MSP Software CISOs: Cooperating on Cybersecurity?
Coopetition — Ray Noorda’s concept of cooperating and competing with your rivals — is beginning to take hold in the MSP software market. Admittedly, companies like ConnectWise, Datto, Kaseya and N-able remain fierce rivals. But take a closer look, and you’ll see that the CISOs (chief information security officers) at each of those four companies are beginning to build bonds with each other. And that’s welcome news for MSPs that are seeking to safeguard their software supply chains from hackers.
To understand the current state of MSP security, you need to rewind to October 2018 — when the U.S. Department of Homeland Security (DHS) issued a major warning about MSP supply chain attacks. Alas, the attacks continued and escalated. By 2019, ChannelE2E warned that the MSP industry was facing a Judgment Day along with a crisis of credibility — and called on software vendors and MSPs to raise their cyber game.
Fast forward to present day (March 2022). Cyberattacks continue, but anecdotal evidence suggests the MSP industry has become more vigilant against hackers and associated malware. In addition to our own market coverage, I see and hear about the progress (and continued risks) when I tune into The CyberCall, a weekly podcast hosted by Andrew Morgan, founder of The Cyber Nation.
Meanwhile, I’m starting to hear about collaboration between CISOs who work at the major MSP software providers. During an interview with MSSP Alert earlier this week, N-able CEO John Pagliuca told me the CISO-level collaboration across rival companies is a welcome development. Moreover, Pagliuca told me to keep an eye on the CISO collaborations, because some welcome developments for MSPs were on the way.
ConnectWise, Datto, Kaseya and N-able CISOs: Sharing the Microphone
What developments? Perhaps we’ll get some answers on March 28. On that date, four of the top MSP software industry CISOs are set to sit down (virtually) to discuss where the MSP industry is making progress, and what steps we all need to take to further mitigate risk across the market. The conversation is set to include:
- ConnectWise CISO Patrick Beggs;
- Datto CISO Ryan Weeks;
- Kaseya CISO Jason Manar; and
- N-able CISO Dave MacKinnon.
The CyberCall’s Andrew Morgan organized the call, and kindly asked me to moderate the conversation. You can tune in here. This particular edition of The CyberCall (number 89) will be hosted on the Channel Program, a platform founded by Kevin Lancaster, in order to further extend the overall reach of the discussion.
So, what exactly will we discuss? The short answer involves:
- Cross-company CISO Collaboration: Is it real — and if so, what are you all discussing?
- Shared threat intelligence: Are there signs of progress in the MSP industry — and if so, where?
- Mitigating MSP and supply chain risk: Where have we made progress, and what are the weak links that we all still need to strengthen?
MSP Questions Welcome
But ultimately, the conversation will be unscripted. And the CISOs are set to answer attendee questions throughout The Cyber Call. I look forward to moderating the conversation. Special thanks to Andrew Morgan for the invite and his friendship, and to Kevin Lancaster and the Channel Program team for providing the underlying platform.