Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News

October 14, 2020 |

ConnectWise Strives to Quench MSP Thirst for Security Knowledge at First IT Nation Secure Event

The new addition to the vendor’s lineup of IT Nation conferences seeks to help partners tackle an enormous challenge with equally enormous revenue potential.

In a further sign, if any were needed, that cybersecurity is both the greatest threat to managed service providers today and an enormous potential revenue source for them, ConnectWise has kicked off a new IT Nation partner event dedicated solely to security education and knowledge sharing.

Called IT Nation Secure and set to take place today and tomorrow, the conference seeks to quench a deep thirst for security insights and best practices among ConnectWise partners, according to Jay Ryerse, the vendor’s vice president of cybersecurity initiatives.

“The partner community has a desperate desire for more information,” he said in a conversation with ChannelPro.

Ryerse likens IT Nation Secure to a two-day crash course in cybersecurity modeled after the annual RSA and Black Hat conferences. “Most MSPs have never been to either of those events and may not have even heard of them,” he says, adding that unlike those gatherings, the ConnectWise show is tailored specifically to the needs of MSPs.

Though he declined to provide exact registration numbers, Ryerse said ConnectWise was targeting 5,000 attendees. “We should hit that without too much concern,” he added. 

SMB spending on cybersecurity hardware, software, and services will grow 10% year over year globally through 2024 to $80 billion, according to August data from Analysys Mason. Fully 91% of those SMBs, meanwhile, would consider switching to a new IT service provider if offered a top-notch cybersecurity solution, according to a September study commissioned by ConnectWise and conducted by Vanson Bourne.

Numbers like that are responsible for ConnectWise’s June introduction of a new MSP-focused cybersecurity framework, a set of accompanying cybersecurity “playbooks” and training resources, and a cybersecurity-focused partner community also called IT Nation Secure.

All of that is backed by a four-stage “maturity model” for partners to measure themselves against. Organizations at phase one are brand new to security, those at phase two are providing essential security services to their clients, those at phase three have added more advanced services, and those at phase four have essentially reached full-blown managed security service provider status. Helping partners ascend to the next phase up in the model is the core mission of both the IT Nation Secure event and community.

Though hard data isn’t available, Ryerse estimates that 80% of MSPs are either in phase two or three at present. The speed with which ConnectWise partners have engaged with IT Nation Secure, he continues, suggests just how badly many of them wish to up their security game.

“We are ahead of every metric that we envisioned we’d be at by this point,” Ryerse says. “We’ve had more downloads of the framework and the playbooks than I think anybody imagined we’d hit.”

Enrollment in ConnectWise’s IT Nation Certify training classes has been ahead of pace as well, he adds, noting that more than 5,000 MSPs have completed a course to date. The two classes available now cover security fundamentals for sales professionals and business owners on the one hand and engineers on the other. Recently announced advanced-level courses get started in January, and master-level classes will arrive eventually as well.

Unlike the introductory classes, which are one-day bootcamps that certify people individually, the advanced courses provide a half day of instruction per month for 12 months, and culminate in an auditing process aimed at awarding an entire company ConnectWise’s SECURE MSP credential.

“There’ll be some third-party validation,” Ryerse says. “We’re going to have them show us that they’ve met that minimum criteria necessary to deliver secure services.”

Frameworks and enablement aren’t the only tools ConnectWise will use to help partners protect customers more effectively. Due to reach market soon as well is a managed detection and response (MDR) solution, delivered through the ConnectWise Fortify portfolio, that’s designed to consolidate and correlate information from multiple security products.

“Right now, a partner who needs to deliver secure services might have 15 tools,” Ryerse says. The forthcoming MDR solution will ultimately enable them to plug all those tools into a single management console.

ConnectWise plans to take a “crawl, walk, run” approach to defining which specific tools users can integrate. “Crawl is going to be just the products that we’re currently supporting out of our SOC,” Ryerse explains. The company’s closest partners in the security vendor community will get access to the platform at the walk stage, which ConnectWise expects to reach in the next year. 

“Run is when we can open it up to the entire ecosystem and they can plug in based on APIs and other interactivity,” Ryerse says. 

Hardening its RMM, PSA, and other products amid escalating attacks on such platforms by cybercriminals hungry for the end user passwords and payment information they contain, is a key part of ConnectWise’s master plan for security as well. Multiple ConnectWise executives addressed that topic during a breakout session at IT Nation Secure this morning.

“We know that when we do have an issue, it hurts our partners,” said CTO Steve Cochran. “It’s critical that we get ahead of it and we stay ahead of it, so our commitment, our investment, is to make sure that we have all of the right components in place.”

Core to that effort is the “shift left” initiative ConnectWise launched at the beginning of the year, which is designed to build security considerations earlier into the software development process.

“In the old ways, we would code and code and code and code and then we would do these big bang tests at the end, try to find all the issues, get them back into the development cycle again, and push them through,” said Tom Greco, ConnectWise’s director of information security. “It’s inefficient, because you end up doing a lot of work and rework, as well as you don’t really connect your developers to security. So the notion here is let’s move it all the way to the beginning.”

Included in the program are secure coding instruction for programmers, heightened threat modeling, and the use of testing software from Vericode to ferret out hidden vulnerabilities before new systems go into production.

ConnectWise is inspecting existing products for weaknesses as well. “We brought in several boutique firms that specialize in deep dive penetration testing and code revealing,” Greco said. “We’ve already worked through most of [ConnectWise] Automate, and Control and Command are also in progress today.”

To train even more third-party attention on current products, ConnectWise introduced a bug bounty program last month. “More eyes on things make the soup better,” Greco said this morning.

Greco encouraged partners to report bugs too via a button atop the Security Trust site that ConnectWise rolled out in January, noting that the company has improved its response times to those submissions from days to hours on average.

“Now you get a response back from a person who helps triage the issue, figure out if it’s really something that is valid, and gets it ranked and gets it into our remediation flow right away,” he said.

IT Nation Secure is the third of ConnectWise’s IT Nation conferences. The two others are the IT Nation Explore event for technicians and service delivery professionals and the IT Nation Connect event for business owners and strategists. The 2020 edition of the latter event is scheduled to take place online in November.


Editor’s Choice

Deepfakes + Generative AI = Major Problems for Business

May 14, 2024 |

Deepfakes that can’t be distinguished from reality threaten to shatter the fundamental hierarchy of human trust and impact businesses.

Deep Dives and Round Ups: Why MSPs are Lining up for Online Events Again

May 9, 2024 |

Discover how MSPs can leverage ChannelPro’s online events to enhance industry knowledge, participate in engaging tech discussions, and drive business success.

Built for the Channel: How AI and Deep Learning are Transforming the SOC for Partner Ecosystems

April 30, 2024 | Tony Pietrocola

The rise of AI-driven attacks has increased the need for an AI-driven response to allow MSPs and SMBs to move at the speed of an attack – not just in response to one.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience