Guest Column | March 14, 2022

MSPs: Don't Let Fancy Acronyms Distract From Clients' Actual Security Needs

By Soni Lampert, KLH Consulting

Security Vulnerability

Businesses rely on you – their MSP – for expert and clear-eyed perspectives on their technology needs. That is especially true when it comes to data and system security. Given that the current security solution landscape has been rendered nearly incomprehensible by acronyms, it’s no surprise that businesses seek experts able to tell EDR from XDR and SOAR from SIEM to guide their systems to safety.

In truth, MSPs themselves must be careful to examine the actual substance of potential solutions, since marketing departments have been more than happy to play fast and loose with acronym definitions. The acronym terminology on a product’s tin may have more to say about industry sales trends than what threats the tool actually addresses. Those marketing pressures also drive security acronyms to shift meanings and become increasingly hazy.

For instance, as EDR has gained momentum as a buzzword, the term that originated as “endpoint detection and response” has evolved to now describe newer zero-day, behavioral-based antivirus solutions. The currently common definition of EDR actually excludes many excellent solutions that literally detect and proactively respond to threats. Worse, buyers with only a surface-level understanding of security often generously interpret EDR as the be-all-and-end-all of data and system security, and the only solution they require. And EDR is just one example of how clients – and even MSPs themselves – can miss the forest for the trees when selecting tools and assembling an effective security stack.

The best approach for MSPs is to follow a disciplined strategy that selects solutions based on clients’ specific security needs and not on ephemeral acronyms or marketing hype. A loose strategy that chases acronyms only leads to an endless high-stakes game of whack-a-mole, where new risks regularly pop up to threaten unprepared systems and MSPs scramble to bat them down before harm is done.

Instead of this piecemeal approach, offering a solution stack ready to holistically protect clients from the full spectrum of potential security dangers will be far more beneficial to both an MSP’s business and its clients in the long term. Any data breach of a client’s systems has severe repercussions, from reputational damage to potential regulatory fines. Therefore, it pays for an MSP to look past the acronym-du-jour and focus on protecting clients like they’d protect their own business because ultimately, they are.

MSPs also need to ensure their comprehensive expertise and command over what security acronyms and particular vendor products claiming those labels actually do. When a client approaches with a commonly heard statement like, “I read that we need this EDR to be safe from ransomware,” the MSP must be ready to offer informed and crystal-clear guidance that puts the client at ease. While many businesses today end up with an oversized whack-a-mole mallet ready for ransomware threats (and gaps most everywhere else), MSPs that claim security leadership and steer strategies backed by clear communication will achieve more secured and satisfied clients.

A holistic MSP security strategy must keep visceral threats like ransomware in perspective while addressing the full range of a client’s risk areas. Such strategies must include safeguards such as data encryption and access controls ready to eliminate system and data access if employee-used devices are lost or stolen. In our case, we deploy BeachheadSecure to manage and enforce encryption on client devices. Protections neutralizing network-based threats and insider threats are just as crucial. Employee behavior remains clients’ most significant risk factor, necessitating that MSPs provide continuous employee training and governance solutions. When untrained employees practice poor security hygiene – sharing passwords and work devices, using unsecure connections, bypassing security protections in the name of convenience, etc. – they’re as dangerous to a client as any attacker. Training regimens should test employees in true-to-life real-time scenarios, presenting employees with phishing emails and other dangerous predicaments to demonstrate that their training has paid off.

MSPs must address the security impact of widespread work-from-home policies and adopt and deliver additional security measures to meet these new dangers. With client employees working outside the safety of a central office network and away from the security cues of a shared workspace, they’re that much more likely to lend work devices to family members and leave passwords out in the open. To counter work-from-home risks, MSPs should implement solutions that allow them to prepare automated real-time responses to clients’ security incidents with granular specificity. For instance, MSPs can leverage geofencing-based security to automate security responses if an employee’s device travels beyond a set perimeter surrounding the employee’s home office. MSPs using such solutions can send a warning when the device passes a set distance and disable data access beyond a further threshold.

MSPs should also put activity reporting and logging into place to clearly demonstrate satisfactory regulatory compliance, should an audit occur. When so doing, a well-implemented SIEM solution, such as KLH’s Splunk-based SIEM for end customers and MSPs, can aggregate the logged data and, in real-time, alert MSPs to potential threats, auto-remediate where appropriate, and provide a valuable security analytics tool. 

Ultimately, the false comfort of nebulous high-level acronyms doesn’t protect clients. It’s MSPs focusing on the gritty details of clients’ security needs that get the job done. “Your systems and data are safe” is a sentence that no assemblage of acronyms can ever spell, but that MSPs certainly can.

About The Author

Soni Lampert is the CEO of KLH Consulting, a managed IT & cyber security consultant based in Santa Rosa, California.