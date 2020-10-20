MSPs need to help customers prepare for post-pandemic future

The next phase of digital transformation is already upon us, sooner than many expected. This year prompted everyone to rethink their relationship with technology, forcing businesses to set up work-from-home (WFH) models overnight — a move many organizations weren’t quite ready to make.



In the rush to give remote workers the tools and connections they needed, some of the accepted practices of setting up and maintaining security controls may have fallen by the wayside. This can be risky, especially at a time when cyberthreat actors are stepping up their efforts, recognizing how the sudden increase in remote workers gives them more targets.



As the world settles into a new “normal” in its attempts to contain the spread of COVID-19, MSPs should discuss with clients how to help their businesses ride out the next phases of the pandemic — and prepare for a post-pandemic future. Some of the changes spurred by the pandemic will become permanent — for instance, many remote workers won’t return to office environments.



With that in mind, MSPs must work to help ensure security in distributed environments. For starters, any security shortcuts taken during the pandemic should be corrected. Beyond that, MSPs need strategies for securing remote environments, including monitoring and updating them as they do office-based client infrastructures.



Set priorities

Developing a modern, effective security strategy has a lot to do with setting priorities: The most important assets and workflows warrant stronger security than those less critical to the business. Trying to secure everything at the same level is a virtually impossible task, and it may well result in lowering the overall level of security instead of protecting those assets that need it most.



As an MSP, if you haven’t determined with your clients which applications, systems, and databases are most critical to the business, now is the time to do so. This task comes down to risk assessment. Together with each client, you should decide what level of risk is acceptable for each piece of the business and act accordingly to implement proper security measures.



Remember the basics

Setting security priorities doesn’t mean neglecting the basics. The fundamentals of cyberhygiene must still be addressed, and that means ensuring all users understand their company’s security policies. Clients must also be able to enforce policies on identity and access management, patching, and phishing.



Addressing the basics helps prevent cyberattacks. A company may have the most sophisticated technology in place to foil attackers, but if it neglects to teach users how to identify phishing e-mails, it opens itself up to ransomware and other malware attacks. More often than not, cybercriminals focus on easy targets, like unpatched systems and unsuspecting users, demonstrating why it’s critical to never let up on the basics.



What network walls?

In the past, protecting the network perimeter was key to a robust security strategy, but things aren’t so simple anymore. In implementing security strategies for clients, MSPs have to keep in mind that network walls have been knocked down. Especially with the response to COVID-19, environments have become more distributed than ever.



The traditional network no longer exists, which means endpoints are now the critical control point. Thanks to multicloud, hybrid, and distributed environments, the number of endpoints is proliferating — and that will continue for some time as the Internet of Things (IoT) expands. The number of endpoints that MSPs watch over now is greater than ever, and they require careful attention.



As we settle into the new phase of digital transformation, security can’t be neglected. COVID-19 may be with us for a while, possibly triggering new lockdowns and another influx of WFH numbers. Cybercriminals will be watching these developments closely as they decide when to strike. That means MSPs need to be watching them as well to protect their clients and their own businesses.



Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. An in-demand cybersecurity expert, Brown has been central in driving advancements in identity frameworks, has worked with the U.S. government on security initiatives, and holds 18 patents on security-related topics.