Q: We’ve run into issues where clients create their own workaround to try to get something done faster. For example, we’ll see that firewall settings changed or antivirus has been disabled. How can we manage this to ensure that our SMB customers are fully protected?
With today’s advanced threats, it’s important to keep customers’ networks running as securely as possible. Every endpoint should be set up with the same security settings, so as an MSP, you need to know when these settings are altered. After all, it only takes one bad password or one unsecured port to expose a customer’s network to cybercriminals.
To get advice on maintaining alignment, we spoke to Vincent Tran and Joe Alapat from Liongard. Vincent, the COO, and Joe, the CEO, cofounded Liongard after being in the managed services space for 10 years. After their MSP business was acquired, they saw a tremendous opportunity to help IT providers looking to implement automation and get visibility into their endpoints beyond PSA and RMM tools. Their product, ROAR, allows MSPs to automatically see when any changes are made. Vincent and Joe shared their advice on how MSPs can effectively manage their customers’ ecosystems to keep them safe from today’s sophisticated threats.
Establish your golden blueprint
As an MSP, it’s no secret that you’re more profitable when your customers are in cruise control. When you have an outage, a performance issue, or a ransomware event, those are things that disrupt your profitability. That’s why it’s important to set up your customers on an environment that’s in the best state possible.
Think about what settings a customer needs to have the perfect environment: What settings do they have on their firewall? Who has access to privileged accounts? We refer to this as the ‘golden blueprint.’ Every MSP should have a golden blueprint of how they want their ideal customer’s system to look. This blueprint could be tucked away in one of your subject matter expert’s head, or it could be part of your assessment process. You want to get all your customers on this golden blueprint, so they’re running on cruise control.
For example, with external-facing firewalls you want to make sure you don’t have port 3389 or 1433 unnecessarily exposed to the internet because you don’t want SQL server or RDP internet-facing unless you meant to do that—and if you do, you’d better have a good reason for doing that because you’re really exposing your customer. You also want to make sure spam filtering, email filtering, or DNS filtering are enabled. Often MSPs contract these services and forget to turn them on, which is an unfortunate oversight.
Customers will also go in and make modifications to those configurations you’ve set, so you want to make sure you know when that happens. Often, it’s a result of well-intentioned helpdesks that wanted to allow end users get their job done, but in the process they dropped the security posture by disabling a security service. Maybe that was the solution to get past the issue at that moment, but you need to find a way to get that service back online quickly if you had to turn it off. That’s why we think settings in that golden blueprint are so important.
The key word is consistency. MSPs should build their clients to a consistent model on a converged stack. You gain profitability if you don’t have to deal with a variety of configurations across your customers.
Be a stickler for processes and procedures
MSPs need to practice what they preach and be a stickler for following these processes themselves. If you don’t, you’re a weak link for your customers. Implement security best practices and procedures for yourself and then emulate them for your customers.
As a managed service provider, you want to serve SMBs to the best of your ability. But, often this means granting privileged accounts to too many individuals, so they can get an answer to a question. Try to reduce privileged accounts by using automation. For example, Liongard’s product ROAR gives engineers the access they need to answer simple questions without having to give them login credentials. By lowering the number of privileged accounts, you can decrease your customers’ security exposure—and eliminate an opportunity for cybercriminals. Having visibility into your SMBs’ settings is critical to securing their environments and establishing processes for automated or manual review can help you achieve this.
Introducing consistent best practices can provide a tremendous value to your SMBs because their IT department is operating like electricity—running in the background. Plus, they can confidently go to their customers and tell them that their information is secure. It’s important to remember this value chain and how you can deliver value to the end customer.
With today’s threat landscape, MSPs need to have visibility into when customers make changes to their network settings, even if you just do a quarterly review of their systems. This can help keep customers safe from sophisticated attacks and prevent their business from running into a data loss disaster—saving both of your reputations. After all, it only takes one changed network setting to leave the door open to cybercriminals.
Photo: Tatiana Shepeleva / Shutterstock.