IT and Business Insights for SMB Solution Providers

Addressing the CISA MSP Cybersecurity Advisory: Page 2 of 2

Network security automation can make simple work of three labor-intensive recommendations to beef up cybersecurity. By Andrew Kahl

Configuration Management and Compliance

Although CISA guidance precludes direct mention of configuration management and compliance, the increasing complexity in network configuration management continues to be a common pain point. The potential security and other business risks associated with mismanagement (e.g., facing fines for failing compliance audits) warrants a closer look.

When it comes to reducing complexity, taking an inventory of vendors in the current tech stack and holding them accountable are key for quality assurance and regulatory compliance. Network automation should simplify compliance with industry, vendor, and regulatory policies. It should rapidly identify issues before they impact network and data integrity.

Automating network device configurations increases the reliability of IT systems and mitigates any security risk caused by human error. Information regarding all devices connected to the network is all too often in scattered fragments, or only in the minds of specific IT personnel. These configurations must be carefully documented and automated to increase the soundness of IT systems and ensure smooth recovery in the event of an outage.

Network engineers can mitigate increasing complexity by implementing network security automation to streamline configuration and efficiently manage multiple vendor environments, all while maintaining compliance. The thesis behind network automation is to reduce the hassle of staying efficient, secure, and agile in the face of changing business circumstances. Therefore, network automation should stand up to the scrutiny of industry standards and methodologies. That way, the integrity of information assets is maintained, business risks are reduced, and, above all, data remains protected.

Though the joint announcement is the first of its kind for MSPs and their customers, seasoned professionals may look at the guidance and think it falls short of being groundbreaking. Regardless, it serves as a reinforcement for efforts being made and a reminder to dig in deeper to processes to discover areas to fortify. These are real, tangible threats.

For customers who typically do not see the inner workings of their networks beyond support tickets and help desk calls, this is an opportunity to ask important questions about how, among other things, MSP vendors triage updates, maintain compliance, and ensure business continuity with system backup and restore contingencies.

ANDREW KAHL brings to BackBox over 28 years of industry experience and serves as CEO and a member of the board of directors. Prior to BackBox, Kahl was vice president of customer success at NetApp, and the first chief customer officer at Sailpoint. He was also co-founder of CREDANT Technologies, a leading security software firm that was acquired by Dell Technologies.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.