Despite all the news about breaches and countless attacks that have hit most all IT shops, too many remain complacent. They still think the big one cannot happen to them.
The truth is that there is a 26% chance that globally, a company or organization will experience a data breach within a 24-month period that results in 10,000 lost or stolen records, according to the 2017 Cost of Data Breach Study: Global Study; from the Ponemon Institute LLC. This means one in four companies are going to experience a data breach in any given two-year period. The excuse that “it’ll never happen to me” no longer applies, and it’s time to wake up to the legitimacy of this threat.
The compromising of each of these records can cost the owner $158. Multiply that by 10,000, and one in four businesses will experience a breach over the next 24 months that cost a total of $1.6M. It is a financial threat that should have everyone’s attention.
One source of complacency is that nearly all IT shops have some solutions in place such as antivirus (AV) or anti-malware (AM). These are an essential component of your cybersecurity arsenal. But if you think that AV and AM alone are enough to protect from data breaches, think again.
That’s because if an attacker steals your credentials, AV and AM aren’t going to offer protection from them breaching your mission-critical systems and stealing your (and your clients’) data. If they capture your username and password through, say, a phishing attack – where they have fooled you into filling out a false login form – they officially have the “keys to the kingdom.” Once they are in, they are in.
Fact is, 81% of all hacking-related data breaches come from lost or stolen passwords, according to the 2017 Verizon Data Breach Investigations Report.
The cloud makes those risks even greater. With the advent of cloud computing, you need a login to access most – if not all – of your mission-critical applications and data. That is why one level of security is no longer enough – the risk is just that much greater. The gold-standard solution for protecting logins? Two-Factor Authentication (2FA).
Two-Factor Authentication solves the password problem by requiring users to provide more than one factor of identity – not only something that you know (password), but also something you have or possess (token or smartphone app-based token). So even if a phishing attack results in a stolen password, the attacker does not have your token to pass the second layer of authentication, which makes accessing your systems and data virtually impossible for anyone other than you. This is a pretty big deal in the modern cyber threat landscape.
Offering security to clients is now a distinct point of differentiation for MSPs. More importantly, this means that your clients are asking for security services – and if they are not being offered the proper solutions from you, they will find a provider (MSP or standalone) who will.
AuthAnvil Powers SECaaS
With AuthAnvil, Kaseya has made it simple to for you protect your business – and now it is easy to protect your customers as well, empowering you to quickly develop a highly profitable Security-as-a-Service (SECaaS) practice. AuthAnvil Security-as-a-Service provides all the resources and technology you need to quickly develop an identity and access security practice – with an investment that bears the potential for exceptionally profitable returns.
Right out the gate, you receive our “Go-to-Market in a Box” training to teach your MSP staff to sell 2FA and single sign-on (SSO) as a service to your customers. You will also be enabled with white-labeled sales and marketing materials to bolster your selling process, along with weekly 2FA and SSO customer-facing webinars for MSP clients to help drive demand for your service.
And on top of this, you will have all the technology you need to provide AuthAnvil to eight (8) of your customers, with the option to add on additional client packs as your practice scales.
The profits are impressive, and MSPs will break even at only 77 end users.
Learn more about AuthAnvil and SECaaS here.
The MSP Opportunity
Every year Kaseya conducts an MSP Global Pricing Survey. In the most recent edition, 30% of MSPs said that “Meeting Security Risks” was their top IT problem or service their clients needed. That was their number one issue and has been for the past 3 years.
Smart, high-growth MSPs are taking advantage. Today more than 25% of US-based MSPs offer identity and access security – with over 20% of MSPs in EMEA and APAC doing the same.
Higher-growth MSPs are particularly on board. Our survey listed 10 different security services MSPs often offer. High growth providers offer eight of these security-related services on average, while lower growth providers offer six. The biggest difference was with two- or multi-factor authentication. Here high-growth MSPs offer strong authentication 30% more often.
MSP Tells the Tale
Ease Technologies, which has been in the managed services business for over 25 years, is on board with 2FA and is adopting AuthAnvil Security as a Service (SECaaS) by Kaseya.
Creating a service out of AuthAnvil is eased by Kaseya Powered Services, the fastest, easiest and most effective way for MSPs to deliver authentication as a service. Kaseya Powered Services, known as Go-to-Market in a Box, include a cloud-based on-demand version of AuthAnvil custom made for fast set up and speedy service creation.
Ease has roughly 118 client organizations and about 5,000 endpoints. With AuthAnvil by Kaseya in place internally, Ease protects services for all 118 client organizations. “That’s one thing I highlight, literally showing them when we access our client management system how it uses multi-factor authentication and is tied to the technician who is logging into the system,” said Jason Shirdon, vice president of technologies for Ease.
Read the full case study here.