Written by: Charles Weaver, MSPAlliance
Many MSPs have been developing managed security offerings over the last few years. Even these MSPs with security solutions may not have a dedicated managed security officer on their team. Regardless of whether you deliver managed security services to your customers, it would be best if you had someone on your staff who is tasked with overseeing internal MSP security.
Can’t Afford a CSO?
Even if you cannot afford to hire a dedicated chief security officer, you can still nominate someone from your existing team to fulfill this role, even if it is not what the person does full time. Having someone responsible for the internal security activities within your MSP practice is the ultimate goal.
If you happen to be a larger MSP, then you may want to consider a CSO or CISO. Depending on the organization, these roles can differ slightly, but they mainly accomplish the same thing.
It’s like the old MSPs showing off their state of the art Network Operation Center; sometimes, it just looks calm and comforting to the customer knowing you’ve invested in something that will make your customers more secure.
Having an internal security officer can go a long way towards differentiating your MSP practice from the rest of the community.
It has long been an industry best practice to perform regular oversight and review of your managed services activities. Many MSPs have regular meetings to review closed tickets, completed backup jobs, and other frequently occurring activities. The purpose of such oversight meetings is to validate that these ongoing services are being executed according to the MSP’s documented policies and procedures.
Similarly, there are now many critical internal security items that should be regularly reviewed and tested. User access rights, vulnerability scans, penetration tests, anti-phishing campaigns, technical and non-technical training; these are just a few of the security-focused themes which should be addressed by even the smallest of MSPs.
The larger the MSP entity, the more this security officer is to be a dedicated role, even incorporating some compliance duties.
MSPs have an undeniably important role in today’s business community. This status must be continuously cultivated and guarded, or else it can become compromised. Preserving the public trust means MSPs need to take security seriously immediately. One of the first steps towards this goal is nominating someone to be responsible for your MSP’s internal security.