Today’s business operations are powered by connectivity. The use of cell phones, laptops, and Internet of Things (IoT) devices continues to grow, putting more demand on businesses’ IT infrastructure and network. Add to that an employee’s ability to bypass IT and sign up for “as-a-service” technical solutions directly, combined with new advances in processing capabilities for mobile devices, and businesses have an entirely new challenge: how to gain control over these non-managed devices while protecting the business network and company data.
This new technology culture necessitates a balancing act between employees’ desire to use their personal IoT devices at work—any device that can be reached through a network and exchange data—and the business’s security and compliance requirements.
Many small and medium-size businesses are seeking help with this challenge from their managed services providers. However, today’s MSPs need to adjust to these changing trends as well, both within their own businesses and in the IT infrastructures they manage. They must continually evaluate how to best integrate IoT into their solution offering, proactively manage this changing environment, and address the security challenges. Those MSPs who get out in front of this new paradigm will have the opportunity to capitalize on it.
IoT ups the ante in a cybersecurity threat landscape that continues to evolve, raising major cost implications for businesses. Lately, we have seen story after story of small businesses, local governments, and even big organizations being held captive by a ransomware attack. The latest numbers from Datto show that SMBs paid $301 million to ransomware hackers from 2016 to 2017, and new ransomware strains are sure to wreak more havoc. Ransomware often infiltrates a business’s security by exploiting humans, misleading users into authorizing software to run or convincing them to take actions that circumvent security protections in place.
Because ransomware isn’t going anywhere, MSPs must be prepared to address these challenges—and any new vulnerabilities IoT introduces. Below are several red flags that MSPs and businesses should be mindful of:
- IoT devices are often insecure, running older operating systems or failing to adhere to acceptable security standards by default. Due diligence is required to ensure that any devices installed are secure from ransomware, malware, and other security vulnerabilities.
- IoT devices are often overlooked by businesses and their clients from a security perspective. Because these devices create access into a network, they must be securely managed and monitored in the same way a workstation or laptop would be.
- While convenient and efficient, IoT and mobile devices have access to network resources and often store information locally. This can pose enormous security threats as attackers can gain access to less-secure IoT devices, and ultimately the network. Locally stored information can also be breached or physically transferred away from corporate networks.
Preparation and diligence, therefore, are key in ensuring that products are secure. MSPs should consider the following when looking to integrate IoT devices into their product offering:
- Have a plan. Developing bring-your-own-device (BYOD), IoT, and mobile device policies is not only a good practice, but ensures that clients are clearly aligned with the MSP’s expectations and recommendations as well. What kinds of devices are allowed? What software programs are allowed? What data may be stored, and where? These policies ensure best practices, enable SMB education, and protect against liability for both MSPs and the businesses they serve.
- Security threats are always changing. It’s not possible to simply secure a network and leave it that way. Security requires consistent reviews, policy enforcement, updates, and training.
- Backup and business continuity are critical. No security plan is foolproof, so having a business continuity and disaster recovery plan in place is a critical component for any MSP or SMB. Simply having a redundant copy of data as backup is no longer sufficient in today’s business environment. You must have a comprehensive continuity plan that incorporates more than just data redundancy. What’s your recovery point objective—how far back in time would you need to restore? What’s your recovery time objective—how long can you afford to be down? Ask these questions before an incident, and define policies to ensure expectations can be met at a moment’s notice.
IoT will increasingly impact MSPs and SMBs alike, bringing new opportunities as well as new challenges. MSPs should brace for these changes, but also be ready to act on the opportunities that this emerging technology presents. Those that effectively manage IoT will be poised to profit from the new business while helping their SMB customers grow and operate more efficiently.
John Tippett serves as vice president of Datto Networking, leading Datto’s Managed Networking Services business on a global scale. Having worked as both a managed services provider and for vendor firms, John has deep roots in the IT channel and a vast understanding of the needs and challenges faced by today’s managed services providers.