onboarding them as a customer for managed services. (Assessments/Pen tests, and security products to secure access) using Tech Data’s Recon™ ProServe.
- If needed, Tech Data partners can offer their customer assistance in developing their own security program using Recon™ Policy as a service, which will ensure that your customers security policies are properly mapped out.
MSPs/MSSP’s serve a specific function in the channel and your customers need to be able to rely on you as not only a technology and services expert, but a company that understands the cybersecurity compliance requirements. When you communicate the extent to which your own environment is protected, and help them secure theirs, it gives your company credibility which will become a competitive advantage.
Ready to dive deeper into security and establish a practice? Contact Tech Data’s security solutions team to learn more about our Practice Builder program at SecurityServices@techdata.com
About the Author
John Komer has enjoyed a 40 year career in the technology industry. Prior to joining Tech Data as a solutions practice consultant, he spent 25 dedicated to cybersecurity. John has enjoyed technical roles involving voice and data networks, video, data center, security, and designing and installing solutions for customers. John has held roles as a system engineer, sales account manager, global account manager and founder of a security consulting company for cybersecurity after the 9/11 WTC attacks to help the Department of Homeland Security. John is involved in many security technology groups giving presentations and helping drive vendor involvement in these groups.