Security is an MSP’s Job One

Enterprise IT, Security
chained padlock on top of keyboard

Security is by far the toughest challenge faced by end user organizations today — which is why so many small- and medium-sized businesses (SMBs) choose to outsource their security to managed service providers (MSPs). SMBs simply can’t afford the security personnel expense (security experts command top salaries) and don’t have the time to do the constant and detailed work it takes to maintain a safe environment. Nor is this a strategic endeavor for busy SMB IT shops.

At the same time, the threats posed by cybercriminals are worse than ever, and the damage that they do is unparalleled. Keeping up is tough enough. Staying ahead seems near impossible.

Security is also a top priority for business leaders. Security is a huge liability and visibility issue for companies who see their reputation and business possibly ruined due to breach publicity – and loss of data.

The SMB Cyber Threat

Kaspersky Lab recently published an eBook, Cybercriminals: Unmasking the Villainwhich provides insight into cybercriminals’ evolving strategies and tactics. Here are three items worth highlighting, and which point to the specific dangers for SMBs:

  • “31% of all cyberattacks are directed at businesses with less than 250 employees”
  • “42% of confidential data loss is caused by employees” often due to well-meaning employees “opening unauthorized email attachments, forwarding sensitive information or storing data insecurely”
  • “Hacking a small business to get into a larger business is now standard operating procedure for cybercriminals.”

These evolving cybercriminal practices underscore the reality that proper, up-to-date security practices are more vital than ever to the health and well-being of every company, no matter its size.  The risks are too high, and the incidence of exposure and breaches is only increasing. For SMBs, the best way to gain proper protection is through managed security services.

A Market Too Important to Ignore

If you’re an MSP and you’re not thinking about offering managed security services, you should be.  A 2016 survey of IT professionals responsible for security indicates that 86% were either outsourcing or planning to outsource security services, a 78% increase from a year ago.

Adequately addressing security risks requires a many-pronged approach, including services such as:

  • Patching and updates
  • Audit and discovery
  • Desktop security
  • Identity and Access Management (IAM)

Some of these services – such as patching and software updates – are already offered by many MSPs.  In Kaseya’s latest MSP Pricing Survey, almost 90% of respondents offer patching and updates. However, given that this service is seen as ‘table stakes,’ it’s essential for MSPs to find the most efficient way to conduct these updates for their clients. In addition, there are still a lot of new upside opportunities for service expansion for the other three services, with desktop security, audit and discovery and IAM being offered by 72%, 64%, and 34% of all respondents, respectively.

The MSP Security Advantage

MSPs have an advantage in protecting SMB networks since they can manage security for multiple clients, and have the tools and manpower to get the job done right. In many ways, MSPs can mimic what the largest enterprises do for themselves in terms of security best practices, but apply these principles to SMBs.

Start with a Powerful RMM

MSP’s need a top-quality RMM that offers centralized management, complete visibility, and powerful automation and policy-management capabilities to reduce security tasks from days to hours – or even minutes. The RMM should also be able to spot problems before they become catastrophes and allow MSP technicians to head these issues off at the pass.

  • Auditing and Visibility: An MSP’s RMM solutions should automatically discover all the devices on clients’ networks as well as all baseline operating information.  This information can be used to easily identify those devices that need protecting, and the system should continually update that list. Based on the audit, key security tools can be applied to end points automatically – even if the device of remote (say at home or in a coffee shop) and not currently on the client’s network.
  • Centralized Management: A top quality RMM should offer centralized management which reduces security tasks from days to hours – or even minutes. Through a centralized dashboard, the MSP staff can keep tabs on the health of the network 24/7 through real-time alerts for various conditions, including missed scans, unpatched machines and out-of-date applications.
  • Powerful Automation: A great RMM will allow you to automate both the audits as well as the remediation – updating antivirus and antimalware protections, deploying patches and other updates – automatically, with one tech being able to service thousands of devices in minutes.  Here not only is the software pushed out based on MSP-defined policies, but new definitions and other security data are constantly updated and applied.
  • Policy-based Management: Policy-based automation drastically improves staff efficiency. Discovery, audit, software deployments (including third party software), patches, antivirus updates, backup, and more, can all be automated based on defined policies that make sense for your MSP organization and your clients. You can schedule updates at off-hours to minimize impact on your clients’ users.

