Is Hiring a Managed IT Services or Managed Services Provider Actually Inviting a Huge Security Threat to Your Company?

As cyber threats grow tremendously, small- and medium-sized businesses are becoming more aware of the need for adequate security for their networks and systems. But not all have enough time and in-house IT capabilities to do this. Therefore, they consider Managed IT Services or Managed Services Provider’s (MSP) offerings as a way to obtain IT expertise.

A Managed IT Services or Managed Services Provider (MSP) is an agency that remotely manages the IT infrastructure and end-user systems of a company. Some businesses (like SMEs), non-profits, and even government agencies hire MSPs to perform a set of day-to-day management services. But most MSPs build their service offerings on well-known brands of management and security tools.

Relying on this Managed IT Services or Managed Services Provider (MSP) that depends solely on these popular vendors may be like hiring a wolf in sheep’s clothing.

Why? because MSPs who use specific types of software can be a significant security threat to their clients by the very nature of the tools they use to monitor and access the clients’ systems.  

In the last few months, several reports, including those from U.S. Government agencies (like the Cybersecurity and Infrastructure Security Agency and the FBI), have warned that cyber-attackers have been targeting MSPs as a convenient single point of entry to breach multiple organizations at once.

The Threat Became Real

In July, that threat became all too real when the REvil ransomware gang took advantage of an unpatched vulnerability in Kaseya VSA, a well-known platform used by MSPs to remotely manage their customers’ networks. They infected those networks with Sodinokibi ransomware. Among the affected companies was a Swedish grocery chain. Most of its 800 locations was forced to shut down after the attack took its payment systems offline. There were actually thousands of companies were affected. Although, the exact total number is still unknown. Authorities believe the hack targeted a Florida-based IT company before spreading through corporate networks that use its software.

So Is There No Safe Choice for a MSP?

Managed IT Services or Managed Services Provider (MSP) often use centralized platforms and specific vendors to manage remote access into their customers’ environments. This approach helps them scale quickly with a one-size-fits-all approach for clients and simplifies their processes. Although this can be an acceptable approach from a business-building standpoint, they are an attractive target for cybercriminals seeking to exploit this one-to-many relationship. 

But the fact remains that small- to mid-sized businesses need this kind of service. Companies outsource IT and security to MSPs because, among other reasons, it is more cost-effective than developing and maintaining skills and capabilities in-house.

Is there a solution that can reduce the risk? Thankfully, yes.

deskside’s Client-Centered Approach

The solution is to use tools specific to the client that are vendor-agnostic and decentralizedBy taking a step back and approaching the customer’s situation from a neutral stance, a vendor-agnostic Managed IT Services or Managed Services Provider (MSP) can make the best specific choice, tailoring the solution to the company’s needs. 

Many Managed Services Providers (MSPs) lead with a point product or suite of applications to secure a sale. Some align with the tools that their point product promotes. All of their clients get the same setup, and all of those clients are at greater risk because of it.

Contrastingly, a decentralized approach is proven to help limit risk exposure for many customers. This is by way of ensuring technology is aligned with the strategic direction and long-term goals for each client.

Is that a more cumbersome approach for the MSP? Perhaps. But it’s a far more secure option for their clients.

At deskside, we are proud to be totally vendor-neutral. This simply means we partner with you and you alone to discern the best-fit solution available. No outside pressure, favoritism, cutting corners, centralized monitoring and even management system. Our only bias is to put your goals first.

A brief glance at the core values of the Deskside team will show you our individualized approach for our clients is the predominant theme in who we are as a company. Our competitors might slap the “vendor agnostic” label on their marketing. But we hold tight to it as part of our identity.


Categories: Manage