MSP supply chain threats will be mitigated through transparency, education, business continuity planning, and managed services channel certification
Chapel Hill, NC – November 10, 2021 – The International Association of Cloud & Managed Service Providers (MSPAlliance®) announced several significant breakthroughs in the fight against managed services supply chain vendor attacks. Among the most significant announcements is the creation of Vendor Verify, a new certification designed to raise transparency and cybersecurity resiliency amongst supply chain vendors commonly used by managed service providers (MSPs).
In response to recent cyber-attacks designed to disrupt external IT management services delivered to organizations and extract ransomware payments, the MSPAlliance Leadership Council, comprised of hundreds of certified MSPs from around the world, have acted to secure their own supply chain by involving and working with hardware and software vendors who deliver vital products and services to MSPs (and their customers).
“Collaboration among MSPs and vendors is a vital step in meeting our ultimate goals of securing the shared infrastructure and systems we use to provide the best possible cybersecurity for our customers,” said Corey Nachreiner, CSO of WatchGuard Technologies. “WatchGuard is proud to join with the MSPAlliance, and the other participating vendors, to bring the Vendor Verify Certification to life.”
“MSPs are an important part of the LogMeIn and LastPass partner ecosystem. LastPass MSP was designed to be easily deployed so MSPs can seamlessly manage their client’s LastPass accounts. The MSPAlliance’s Vendor Verify Council will be a valuable tool for MSPs. I’m confident that LastPass will continue to be the right choice to meet MSPs security requirements.” Patrick McCue, Vice President, Global Channel Sales.
“Collaboration amongst vendors and MSPs is a meaningful step towards truly addressing cybersecurity threats,” said PC Matic Vice President Corey Munson. “PC Matic is proud to be a participating vendor in the Vendor Verify Certification program, and we are looking forward to working with the MSPAlliance community to promote transparency and strengthen cybersecurity resiliency”
“We are honored to see this level of support from the vendor community,” said Celia Weaver, President of MSPAlliance. “We, along with all of the MSPs working with this new council, see this as a big win for the industry.”
Participating members of the MSPAlliance Vendor Verify Council are senior level executives from:
PC Matic, Watch Guard, LastPass by LogMeIn, Tigerpaw, Axcient, Loop Communications, CryptoStopper, bvoip, Intotoware, Vultr and INKY.
Vendor Verify Goal
While still being deliberated, the objectives of the program articulated by both MSP and vendor alike include:
- Transparency enhancements from vendors to their MSP partners. Such transparency will be delivered through a centralized database of recognized vendor organizations including their relevant certifications, audits, and security practices so MSPs can make better and more informed purchasing decisions as well relay such information to the MSP customers and compliance personnel.
- Cybersecurity channel best practices. Leveraging existing cybersecurity frameworks such as MSP and Cloud Verify, SOC 2, ISO 27001, CMMC, and others, the Vendor Verify program will use this data to build cyber security profiles and ratings all designed to make it easier for MSPs to make sound purchasing decisions.
- Assurance to the MSP and end-user communities. By establishing and communicating these essential cybersecurity practices, MSPs can make more informed decisions about the vendors with whom they work, but so can end-user organizations. As more end-users make decisions to work with MSPs, they want to know that their MSP (and their suppliers) are safe and taking every available precaution when it comes to cybersecurity preparedness.
- Risk alignment. Part of the Vendor Verify program will involve contract and insurance best practices. Contracts between MSP and vendors need to be revised to ensure proper alignment of risk in the managed services supply chain, as well as to communicate these measures to customers who rely on such information when making their own risk decisions. A crucial benefit arising from the program will involve more effective information which can be delivered to insurance underwriters who issue cyber insurance policies to all organizations, vendors, MSP, and customers alike.
While Vendor Verify is still being developed, completion of the project is expected to occur before the end of the year. Formal announcements to be made early in 2022.
For more information on the MSP/Cloud Verify or other certifications, please visit www.mspalliance.com for more details.
MSPAlliance® is a global industry association and accrediting body for the Cyber Security, Cloud Computing, and Managed Services Provider (MSP) industry. Established in 2000 to help MSPs become better MSPs. Today, MSPAlliance works with cloud computing and managed service provider corporate members worldwide in a collaborative effort to assist its members, along with foreign and domestic governments, on creating standards, setting policies, and establishing best practices. For more information, visit www.mspalliance.com