Delivering end-user cyber safety – creating new opportunities for MSPs
By Andrew Wilson, CEO at LucidView
Cybersecurity threats continue to spiral out of control, putting more companies across the globe at risk of falling victim to data theft and enduring reputational damage that could be the death strike of the business itself. We are seeing cyber threats like ransomware becoming increasingly sophisticated and requiring security solutions that are innovative and able to keep up this evolving perilous landscape. As a result, companies require proactive threat intelligence and visibility into the organisational infrastructure and resource usage in order to protect the business. However, handling this responsibility can be an onerous task that requires the intervention of skilled specialists, which can be costly and is frequently ineffective. This creates a significant need as well as a lucrative opportunity for Managed Service Providers (MSPs) to differentiate themselves in a highly-competitive market by providing their end-users with such cyber security measures and content filtering services, by wrapping them up in their existing offerings.
End-users need to feel that their service provider is delivering ‘security’ as part of their offering and is capable of proactively minimising cyber threats. So, what type of detection and protection offerings should MSPs adopt in order to add more value to their end user customer? In addition, how can this counter the risks involved with a growing mobile workforce and uncontrolled bandwidth usage to keep clients secure?
Managing the mobile risk
With Wi-Fi connectivity becoming ubiquitously available, there is a strong demand on companies to enable mobile productivity. This is done by allowing employees to bring their own devices into the workplace. To unlock true mobility, workers need to be able to access corporate systems, applications and data from their mobile devices, often off-site. This means that the traditional method of securing enterprise infrastructure and data by using proxy servers is becoming increasingly frustrating, as mobile device applications are not always proxy-friendly. The pressure for convenience is starting to outweigh the demand for security, and more exceptions are being made to allow mobile devices to have direct access to network resources. This is fine, insofar as mobile devices themselves are often more secure than laptops but, not always. Furthermore, what happens when the device goes missing, is stolen or hijacked by a cyber intruder? What are the consequences for an organisation if a device with direct network permissions is used as an entry point into the file share system to seed ransomware? These are very real risks.
Managing enterprise bandwidth usage
Network and resource performance is a security issue. This is because if a company cannot access, for example, their business-critical services, the company is unable to carry out its primary objectives. The problem is usually characterised by slow Internet response and time-outs. Traditionally, the issue would be dealt with by simply throwing more bandwidth at the problem. However, ultimately, this does not resolve the issue. Instead, this is an opportunity for MSPs to conduct an audit on the enterprise network to identify whether there are any unauthorised ransomware connections or viruses that are impacting on resource performance. Here, it is important to make a distinction: if business-critical systems like VoIP or banking transactions are struggling, the organisations usually need resource management. If low-priority items like downloads and updates are struggling, only then is additional bandwidth considered the solution. Often, because employees think that their Internet usage does not get monitored, they’re free to do as they please. This means employees often misuse company bandwidth by downloading movies, music and TV series or spending time on online gambling sites. This behaviour not only negatively impacts shared resources but can place the company at risk of breaking laws such as piracy and copyright legislation.
MSPs can switch on visibility for end-users
MSPs therefore need to ensure visibility by shifting the focus to both defining and blocking undesirable content, as well as establishing the ‘trustworthiness’ of connections. Technology solutions available today can incorporate Artificial Intelligence (AI) to mine big data – these solutions can go out into the worldwide web and proactively identify all sources of possible attack by referencing a database that grows daily by more than 40 000 new Internet sites. This makes it possible to identify and immediately kill off untrustworthy, unusual and unauthorised connections travelling in and out of an organisation.
Such solutions provide threat intelligence through network visibility by identifying security and performance issues while offering the ability to add on content and security filters to block malware, explicit or illegal content. There are security enforcement tools available to automatically administer an enterprise’s security policies by reinforcing DNS content filters and actively manage torrent sources and destinations to tackle bandwidth usage abuse at the root of the problem.
By empowering clients with such functionality and security within their managed service offering, MSPs will be able to differentiate themselves based on the ability to offer visibility. The visibility that comes from knowing exactly what threats are out there is an extremely attractive selling point, in addition to being able to solve the client’s problems relating to confidentiality, availability and integrity. In today’s cutthroat market, it’s a no-brainer. The MSP that can offer clients everything they need to secure their connectivity as well as informing them of how their corporate bandwidth is being used and by whom, will be the top choice for CIOs and CEOs alike. In short, it’s high time MSPs took responsibility for the cyber safety of their end-users if they want to retain them and attract new business.