Three Keys to Modern MSPs’ Success, According to Channel Leaders
The Acronis #CyberFit Summit World Tour 2021 officially kicked off at the Fontainebleau Hotel in Miami, bringing thousands of IT channel professionals together to connect, learn, and grow.
Now is a time of great opportunity for service providers, and we saw no shortage of practical insights and business-building advice from some of today’s biggest movers and shakers. Here are a few of the key topics that were explored:
Automation is a game-changer
The managed services industry is growing rapidly, and the opportunities are enormous. Remote-first work models, increasingly complex IT environments, and the ever-greater reliance on data availability and integrity are all turning customers towards service providers — and a rash of high-profile cyberthreats over the last year has helped businesses of all sizes realize they need the support of professionals.
Still, maximizing productivity and profitability remains a challenge for MSPs. Managing those complex IT environments can eat up a lot of time, especially if you rely on several vendors with non-integrated solutions for your stack. Meanwhile, a shortage of qualified security professionals is making it difficult for service providers to capitalize on the many potential clients before them.
The challenges are many, but the answer may be delightfully simple. Automation is poised to deliver incredible benefits to MSPs’ bottom line — slashing managerial stress, enabling additional revenue streams even with limited headcounts, and freeing up time for leaders to explore innovative new ideas.
A panel discussion between leaders at Acronis, SMB Nation, Mapletronics, Jamf, and NerdsToGo explored how automating IT infrastructure and operations can lead to greater profitability, consistency, and the kind of speed that delights end users. Most MSPs today have the potential for explosive growth, and automation will be key for enabling it.
“Everything should be automated,” said Gaidar Magdanurov, Acronis’ Chief Success Officer. “We have too many tools, too many updates, licenses, and reports. Without automations and integrations, there’s no way to manage it all.”
Email security should be a top priority
It’s older than the internet itself (really!), yet email remains central to modern business operations. This ancient message exchange system is also the number-one vector for cyberattacks.
Michael Osterman, Principal at Osterman Research, cut right to the heart of the issue in his aptly-titled session: 94% of Attacks Arrive via Email – Strategies for Reducing Risks and Incidents. He walked us through research demonstrating that phishing attacks, and the ransomware that they often deliver, are areas of remarkably high concern for business owners. While many decision-makers are somewhat confident in their organization’s ability to defend endpoints from infection, a majority couldn’t express confidence about stopping email domain impersonation, or preventing users from accessing the phishing sites where credentials are stolen and malware is delivered.
“Organizations spend enormous volumes of money on security … yet they’re still getting hit with numerous — and fairly serious — incursions,” Michael explained. “Corporate security departments really need a lot of help to expand their array of solutions. They’re looking to MSPs … to help them deal with these [sophisticated] threats.”
He stressed some practical steps you can take to help clients stay safe from email-borne threats:
- Encourage customers to implement a robust training regimen
- Encourage customers to examine their corporate culture
- Encourage customers to implement communication backchannels
- Educate customers on the technologies and approaches that can help address email threats like phishing, BEC, malware, zero-days, and APTs
- Focus on a layer security approach, as practical
The cyberthreats delivered via email have the potential to devastate organizations of any size, and can even lead to a compromise of your own MSP business. Even the best-trained and most risk-averse users can fall victim to an attack, and it only takes one successful strike to result in disaster. Service providers should look to solutions that deliver advanced email security capabilities, limiting the opportunity for humans to ever encounter such threats.
Securing your supply chain is paramount
We’ve certainly seen some high-profile supply-chain attacks over the last year. In late 2020, the compromise of SolarWinds’ Orion software lead to data breaches at many of the company’s big-name clients, including multiple U.S. federal agencies and Fortune 500 companies. From January to March, zero-day exploits affecting on-premises Microsoft Exchange Servers enabled attackers to gain administrative privileges, full access to user credentials, and device access across impacted networks. And in May, the Colonial Pipeline was forced to shut down for nearly a week after a ransomware strike, creating significant fuel shortages across the eastern United States.
Cybercriminals are wily and opportunistic, and they know that the best way to compromise a target is often through the third-party vendors that the organization relies on. We heard from Dr. Ed Amoroso, CEO at TAG Cyber, who explained how critical it is to work with vendors that emphasize a secure software development process. He also shared some great tips on vetting the people, practices, and technologies of the suppliers you trust to put in your stack — including how to:
- Review vendors’ source code with static tools
- Monitor the community’s experiences for evidence of vendor issues
- Watch outbound network communications for evidence of suspicious software behaviors
- Add language around vendor integrity requirements to your contracts
Getting proactive about supply chain attacks means not just implementing smart security policies, but also verifying the integrity of the tools you’re considering — and adding some (polite) pressure to the vendors in question to ensure they’re taking cybersecurity as seriously as you are.
“If you want to stop this problem of supply chain [attacks] … do the cybersecurity properly,” said Dr. Ed. “Backup and recovery should be good, ransomware should be protected [against], attack surfaces monitored … that’s the way you do supply chain. You clean up your house — and you do whatever you can to have your suppliers also clean up their house.”
For more insights, predictions, and actionable advice from today’s industry leaders, check out on-demand sessions from Miami or register for our upcoming events in Schaffhausen, Dubai (also available virtually), and Singapore.