News

Analysis: The Top 4 Security Worries of MSPs

The No. 1 reason for a customer to fire you, the partner, is loss of data. Here's how to make sure that doesn't happen.

Congratulations, you're onboarding a new customer for your managed services provider (MSP) practice. Here are four security concerns you should worry about every time you sign up a customer.

1. The bad guys are already in the network -- you need a strategy to get them out.
When you're lucky enough to land a new customer, assume the customer's network is poisonous and treat it accordingly. The horrific reality is that you often gain new business because the customer has either neglected the network or fired a grossly incompetent previous IT services provider. You need to make a difference right away. Get your agents in place on servers and workstations, drop in managed anti-virus and fire up Web protection. Your next step is to find and kill malware on all the devices. Pull a software asset list, put that into Excel, de-duplicate it and start asking the business if it really needs all that software.

Pro Tip: See if the customer will let you uninstall Adobe Flash, Silverlight, Shockwave, QuickTime and Java, if at all possible. Getting rid of these apps is a huge security win.

2. The bad guys will compromise the network -- you need to make your customer hard to hack.
The No. 1 thing you can do here is roll out your patches -- patch the OS and those remaining third-party applications. Removing old, unused and possibly vulnerable software is a great first step, and this will actually reduce the number of apps you'll have to patch in the future. Also, you're soon going to start seeing "interesting things." Hopefully, most of your workstations took the patches well, but if a machine didn't, you can be assured it's probably broken in some way and might come back to haunt you. This would be a great time to re-image or clone the machine from a known good, and fully patched, machine. If the image doesn't take or the cloning fails, there's a strong chance you have a hardware issue.

3. The bad guys are going to cost the customer's business a lot of money -- you need to protect high-value targets inside the network with multiple security layers and network segregation.
Now that you're patched and updated and have layers of defense in place, it's time to start really locking things down.

Start with an external vulnerability scan for open ports on the outside of the customer's network. Hopefully the ports that are open make sense and are mapped to business services. If not, well, you have some work to do. Start investigating any strangeness and figure out the firewall rules. Does everything really need to be open to the entire Internet? Great opportunities exist to move mail protection into the business if they are hosting their own mail server. Now is the time to roll out all your SNMP, event log, performance monitoring and Windows Service checks into the infrastructure.

Pro Tip: Your workstations generally only need to talk to your DNS server. So lock port 53 outbound to the IP of your DNS server. This is a great way to catch messed up malware-infected workstations in the firewall log.

4. The bad guys are attacking with ransomware -- you need great backups.
OK, you just spent a lot of effort getting this customer cleaned up and locked down and the backups are...suspect. You need to fix this immediately. The only thing that allows an MSP to sleep at night is backups that are running successfully.

What's better than a backup? Two backups. Cloud-based and local are a must-have requirement. Here's why: If you get hit by ransomware you might lose the locally attached USB drive backup, for example, and you'll be glad you have cloud-based backup. On the other hand, if you have a physical failure you'll be glad you're restoring data from a local source.

The No. 1 reason a customer will fire you is for losing their data. Get great at backup and restore.

About the Author

Ian Trump is an IT consultant with 20 years experience in IT security. He is security lead at LogicNow, and a regular presenter at industry security conferences. Follow him on Twitter: @phat_hobbit.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.