MSP Security Stacks: 5 Common Problems (And Solutions)

By Everett Odom

No one needs to hear more about the volume of threats facing businesses today. They’re ubiquitous and unrelenting.

Instead, organizations want to hear how to prepare to fight and mitigate these threats.

The biggest threats facing MSPs include the following:

1. MSPs have access to huge amounts of data which makes them more valuable targets
2. The attack surface is expanding at a rapid pace
3. Because security is too often one-size-fits-all, it is predictable
4. Talent acquisition is a challenge so resources can be overcommitted
5. Once policies and procedures are in place, they are hard to manage

Even in light of those threats, there is a growing opportunity for MSPs to expand their security offerings opening up new business opportunities.

Data Provides A Window For Companies

Companies increasingly rely on the cloud, and in 2021, users generated 2.5 quintillion bytes of data daily. The volume will increase; the cloud could house hundreds of zettabytes of data within a couple of years.

While it is a tempting target for threat actors, it also provides organizations with an opportunity. They need to harness that data to benefit their operations.

In some ways, it’s like exploring space. Just as we continually redefine the focus and the areas where we want to explore, new tools allow organizations to see deeper and more clearly and gain new insights into their operations.

Training Is Crucial, But It Must Be Concise And Targeted

Companies often make the mistake of thinking their security training is working simply because it’s “required.” Frequently, it’s superficial and unrelated to many employees.

What happens? Team members participate in the sessions because they must be there; they click through the questions and give answers to finish the assignment quickly. However, if called to act on the information, they likely won’t be able to do so.

By taking this approach, companies are inadvertently leading their teams to security fatigue. Left unchecked, it will be the downfall of organizations.

Security professionals need to minimize the effort facing end users. The best way to minimize a team member’s fatigue is to simplify the requirements and ask less of the end user.

The organization should target any queries to an employee’s role. Someone in marketing shouldn’t receive the same training as their counterpart who works in IT simply because they don’t need it.

No one should sit through a 45-minute session for material that needs only 15 minutes. So why do companies do it? Because they’re checking a box.

Customization Is Critical To Every Security Posture

One problem facing companies is that they have saddled employees with protocols and mandates for too long. As a result, many employees opt to take the easy route and skirt those requirements, putting their organizations at risk.

To combat this, security teams must ease as many burdens as possible from the end user and consolidate those efforts with the operations and security teams.

Admittedly it’s a balancing act. The cantilever should favor the security team, with the end user assuming a lesser part of the effort.

The goal is to take on a fractional amount of new effort and work while providing exponential value to the end user and the organization.

Companies Must Have A Certain Level Of Compromise

For years, security has been a hard line with little wiggle room. As counterintuitive as it may sound, it can no longer be.

Security should be like an anchor holding a ship in place. It keeps the vessel in a location but moves as the tide ebbs and flows.

In essence, companies must have a certain level of compromise. Compromise shifts more of the effort — and the burden — onto the governance side and removes it from the end user.

They don’t have to build a security framework from scratch. The more a security team can customize and educate team members on how to use a tool, the less responsibility an end user has for a successful outcome.

Governance Is The Most Important Part Of The Security Posture

It’s not enough for security professionals to deploy tools to their teams — that’s only half the battle. Governance, the glue that holds the entire strategy together, is essential to guarantee that the end users use them properly and as envisioned. 

While governance — circling back to confirm that teams are properly following procedures and processes — is key to confirming that organizations and team members follow the protocols, too often, it’s part of the security framework teams overlook.

 

The best tools are useless if businesses don’t use them appropriately.

For example, an organization can require employees to use a password tool. However, if the organization doesn’t show employees how to use it, they create another vulnerability instead of solving one.

Today’s business landscape requires new ways of thinking and approaches to tackling problems that have existed for years. But in this brave new era, they’re posing new threats to organizations, and those who don’t adapt will be the first to fall victim to these increasing threats.

To stay ahead, companies must reinvent their security or adopt new procedures using the proliferation of new tools, vendors, processes, and security frameworks.