To all local, state, provincial, federal, and international governmental bodies dealing with managed service providers

Speaking on behalf of many thousands of companies and individuals who make up the global managed services profession, I would like to set the record straight on a few matters. First, on the issue of cybersecurity and the role MSPs play in global IT management. Second, the recent attacks on MSPs. And third, our industry and professional response to these events and how the MSP profession can and should be utilized moving forward.

Wondering what an MSP is? Check out our MSP FAQ section.

The Role MSPs Play in Cybersecurity

For several decades, MSPs have been on the front lines of defending their clients against IT attacks. Long before it was ever called cybersecurity, MSPs have been performing invaluable work, supporting clients, managing IT environments, and safeguarding information.

As more attention is placed on information security and the value of stealing that information becomes monetized by cybercriminals, the role and profile of MSPs becomes much more visible. However, this is no different than when banks began to be robbed. People did not stop putting their money in the banks; the banks merely started building bigger and stronger vaults.

MSPs are often the only real IT management and data security protections an organization has. Particularly small and medium-sized organizations that have no meaningful internal IT management capabilities, the MSP is the only viable model for managing IT assets and protecting valuable customer data.

MSP Attacks

It is no secret there have been attacks on MSPs in the last year. Attacks on MSPs will continue. The motive behind the attacks seems quite clear. Beyond the apparent profit motive, the cybercriminals are attempting to breach MSP systems to access the customers. This is likely the motivating factor behind many, if not all, of the MSP attacks in the last 12-18 months.

MSPs are not less secure organizations and, therefore, better targets for cybercriminals. It’s just that MSPs are often the first line of defense, so anyone wanting to get to the customer would necessarily have to go through the MSP first. This is a natural evolution of the managed services profession and something the industry has been preparing for since 2000.

How MSPs Are Responding

The MSP community is aware of the risks and ready for the challenge. First, government regulators need to understand that an MSP standard does exist. The Unified Certification Standard (UCS) has been in existence since 2004. The UCS was developed by a group of diverse MSP organizations to be a purpose-built MSP standard.

The UCS is the foundation of what today is the MSP and Cloud Verify program. The MSP Verify is a report given to MSPs when they complete a rigorous review of their controls, policies, procedures, and security preparedness, both customer-facing and internal.

The MSP professional already has the tools necessary to self govern. What we need is participation and feedback from government regulators. To be clear, our profession began this process many years ago, long before attacks on MSPs were happening.

MSPAlliance members met with European Union representatives in advance of GDPR. MSPAlliance has also provided guidance to FDIC examiners on how to evaluate MSPs involved in bank IT infrastructure throughout the United States.

The point is this: MSPs play incredibly valuable roles in defending and maintaining IT systems on behalf of customers all over the world. MSPs are not perfect, but they do represent the best hope of keeping cybercriminals in check and stopping cyber-attacks on customers.

MSPAlliance and the global MSP community want to work with government regulators in an ongoing and constructive manner. We want to hear from you, develop a discussion to solve these problems we all face.

If you represent a government agency interested in discussing the efforts MSPs are taking to safeguard themselves and their customers, please contact us.

Tags : Cloud Verify,cybersecurity hygiene,MSP security,MSP Verify,MSP/Cloud Verify,UCS

Post A Comment
YouTube Logo | MSPAlliance

Subscribe to MSPAlliance on YouTube!

Explore a world of valuable content, including full-length podcast episodes and clips, thought-provoking special interviews, immersive events, enriching webinars, live streams, and more.

Join our community on YouTube, subscribe to our channel, and elevate your MSP journey!

Mobile and Laptop device image of YouTube MSPAlliance Channel | MSPAlliance

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

First Name *
Last Name: *
Contact Email: *
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.





Contact us


510 Meadowmont Village Cir, #289 | Chapel Hill, NC 27517

MSP News

Sign up for MSP News, the weekly newsletter bringing you news and analysis from the managed services industry.