Meanwhile, an RMM solution should provide alerts for suspicious events at endpoints can be set, giving MSPs the ability to react immediately by isolating a suspicious machine to prevent an infection from spreading and, if needed, initiate remediation. In addition to real-time information, MSP administrators should get plenty of customizable data to prepare reports on endpoint security status and show compliance with internal policies and regulatory requirements.

IAM Services Are No Longer Optional

IAM is a security and business discipline that enables the right individuals to access the right resources at the right times and for the right reasons.

The seemingly unending stories of breaches and hacks underscores how critical Identity and Access Management (IAM) is today for all levels of players in the MSP ecosystem ─ from RMM vendors to MSPs through to clients.  It’s no longer a nice-to-have. It’s essential.

IAM Evolution

IT security has always been, and will continue to be, dependent upon validating identities requesting access to resources. Many industry experts agree that we cannot continue to rely on passwords alone to authenticate users, especially remote ones. Ensuring the strength and security of the authentication method being used should be of the utmost importance.

Using a username and password is what is known as single-factor authentication ─ something you know. When a second method of authentication is added to that, the confidence in the authentication is much higher. This is referred to as either “second factor” or “multi-factor” authentication. There are three broad categories of authentication factors: knowledge based, possession based, and inherence based. Knowledge based authentication requires that users prove they know a secret combination, like a password, PIN, or pattern.

Possession-based authentication requires users prove they possess items that only they should have, like a physical key, their smart phone, or an ID card. Inherence based authentication tests that a user physically is who they claim to be, often through some sort of biometric reader. If an authentication system uses at least two of these three factors, then it can be considered a multi-factor authentication system.

The IAM market is expected to grow 12% year over year from now through 2020, with an estimated market size of $12.8USD.

Market Growth for IAM

MSPs should take advantage of this trend, and offer clients strong authentication such as Multi-Factor Authentication (MFA). Combined with Single Sign On (SSO) capabilities, a complete IAM offering both more security for MSPs and their clients while also making end users more productive.

Multi-Factor Authentication

Julie Conroy, analyst with the Aite Group, noted with irony that “so many criminal underweb sites require two-factor authentication (2FA) for admission” yet so many legitimate businesses don’t.

“Authentication” refers to verifying the identity of a person. The term “factor,” refers to the different types of identity tests someone must successfully complete to identify themselves. For IT security, these factors often filter down into three broad categories:

Knowledge (Something you know): This is the factor upon which password-only systems rely. To pass a knowledge factor based test, you must prove that you know a secret combination, like a password, PIN, or pattern.

Possession (Something you have): To authenticate using this factor, you must prove you possess something that only you should have, like a key, or an ID card.

Inherence (Something you are): Inherence means something that is inherently yours. In the context of authentication, that usually means a unique physical or behavioral characteristic, tested through some sort of biometric system like a fingerprint reader, iris scan, etc.

Multi-factor authentication requires a person to meet at least two of these authentication factors, and because of this the security advantages are clear. Techniques to discover passwords emerge regularly, but the password alone is useless without the second authentication factor.

Single Sign-On

Single sign-on (SSO) is a system through which a user gains access to multiple web applications and websites via a single web portal. Once the user has logged into the portal, he or she can access other resources without having to enter additional user names or passwords.

As with any identity management application, security is a critical consideration for SSO systems. Single sign-on is best implemented alongside a multi-factor authentication (MFA) system, to ensure that only authorized users are able to log into the SSO web portal and the resources to which it allows access.

