MSP Security Is a Two Way Street
A quick observation about MSPs and security based on some recent inbound emails I've received. When we talk about security and managed service providers, we must be careful to look at this topic from two critical vantage points: MSP and customer security.
Internal MSP Security
The most important, in my opinion, security consideration must be an internal review of the security readiness of the managed service provider organization. Regardless of the type of services offered, an MSP must safeguard its IT network, systems, and data the same or better than it would a customer.
Securing your internal MSP operations means have IT hardware, software, and people tasked with the responsibility of the MSP's security. These security measures should include internal and external threats as well. MSPs must develop policies and procedures designed to minimize the likelihood of internal threats, and have sufficient transparency so that if a threat manifests itself, it will be observed and stopped.
MSP Security Offerings
Next, we come to the second facet of our security analysis. Assuming you have "secured" your MSP operations internally, next comes the inevitable discussion around offering a "managed security" solution to your customers. There are many reasons why you should, and there are many ways you can go about offering a managed security solution. Whichever method you arrive at, having secured your shop first is a crucial element of being viewed as a credible MSSP.