MSPs Race to Establish Zero-Trust: 'We Are Headed for Disaster'
Zero-trust means ensuring that certain applications don't connect with each other.
MSP SUMMIT — MSP leaders are still trying to define what zero-trust means to protect their customers from the next cyber threat.
Threats continue to abound IT, as do the proposed solutions for those threats. The list of zero-trust vendors grows by the day, as MSPs seek to manage fine-tune their security offerings. However, the definitions and understanding of zero-trust network access varies considerably, depending on whom you ask.
Datalink’s Colby Norwood
“As of right now no company we’ve seen has been able to say, ‘Hey, zero trust is this, and at the end this is what you’re going to get from it,'” said Colby Norwood, business development manager at Datalink Networks.
Partners and vendors discussed zero trust and its implications at the MSP Summit, co-located this week with the Channel Partners Conference & Expo, in Las Vegas on Monday. ThreatLocker CEO Danny Jenkins (pictured above) encouraged the MSP audience to think about zero-trust in terms of applications, not just users.
“The application has access to everything that we have access to. It doesn’t matter if you’re a local user or a domain administrator; it doesn’t matter. If you’re running Angry Birds or Microsoft Office, everything we run can see everything that we see,” Jenkins said.
Thus, zero-trust for Jenkins means ensuring that certain applications don’t connect with each other. For example, Office doesn’t speak with PowerShell and SolarWinds doesn’t touch any other websites. It doesn’t mean you distrust those applications, but the shift to zero-trust removes some of their privileges. Those policies can make a big difference.
“If we start by allowing what we need and blocking everything else, we’re in a far better situation.”
Cybersecurity Reigns
Cybercrime and zero-trust dominated the discussions during the MSP Summit.
“There are a lot of cybersecurity conversations going on in this room,” said Len DiCostanzo, CEO of MSP Toolkit. “I can feel it.”
MSP Toolkit’s Len DiCostanzo
High-profile attacks on SolarWinds and Kaseya are putting the pressure on MSPs to solidify their security posture and ensure that their vendors know what they’re doing. In some cases, it’s leading MSPs to move away from their remote monitoring and management (RMM) providers, for fear for supply chain attacks.
Rob Rae, who heads up business development for rival RMM provider Datto, scoffed at the idea that MSPs ought to jettison their RMMs.
He also rejected the idea that a vendor like Datto should be excited to see its competitors lose credibility. For Rae, if one RMM vendor loses credibility, it impacts the entire IT services industry.
Datto’s Rob Rae
“That’s like saying, ‘A bank got robbed; let’s not use banks any more,'” Rae said.
Moreover, he urged partners and vendors to accept a wake-up call.
“I’ll give you a sobering truth; we are headed for disaster,” Rae said. “All of us in the MSP space – with he inertia that we are all on, we are heading for disaster. And it is time that we all take this much more seriously than we are.”
Chris Wiser, founder and CEO of 7 Figure MSP, told partners that they need to …
… plan deeper than just adding vendors. They need to fine-tune their policies.
7 Figure MSP’s Chris Wiser
“Make sure that internally you have an actual process,” Wiser said. “You have to have a human being that’s looking at this.”
Who’s Next?
Jenkins in his keynote pointed to the omnipresent threat of cybercriminals. Consider that the DarkSide group, the authors of the Colonial Pipeline attack, have pushed back on the idea that it was a political group. Apparently their targeting of a company in the gasoline market painted them in a bad light.
“They came out and apologized and said that going forward they’re going to go after less controversial targets,” Jenkins said. “What does that mean? Children’s hospitals? Fair game. Charities? Fair game. MSPs are fair game.”
Industry Growth
Despite downer conversations about cybercrime, the MSP industry is enjoying a prosperous season. Rae said Datto’s numbers show that 47% of MSPs grew during the pandemic.
“MSPs did pretty damn good through this,” Rae said.
Rae said that MSPs have historically struggled to retain customers. When customers only talk to you when something is broken, it can be difficult to remind them of the value you provide. Well, the pandemic made that value more than obvious.
“All of a sudden, everyone’s hair’s on fire, and who came through? It’s the MSPs. The MSPs are the ones that are there to help mobilize. Security is a conversation we’re going to talk a lot about I’m sure. But we’re not talking about retention anymore. We’re looking now for what are greater opportunities than we can see.”
Partner Profile
Datalink Networks is a Santa Clarita, California-based MSP. Datalink acts as IT staff for customers of 25-100 seats, a strategic IT partner for customers of 100-1,000 and a product vendor for customers of more than 1,000 seats.
Datalink’s Brian Wisdom
The company holds gold partner status with Microsoft and has seen significant opportunities come from helping customers who don’t know much about email environments. Datalink offers a complimentary upfront scan to build trust with the customer and develop a relationship. Senior account executive Brian Wisdom said the company prides itself on providing education and analysis for the customer.
“We’re the liaison between our customers and the manufacturer. A lot of customers don’t know the lingo that we talked about,” Wisdom said. “That’s why it’s on us to understand what’s out there in the market. How we can put it in a box and then give it to them in a digestible manner so that customers trust and believe what we’re telling them?”
Read more about:
MSPsAbout the Author
You May Also Like