ConnectWise is accompanying its ongoing foray into the exploding market for cybersecurity services with an intensified effort to build security more deeply into its product development processes.
The company discussed both priorities with ChannelPro at its IT Nation Explore conference in Orlando, which concluded today in Orlando.
The internal security initiative, which comes in the wake of a ransomware strike last month and an attack several months earlier that exploited a previously patched vulnerability in a ConnectWise integration tool, is being led by John Ford, the vendor’s chief information security officer.
“Our goal is to make sure that our products coming out onto the market have got the best security that we can provide,” says Ford, who was previously CEO of Sienna Group, the security consultancy and managed security service provider that ConnectWise acquired in December.
Establishing a uniform set of security best practices across all of ConnectWise’s development teams is a core element of Ford’s plan for realizing that objective. This group was doing this from security [and] this group was doing this,” he says. “All good things, but they weren’t communicating across the different products.”
Teaching developers about those best practices is a related component of Ford’s strategy. “We’re taking these product teams and really educating them much more on security, so it really becomes part of their core competency,” he says.
To embed security expertise directly within its development organization, ConnectWise plans to appoint security “champions” in each product group as well. Those resources will be advised and supervised by Ford and Tom Greco, the vendor’s recently-hired director of information security. “As it’s created, security is going to be baked into it,” says Ford of the company’s code going forward.
Making security a priority in the coding process is a simple matter of consistency for ConnectWise, Ford observes. “The same things that we’re preaching to other companies, we have to live ourselves.”
A 22-year industry veteran who has served as CSO or CISO for large businesses, Ford views himself as a sort of in-house security consultant for his current employer. Already, he continues, his expertise has helped ConnectWise spot potential vulnerabilities in its products to brute force and SQL injection attacks.
Insights from Ford and the former Sienna team will also play a role in ConnectWise’s forthcoming cybersecurity center of excellence, a security education resource for the vendor’s MSP partners due to officially open its doors in or near the first quarter of 2020.
“The high-level vision is that we want to make available to all of our partners and their customers anything and everything that they need to secure their environments, and those of their customers,” Ford says. “We have a massive amount of information and knowledge about the MSPs and the partners, so we are in a natural thought leadership position to take that information and bring to bear those products and services and thought leadership to our partners.”
The cybersecurity center of excellence, which is one of several centers of excellence designed to help channel pros embrace new business models and opportunities, is part of a larger cybersecurity strategy introduced by ConnectWise founder and former CEO Arnie Bellini last November. As Bellini stated at the time, and ConnectWise executives re-iterated in interviews with ChannelPro last week, building new security products and buying security vendors are also key elements in that plan.