It is healthy, if not necessary, to look inward and assess where you are so as not to become stale, complacent, or worse, irrelevant. It is time for us to do the same with the managed services profession. While I have not wavered in 21 years regarding my belief in the managed services business model or in the MSPs who carry out this valiant work, we must look inward and assess what we could be doing better. Improvement is always possible.
In the wake of the ransomware attack on MSP supply chain vendors, MSPs from around the world have been consistent in their proclamation that something must be done. What that something is will take some effort. But, self-examination is required if we are going to learn from this attack (in actuality, a series of attacks that have culminated with the Kaseya breach) and make changes that will improve the status of the MSP and the customers they serve.
Like other professions such as medical, legal, accounting, and engineering, MSPs also face constant and ongoing education to maintain basic competency and effectiveness. In this regard, I would say we have done well, but much more is needed.
MSPs have mastered technical proficiency long ago. What we need now is a renewed focus on the security threats facing MSPs (and, by extension, their clients).
As difficult as this is to say, end-user security is the Wild West. There is no consistency (save for a few highly regulated industries) regarding internal security practices or business resiliency. Particularly amongst small and medium-sized organizations, there are some horrible gaps in cybersecurity practices, even despite the presence of an MSP. How could this be?
As outsourced guardians of IT management and security, MSPs can only make recommendations; they cannot force action upon the client. Many of the devastating ransomware attacks we have seen in the past few years were exacerbated by these organizations’ poor state of IT and cybersecurity readiness. Attempts by MSPs to push readily available measures such as MFA and regular data backups are vetoed by these organizations for either convenience or financial reasons.
MSP Supply Chain Security
MSPAlliance stands with the hundreds of hardware and software companies supplying technology and services to the tens of thousands of MSPs worldwide. However, our solidarity with these technology vendors does not obviate the need for greater security, transparency, and accountability from these same companies.
MSP supply chain vendors are part of the managed services ecosystem. It is not right, fair, or wise for MSPs to go through greater audit, review, scrutiny, and certification than the vendors who supply the tools used by those same MSPs.
Written By: Charles Weaver is the CEO and co-founder of the MSPAlliance