The sophistication of both ransomware attacks and techniques for compromising passwords continues to increase. As such, it is more critical than ever for organizations to have a strong security strategy. Oftentimes, companies turn to their managed service provider partner as the expert on implementing or updating their security platforms—and that requires understanding the specific needs for each business you serve.
Building a security platform is much like building a house—you develop it from the ground up. Built poorly, you risk cracks and fractures. Similarly, an incomplete security strategy could leave holes that allow vulnerabilities to leak through. As the architect of your SMB customer’s security platform, your job is to ensure that does not happen.
Before beginning a house, architects must be certain they are properly prepared. The same is true for MSPs. You can’t take on the role of managing an organization’s security—no matter the customer size—if your own environment is not secure, so start by ensuring your own infrastructure is properly protected and monitored.
Next, gather a complete understanding of the customer, their risk profile, and what they are looking to implement. What “holes in the foundation” are they most worried about—data loss, data corruption, service outage, etc.? This will influence how you approach their security needs.
Similarly, the size of the company will impact the complexity of the technology strategies to be truly effective, so keep in mind the unique considerations for SMB customers. It can be easy to get caught up in multileveled, flashy solutions that could be too complex for what a smaller business needs.
One way to avoid this is by focusing, first and foremost, on the fundamentals:
As you would with any project—be it building a technology strategy or a house—it’s important to establish clear lines of responsibility from the beginning. Ensure there is no confusion between you and your customer when it comes to roles and responsibilities.
Larger enterprises often have a dedicated security team, but that may not be the case for SMB customers. Therefore, communication between you and the customer is even more important to align on those responsibilities.
Of course, no matter the solution at hand, clearly designated roles help with processes and efficiency. But for security strategies in particular, this also provides an added level of protection by eliminating the risk of overlap or gaps.
Draw a Clear Picture
Just like with architectural sketches, you should first get a thorough understanding of the environment you are working to secure. Without question, you’ll need to understand the customer’s devices, applications, and services, but it goes beyond that.
You must have a clear understanding of your own infrastructure as well. There is an old adage that you can’t secure what you can’t see, and, unfortunately, it is accurate. Most organizations would be shocked to discover how many touchpoints there actually are to secure. So, as you go through identifying everything in the customer’s network that needs securing, it’s also critical to identify all your own entry points.
Think of it this way: The more people with keys to the house, the more risk there is. SMBs turn to MSPs because they trust them with those keys, so it’s your responsibility to make sure you are keeping them safe, no matter what. That includes in the keyholder’s own home … or in this case, on your own network.
Lay the Right Foundation
Again, understanding the unique needs of an SMB customer is critical for identifying and implementing the right security framework. There are unique budget, time, and bandwidth considerations that will impact which framework fits best.
For SMBs, the best place to start is the CIS (Center for Internet Security) Controls. While customers may be more familiar with the National Institute of Standards and Technology Cybersecurity Framework (NIST), it could be a bit much for what SMBs need at first—much like putting up walls before the foundation has set.
Remind them that the CIS Controls can serve as a starting point. CIS maps to NIST, International Organization for Standardization (ISO), and other frameworks, which positions the SMB well for continued growth. These options also provide a strong foundation should you need to add to the security strategy.