Policy-Driven Security: Creating World-Class Security Offerings

With automated solutions that handle your core security and authentication needs, most any IT shop can turn security into managed security and reap the economic, productivity and protection benefits such an approach affords.

The best way to keep these endpoint devices updated and running, not to mention all your servers, is automation. Consider automating as many of your client’s IT functions as possible, including:

  • Discovery of computing assets including non-approved apps
  • Safe and disciplined software deployment
  • User privileges and access
  • Auditing and reporting
  • Malware and virus updates and interdiction
  • Detect system problems such as a breach and provide remediation

Policy-driven security, often called policy-based security, makes it possible for companies of any size to right-size their security procedures and deployments. And when this approach is combined with automation, you have a self-running system offering consistently high levels of security protection.

Kaseya VSA and Kaseya AuthAnvil enable MSPs to deliver rich and policy-based security solutions. In fact, VSA delivers pre-built automation templates that are based on real-world best practices derived from customer experiences. These templates can be quickly applied to easily deploy protection across the network to all required end points, and to ensure this protection is always up to date.

There is deep flexibility as part of this approach through selectable security posture levels.  This means that there are pre-built levels of security monitoring (think something similar to highesthigh and regular) from which technicians can quickly select and enable the appropriate level of scanning and remediation for workstations or servers.  Security posture levels can be applied to individual devices or groups of devices guaranteeing compliance with internal or industry standards.

Kaseya VSA and AuthAnvil together provide robust end-to-end security protections, from simplifying patch and software updates, continually auditing devices to ensure they are up-to-date with all antivirus anti-malware protections, controlling user privileges and access, as well as monitoring to detect potential system breaches.

The deep built-in integration between these solutions allows even further protection. For example, if an MSP has deployed AuthAnvil on their client’s systems, then even if hackers were able to create rogue accounts, they would not be permitted to login as they would need 2FA during the login process.  This protection would be in place whether the hacker tried to login directly to the server or through a remote control tool. Even better, VSA’s monitoring system and alerting subsystem to alarm staff if the health of the strong authentication subsystem is in any way compromised, such as an administrator trying to tamper with the Credential Provider.

In a nutshell, AuthAnvil working with VSA provides MSPs – and their clients – robust protection to both prevent breaches via MFA functionality, as well as monitoring and alerting to quickly uncover any unauthorized activities.

Learn More, Get a Free Trial

Learn more about the new Kaseya VSA or get a free trial.

To learn more about automation and IT security and efficiency, check out our white paper Automation Cheat Sheet.

AuthAnvil Multi-Factor Authentication

Strong authentication, password management and single sign-on are critical to modern security

Kaseya AuthAnvil provides two- and multi-factor authentication – as well as the ability to encrypt all user passwords and the data as it is transmitted.

To learn about Kaseya AuthAnvil Multi-Factor Authentication:Click Here
For details on Kaseya AuthAnvil Single Sign-On: Click Here

Posted by Doug Barney
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.
Two security experts reviewing data

Cybersecurity is Crucial: Things You Must Know From the Latest Federal Hack

Endpoint security is highly critical for an organization, as a single vulnerable endpoint can act as a doorway for cybercriminalsRead More

Cybersecurity Warnings

Pay Attention to Cybersecurity Warnings

It is becoming increasingly challenging to keep up with emerging cyber threats that are even more dangerous and destructive thanRead More

Cybersecurity Trends

Top 10 Cybersecurity Threats in 2020

When we’re not talking or thinking about the COVID-19 pandemic, we’re talking or thinking about cyberattacks. It might be interestingRead More

Kaseya VSA Agent Procedure

Kaseya VSA Launches New Agent Procedure Editor

Remote monitoring and endpoint management tools, like Kaseya VSA, automate IT processes and auto-remediate IT incidents by executing scripts —“agentRead More

2020 IT Operations Survey Results - Highlighs and Key Takeaways - Watch Now
2020 MSP Benchmark Survey Report