10 Steps to a Proactive Security Model
Conventional wisdom says most MSPs are moving aggressively toward managed security services. But poke around and you’ll notice that many of those MSPs have no idea how or where to get started. That factoid surfaced yesterday during the Empower MSP conference in Orlando, where hundreds of SolarWinds MSP partners were seeking guidance on cybersecurity guidance.
SolarWinds MSP VP Tim Brown was more than happy to answer the call to action. During a main-stage presentation, Brown shared 10 steps to a proactive security model. His guidance, nearly word for word, included:
1. Change the Conversation From Security to Risk: Don’t ask, “Are you secure?” Instead ask, “How much risk do you face?” The security risk conversation should extend from a business risk conversation. Make sure you define customer metrics and measure against them.
2. Understand the Customer’s Environment and Help Define the Crown Jewels: You know the customer’s environment better than the customer. Use your knowledge to determine what is most at risk, and what would be the most attractive target. Also, define the cyber assets and protect them accordingly.
3. Implement Good Cyber Hygiene: A proper approach requires managed antivirus endpoints, proper patch management, backup, anti-spam and plenty more.
4. Secure the Environment at Different Levels: No one has 100 percent security. You’ve gotta prioritize and pick your spots. In addition to practicing good hygiene, and always protect the crown jewels.
5. Use Security as a Differentiator for you — and your customer: For instance, who is more secure — a community bank or an old-school manufacturer of pipe. Well, if the pipe manufacturer wants to be a supplier to the government, it will need to address a range of compliance requirements — essentially differentiating the company from commodity pipe manufacturers.
6. Use Regulations to Drive Security Maturity: Understand your customer requirements and the regulations they face.
7. Develop Security Knowledge: Build a set of expert contacts, know the basics, keep in synch with trends and build your overall “knowledge center.”
8. Help to Build a Culture of Security: People are key to a secure environment and any security program.
9. Position Security as a Proactive Entry Point and Engagement Point: Sure, use FUD (fear, uncertainly and doubt) but make sure you sell a well-managed environment, good hygiene and understanding of business risk as security.
10. Pursue a Community Approach: You can’t succeed alone. Hackers hang out in underground hacker groups. They share tools. They document their techniques. On the flip side, cyber pros need a similar community approach of their own.