By Kamel Heus, ThycoticCentrify
Digital transformation has been high on the business agenda for many years, but the events of 2020 flipped the script from one of competitive advantage to a matter of survival.
Channel partners have become particularly valuable as trusted advisors over this time, providing organizations with guidance as well as connecting them with effective services and solutions. This role will only grow in importance as digital investments ramp up further.
After a period of uncertainty and stop-gap remote working solutions during the initial throws of the pandemic, businesses are now settling into long-term digitization plans, either accelerating their existing strategy or working to catch up to more mature competitors. Accordingly, IDC estimates that around $6.8 trillion will be invested in digital transformation between 2020 and 2023.
The Opportunities And Risks Of The Cloud
The cloud is one of the main focal points of these digital transformation investments, and Gartner estimates worldwide end user spending on cloud services will grow 18.4 percent this year to reach £304.9 billion. Most of this forecast spending is centered on cloud-based software-as-a-service (SaaS), and the average enterprise already uses roughly 2,000 cloud services.
The cloud was essential for facilitating remote working over the last year and the increased flexibility and cost efficiency will continue to deliver powerful business advantages. However, these benefits come with increased exposure to cyber risk. As organizations continue to expand their digital footprints with more cloud infrastructure and services, they also increase the attack surface for cybercriminals.
Each new addition adds potential new vulnerabilities to be exploited, as well as another set of login credentials to keep track of. Credential theft is one of the most common goals in cyberattacks, with a single login being enough to grant the attacker a toehold in the system. From here, threat actors can escalate access rights until they can gain control of privileged accounts that will grant them powerful admin capabilities.
MSPs and other channel partners that can help their clients manage and protect privileged accounts in an increasingly complex IT landscape will be ideally placed to strengthen their position as trusted advisors, as well as unlocking new revenue streams.
How The Channel Can Help Combat Increased Risk
One of the most in-demand offerings for securing the expanding cloud infrastructure that MSPs can have in their portfolio is privileged access management (PAM). These solutions provide several capabilities for keeping the most privileged and sensitive accounts secure, including password masking and rotation, secure credential management, and tracking privileged account activity.
PAM makes it far easier for organizations to keep track of the huge number of account credentials necessitated by their expanded use of SaaS solutions. Passwords are automatically updated as well as being distributed through a secure channel, mitigating the risk of accounts exposed through weak passwords, or credentials being shared around and potentially exposed to threat actors.
Account tracking also enables organizations to actively monitor sessions for privileged accounts, enabling them to quickly detect any signs of suspicious activity that may indicate a compromised account.
As well as providing a valuable offering for clients, these capabilities are also increasingly important for MSPs themselves. MSPs are trusted to manage the IT estates for multiple organizations, making them a tempting target for threat actors. Breaching a single MSP can furnish cybercriminals with privileged account login credentials for their entire customer base, as well as direct system access in many cases. All channel partners that use or manage privileged accounts on behalf of their clients need to ensure they are properly protected.
Creating More Value, Seizing New Opportunities
The focus on digital transformation has provided MSPs with more opportunities to go beyond transactional relationships and establish true partnerships with customers. Privileged access management is one such opportunity, creating multiple openings for adding more value.
PAM must be implemented correctly to effectively secure privileged accounts against threat actors, as misconfigured controls can result in a solution that is too restrictive and locks out legitimate users – this is particularly problematic for remote workers. MSPs can add value by guiding their customers through the set up to maximize their returns, as well as providing ongoing support as the company’s infrastructure continues to expand and develop. PAM is a reliable source for repeat revenue, well suited as an ‘as-a-service’ offering.
PAM also syncs well with other identity and access management (IAM) solutions, creating an excellent opportunity to integrate into existing projects or create a bundled offering that covers multiple needs with one contract. Similarly, PAM has good synergy with other cyber security offerings such as security information event management (SIEM) platforms.
The acceleration of digital transformation has created a powerful opportunity for any MSP with the right selection of IT and security solutions. PAM will not only serve as a valuable addition to an MSP’s portfolio, but it also will help partners secure their own stash of privileged accounts to protect their customers.
About The Author
Kamel Heus is VP EMEA at ThycoticCentrify.