By Jan Kalkus, Altitude Integrations
COVID-19 accelerated the shift to remote work, exposing the challenges of protecting remote users and their resources. Larger organizations have issues, not least due to the difficulty of accessing and securing on-prem or legacy systems. The challenges are no less burdensome for smaller organizations and the MSPs who manage their IT security. Protecting users—while making it simple for them to follow best security practices—is essential in our distributed environment.
Cloud-based computing presents unique challenges for IT security, especially now. According to the 2020 Verizon Data Breach Investigative Report, 37 percent of attacks stole or used stolen credentials—an especially acute threat with the multiple logins required by various software systems. User error (due to misconfiguration, misdelivery, or publishing) is now the second most common cause for a security breach. And who can blame users? Managing sign-ons is exhausting. LastPass recently found that at larger companies (with more than 1,000 users) the average employee was expected to manage roughly 25 unique logins. For smaller organizations it’s worse, with that average rising to 85.
The Role Of MSPs
MSPs have a great opportunity to assist and protect organizations against the growing threats to distributed workforces, especially as knowledge around such vulnerability increases. According to a recent MSP survey from Barracuda MSP, nearly all respondents agreed there was rising awareness about security needs, with 88 percent responding that demands for security services were either moderately or significantly increasing. Underscoring the opportunity the trend presents, 72 percent of MSPs said the lack of in-house security skills at their customers’ organizations was creating new revenue possibilities.
MSPs can mitigate risk exposure for hundreds or thousands of clients simultaneously, through the right approach to protecting customer identity. In response to the shift to remote offices, MSPs will be well served - and be able to better meet their clients’ needs - by taking this 3-pronged approach to protect user identity and access, wherever the user is.
1. Manage Identity Centrally
Whether due to inadequate security hygiene or external attacks, identity theft is the top threat given its wide-reaching potential. With a victim’s credentials in hand, a hacker has the keys to the candy store; bad actors cause 70 percent of breaches. The foundational block of identity management is empowering users with the knowledge to protect themselves while instituting best practices for securing their identity at every possible access point.
Some of the best practices for evaluating security policies and solutions are to:
- Offer centralized management for admins;
- Allow for single sign-on across applications and systems, while offering unique Wi-Fi credentials and SSH key management;
- Require secure passwords (i.e. not clear text or encrypted) and multi-factor authentication;
- Ensure compatibility with different kinds of machines (Windows, Mac, and Linux);
- Enable manage by group requirements;
- Use core protocols such as LDAP, SAML, RADIUS, SSH, and REST; and
- Automate device provisioning and deprovisioning.
2. Secure Endpoints With Antivirus Software
Antivirus (AV) software remains one of the critical security tools that SMBs should implement on all endpoints, especially now. In 2018, according to Verizon, 58 percent of all cybercrime victims were small businesses; only 14 percent were adequately prepared to defend themselves.
Previously, on-prem IT teams managed only Microsoft Windows systems in Windows environments, using a good on-prem firewall, updated AV software on endpoints, and Microsoft System Center Configuration Manager (SCCM). The shift to the cloud and the transition to or addition of Linux and macOS machines in many businesses require a different antivirus strategy. Some common solutions are Sophos Endpoint for Macs, Microsoft System Center Endpoint Protection, and Kaspersky Endpoint Security for Linux, as well as a wave of newer solutions like CrowdStrike, Cylance, and many others. All of these can protect your fleets (to varying degrees) from malware, rootkits, viruses, and other cyberattacks.
To ensure AV on all endpoints, IT teams can use analytics and reporting tools for insight into installed applications (like AV) and into a much wider range of statuses. Altitude Integrations uses JumpCloud’s System Insights, a sub-component of JumpCloud Directory-as-a-Service. With it, we can quickly assess which endpoints have AV software and which need to be updated. This resolves issues before they arise—without disrupting the end user’s workflow.
From a single Admin Portal, admins can pull up hundreds of other data points about an organization’s entire fleet. These include installed applications, browser extensions, mounted volumes, network configurations, users and groups on systems, hardware info, disk encryption state, and operating system information.
3. Have A Layered Approach To Security
Each layer of IT security should protect data, applications, systems, employees, and their devices. A layered security approach prevents leaving any one area unmonitored and unprotected.
Because compromised credentials remain the number one threat to organizations, MSPs should look to solutions that centralize a user’s identity, protecting it across any accessed resources.
With a modernized core directory service, IT teams can centralize and protect user credentials, with the goal of securing users, their machines, and their networks, with:
- System-based anti-phishing capabilities
- Multi-factor authentication (MFA) applied anywhere possible (user identities, applications, and systems)
- Full disk encryption
- Anti-virus/anti-malware software
- Remote wipe and device lock
- Virtual private networks (VPNs)
Considering each source of network traffic as a potential threat enables organizations to protect themselves against ever-evolving risks—especially rampant during a global shift toward distributed work environments. With a core directory service consolidating user identities and their resources, you can effectively protect credentials, systems, applications, networks, file servers, and devices without needing to add a number of one-stop tools and add-ons. With a unified identity platform, MSPs also reduce the time required to do disparate password resets and respond to security tickets as it can be managed in a single portal.
A contemporary approach to security allows MSPs to transition away from on-prem infrastructure and rise to the challenges of the remote environment. It also consolidates all the processes designed to protect your network architecture under one platform. The result: MSPs can centrally monitor and protect customers’ identities, eliminate the need for legacy hardware maintenance, and ensure that customers’ security meets the demands of the modern COVID IT era.
About The Author
Author: Jan Kalkus is Lead Technician at Altitude Integrations where he focuses on moving clients to the cloud where their data is more secure, business continuity is upheld, and maintenance is low.