CISA published their advisory bulletin addressing risk considerations for organizations thinking about using managed service providers. This is a great advisory, but it has some areas of potential misinterpretation in it, chiefly because CISA has departed from a security group and expanded into territory in which it has little experience. 


  • What if organizations stopped using MSPs? 
  • Yes, all customers ought to be responsible and consider risks of outsourcing. But, risks of not managing IT are far greater than the risks of outsourcing
  • Targeting of managed services supply chain vendors is NOT a symptom of poor MSP security, it’s a symptom of the unchecked business of cybercrime


MSP Zone Reading Material: Risk Considerations for MSP Customers | CISA

Post A Comment

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

    Contact us


    100 Europa Drive, Suite 569 | Chapel Hill, NC 27517




    Sign Up For Our Newsletter

    Select list(s) to subscribe to

    By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact