IT and Business Insights for SMB Solution Providers

Software Security is a Shared Responsibility, Datto Says: Page 2 of 2

To prevent more breaches of the kind that struck IT management solutions in the last year, the company says, MSPs must embrace cyber hygiene best practices and vendors must embrace independently audited security frameworks like BSIMM. By Rich Freeman

Beyond its rigor, though, what appealed most to Datto about the BSIMM framework is that compliance with its guidelines must be audited by an outside third party.

“This is a way that you can both prove your commitment and demonstrate through independent verification that you take this seriously,” Weeks says. “It’s a way that we can ease the concerns of MSPs, but also raise the bar for software security in the channel as a whole.”

BSIMM participants must be reassessed every two years, so Datto’s next evaluation will take place in 2023. “In the intervening time, we’re going to continue to increase the number and maturity of the activities that we conduct to really build out a world-class software security program,” Weeks says.

World-class perhaps, but not fool-proof. “This is not a promise that nothing bad will ever happen,” Weeks concedes. “What it does is it dramatically reduces the likelihood that that will happen.”

It also, he adds, gives MSPs a concrete standard to measure vendors against. “Every single MSP should be demanding to have a conversation with their vendors about what type of maturity framework they’re following to ensure the safety of that software.”

Datto, of course, is far from alone in training more attention on product security. Kaseya, for example, is spending “millions and millions” extra on penetration testing and other measures. ConnectWise launched a similar initiative early last year following media reports about vulnerabilities in its remote access solution, and is likely to have more to say on the topic at its IT Nation Connect event in Orlando next week.

Datto intends to make further progress against BSIMM in the future as well. “This is just the first stop for us,” Weeks says.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.