IT and Business Insights for SMB Solution Providers

Be Afraid: An Expert Tour of the Security Threat Landscape

Channel pros need to address the latest threat vectors facing customers, including cloud, IoT, mobile devices and—gasp—MSPs themselves. By Colleen Frye
Reader ROI: 
CLOUD, IOT, AND MOBILE DEVICES are some of the latest threat vectors MSPs and their customers face.
THE FOUNDATION for many mitigation strategies is good security hygiene and following traditional policies and procedures.
MANAGED SECURITY PROVIDERS must lock down their own infrastructure and follow the same practices they recommend for customers.

FACT: BUSINESSES ARE EXCITED about taking advantage of cloud, the Internet of Things (IoT), and mobility to drive innovation and agility.

Fact: IT departments don’t know how to secure those technologies fully.

Fact: Cybercriminals know IT is overwhelmed and are pouncing.

Jayson Ferron

Security veteran Jayson Ferron, CISO at Interactive Security Training, says MSPs must spell out a harsh choice for customers: “You have to decide whether or not you want to be the target, or you want them to move past you.”

The rise of new devices and endpoints on networks has only added to IT’s already challenging job, leading to poor security hygiene, says Ian Thornton-Trump, head of security at AmTrust Financial. Organizations are “not following their standard procedures for putting something on the network. It’s all kind of done quickly, and sometimes without even the involvement of IT.”

The Big (Ugly) Picture

To address new threat vectors, it’s important to put mitigation strategies in place. Our security experts walk through a few scenarios:

Threat Vector: Cloud

Organizations are rushing to get cloud applications up and running without necessarily thinking about security, Ferron says. As a result, they’re not taking advantage of the security controls the cloud providers have in place. “It's not the cloud provider's issue; it's the people setting up the servers who are not doing all the steps,” Ferron stresses. “The exact same thing that we’ve been doing on-prem we should be doing in the cloud.” And don’t forget to test it, he adds.

For his part, Thornton-Trump says the No. 1 mitigation strategy is to understand what security controls are available. Second, he says, “is really come up with a security control approach that’s based on risk.”

If organizations don’t have the skill set for cloud security, Thornton-Trump advises bringing in an expert partner or getting a third-party review. “I think that would catch a lot of these problems. But, again, it’s whether or not the business is prepared to make that investment.”

About the Author

Colleen Frye's picture

Colleen Frye is ChannelPro's managing editor.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.