Questions MSPs Should Ask Vendors About Cyber Resilience
Here are five cyber resilience questions to ask to ensure you're managing your risk and protecting your business.
July 8, 2021
Sponsored by Datto
Cyber resilience, the need to not only survive a cyber event but to quickly return to normal operations, has to be part of a modern MSP’s DNA. In addition, MSPs like you need vendors that continuously improve their security posture, support your cyber resilience efforts and increase the cyber resilience of your clients.
Here are five questions to ask all of your vendors to ensure you’re managing your risk and protecting your business.
Are your solutions built according to secure design principles? Secure design principles are a set of fundamental concepts upon which products are developed to be resilient against attacks. Proper implementation of secure design principles significantly reduces the risk associated with using a product. The solutions you rely on must be designed using these principles—especially given the recent increase in attacks on MSPs. Ask vendors to provide examples of how their products meet secure design criteria.
Is the cloud your solutions rely on secure? It’s all about implementation when it comes to cloud security, especially with products that rely on public cloud resources. When evaluating solutions, consider whether you are responsible for implementing the solution and how much risk that incurs. Does the vendor offer implementation assistance? Do they provide any assurance that cloud resources are adequately protected? What sort of authentication do they require? Do they shoulder any responsibility if something does go wrong? As an MSP, it is vital to consider the amount of risk you are taking on when implementing a cloud-based solution.
How have you invested in your security? Vendors that take cyber resilience seriously will have hardened their products against known attacks and implemented additional security measures to protect their customers. Regular patching, multi-factor authentication, best-practice configurations, and regular audits are just a few of these measures. Beyond making secure products, vendors should also set rigorous security objectives and use frameworks for advancing and maintaining their own security. Supply chain management is another important consideration. Ask vendors about their information security team, which security frameworks they use, if they have secured their own supply chain, and how they continuously improve their security posture. Do they have a SOC2 Type 2 certification? What is their process for remediating and verifying identified weaknesses? What sort of incident response do they have planned? What is their business continuity plan in case of an attack?
Do you conduct regular security testing and analysis? Vendors should conduct regular vulnerability assessments, pen tests, security audits and cyber risk assessments to ensure that their business and infrastructure are secure. This might mean internal testing or contracting with third-party testers to identify vulnerabilities and then remediating the results. Ask vendors about their security testing and analysis efforts. How frequently do they conduct tests to improve their security posture? What are their testing goals?
How do you help customers achieve cyber resilience? A technology vendor’s primary objective is to provide solutions that contribute to cyber resilience. However, achieving cyber resilience requires a holistic approach encompassing people, processes and technology. Vendors might provide cyber resilience education to MSPs via live events, videos, podcasts, peer group engagement, and a variety of other mediums, forums and content types. Ask vendors how they go beyond technology to assist their customers in their cyber resilience efforts.
Asking these questions up front can save you from headaches in the long run. Vendors that genuinely care about cyber resilience will be more than happy to explain their security efforts. You need vendors that continuously improve their security posture, support your cyber resilience efforts and increase the cyber resilience of your clients. Visit Datto’s website to learn about our dedication to cyber resilience and how partnering with us can help secure your business.
Christopher Henderson is Director of Information Security, Datto.
This guest blog is part of a Channel Futures sponsorship.
Read more about:
MSPsAbout the Author
You May Also Like