What matters most to an organization? The security of the devices that its platform operates on, or the data and information that is held on and moved across that platform?
If you think they are both important, think again. A platform can be physically insecure as long as its data and information remain secure. The organization’s very existence is in the information: if that is deleted or compromised, it is game over. If the hardware is compromised, but the information remains secure, then all that is required is to replace the hardware – or factory reset it and start again.
Security starts with account management
For MSPs, this is a point that is often missed. You must convey that you have taken every security measure to ensure that the data and information are maintained in a way that makes it inviolate.
What is required to convey this message? To start off, solid user account management. All other forms of security are subject to debate if a malicious actor can compromise a user account and elevate privilege rights. Multi-factor authentication (MFA) is becoming the standard over username/password systems. An authenticator app-based systems or biometrics are better than SMS or email text systems, which can be easily compromised.
Activity monitoring capabilities are key
Next comes activity monitoring. An MSP stack should include technologies with capabilities to identify and respond to any abnormal activities. Depending on the perceived severity of the event, the technology must alert the MSP’s administrators, and/or automatically throttle or prevent the activity from progressing. All of this must be logged so that any forensic investigation after the event has a full event log to work against.
Then, the actual security of the data and information themselves must be considered. Data should be encrypted at rest and while in transit. User policies must be supported when data moves off the managed grid onto less trusted public networks. This is particularly important when it comes to hybrid work, where employees are increasingly likely to work from home or in public environments such as hotels, cafes, airports, and so on.
Sure, virtual private networks (VPNs) can be used to provide a decent degree of data security. Still, MSPs should investigate new technologies such as zero trust network access to ensure the network and device (as well as the user) is safe before granting access.
Tailoring security measures based on organizational roles
Blanket rules will not work for most organizations. For example, it may be okay to block general task workers from accessing certain data types while sat in a café, but the organization’s CEO may not be quite so happy to be blocked in the same way. Ensure that some form of message is presented to higher-level workers attempting to access data/information in less secure environments – and log their activity as before for use in any forensic investigation.
As part of this, there may also be a need for MSPs to offer additional services on top of the ‘basic’ offering. Services such as data leak prevention (DLP) can help monitor the movement of data/information and prevent certain classes from passing over from fully managed secure areas to less secure public networks. Digital rights management (DRM) can also be used to manage what users can do with the information they are accessing.
For example, DRM can be used to prevent documents from being printed or forwarded. It can also be used to encrypt or delete documents after a period of time. This is particularly useful in areas such as sales, where high turnover of the salesforce can lead to the leakage of customer records to competitors as sales employees move from one company to another.
Prioritizing intellectual property security beyond hardware
Many malicious actors use insecurities in the hardware to gain an attack surface on the data/information. Rigorous management of administrator privileges and accounts must be in place – no sharing of accounts must ever be countenanced. BIOS and other firmware must be updated as often as can be managed: this will minimize the chances of malicious actors being able to use root attacks to hijack systems – both physical and logical.
However, such security should be table stakes. Customers are unlikely to pay for such capabilities. They know that their organizations live or die on how secure their intellectual property is. That is where an MSP’s focus must be.
AI is a clear and present danger
One final footnote. Artificial intelligence (AI) may be touted as the greatest beneficial impactor on organizations. It is also the most dangerous thing facing organizations – particularly when it comes to security. AI can now be used to break security systems in seconds, compared to days, weeks, or months before. For malicious actors, this opens many more targets, whereas older attack mechanisms that took a lot of resources and time were only useful for large targets. AI now brings smaller organizations into their view as well.
MSPs must maintain focus on what is happening with AI and security and ensure that they try to maintain a level of capability against what is being seen. It is likely to be a case of fighting fire with fire: beneficial AI systems will be needed to better identify what is happening and to fight the malicious AI attacks.
Photo: Golden Dayz / Shutterstock