Thank you for shining a light on this systemic vulnerability. I don't think organizations realize that, in many ways, they inherit the security of their service providers. As another commenter noted, the RMM is overdue for radical reinvention. Security-minded MSPs may need to think about delegated access to customer environments, privileged access workstations, or other methods for remotely administering customer environments without that big fat one-to-many target that RMM represents. I think the MSP tooling ecosystem is general is problematic - MSPs design for scale and efficiency (making them an economical option for customers as opposed to hiring internally), but do I really want my password manager integrated into my RMM? Maybe not... There's a lot of market share out there waiting for MSPs that can develop real cybersecurity maturity.
At Valeo Networks, we’re always on the lookout for different ways to make your life easier. We are a Managed Service Provider that incorporates every aspect of Managed IT Services in a way that will work for you. We will work with you to figure out which services would benefit your business, and which ones you may not necessarily need at the moment.
SugarShot provided IT consulting and help desk services for a non-profit. The client felt they did not need an in-house person doing IT, but they needed a help desk they could call when they needed assistance. SugarShot is a help desk for the client; they manage servers and services, provide troubleshooting services, and they serve a variety of other functions. The client has been satisfied with the company’s work, and they feel that the company has helped move their cybersecurity forward.
Accenture elicits a high level of loyalty among its clients. It boasts that 98 of its top 100 customers have each worked with the company for over a decade. The company’s technology expertise encompasses a broad array of platforms, including Microsoft, Oracle, SAP, Salesforce and Workday. It also offers cloud integration expertise and services. Accenture Labs taps the firm’s deep R&D expertise to develop, test and deploy customized tools and solutions for clients. This includes areas such as AI, digital workforce, software engineering, extended reality and cybersecurity.
Chris Loehr — executive vice president of Solis Security, an incident response firm — has personally dealt with many of these MSP breaches. Speaking of GandCrab, Loehr says, "They certainly hit some MSPs in 2018, but the ransoms were relatively small: $10,000 to $25,000. In 2019, MSPs became more of a target, with increasing ransom demands and the threat actors leveraging MSP tools with greater efficiency to affect clients. GandCrab never required the MSP to pay up. It wasn't until GandCrab evolved into Sodinokibi in mid-2019 threat actors began to say: 'We ONLY want the MSP to pay. You can pay for ALL the customers or you get NOTHING at all.'"
As a Managed IT Services Provider, we offer 24/7 business IT support and services to customers with global presence from our Nottingham, Sheffield and London offices. We are an award winning, rising star in the mid-market Managed Service Provider (… VoIP, Hosted Exchange, Email Security, Data Storage, DaaS, Cybersecurity ... Veeam, Cisco Premier, Datto, HPE, Meraki, Microsoft Gold ... Steve Robinson
However, managed IT services do not necessarily make the enterprise IT professional obsolete; for the end user, an IT professional can act as an endpoint liaison that manages the relationship, provides feedback and analyzes the reports provided by the MSP. Because the majority of routine work is being completed by the MSP, the IT professional is capable of greater efficiency and has the flexibility to tackle larger, more complex projects they would otherwise not have the time or capacity to take on.
Backup and Disaster Recovery (BDR)—a combination of data backup and disaster-recovery solutions that works cohesively to ensure an organization's critical business functions will continue to operate despite serious incidents or disasters that might otherwise have interrupted them, or will be recovered to an operational state within a reasonably short period.