Vertical markets, Americas, Content

Louisiana Criticizes MSP Industry’s Security Practices; Employs MSSP

Kyle Ardoin, Secretary of State, Louisiana
Kyle Ardoin, secretary of state, Louisiana

Many MSPs (managed IT services providers) are dropping the ball on cybersecurity, leaving elections open to the threat of cyberattacks, Louisiana Secretary of State Kyle Ardoin warned peer government leaders on January 31.

Ardoin called out MSP security weaknesses multiple times during at a meeting of the National Association of Secretaries of State, according to State Scoop.

Ardoin, the report says, alleged that many MSPs:

  • Aren't properly emphasizing cybersecurity to their government clientele.
  • Don't properly secure their remote monitoring and management (RMM) software tools. He specifically pointed to MSPs that fail to activate 2FA (two-factor authentication).

Amid the alleged MSP industry shortcomings, Ardoin's statewide office leverages an MSSP (managed security services provider) for prevention and detection services.

Louisiana's commitment to MSSP engagements is easily explained. The state has suffered multiple ransomware and cybersecurity attacks across numerous municipalities and government agencies.

MSP Industry: Improve or Face New Regulations?

Although the MSP industry has made some progress on the cybersecurity front, more progress is needed, according to Datto CISO Ryan Weeks.

Ryan Weeks, Chief Information Security Officer, Datto, Inc.

Datto is an MSP-focused provider of data protection, networking, IT monitoring and business automation solutions.

If you're an MSP, you need to "know thyself, know thy battlefield and know thy enemy," Weeks told MSSP Alert during a PerchyCon 2020 conference last week in Tampa, Florida, organized by Perch Security.

As MSPs work to gain that cybersecurity expertise, they must also work to offer a unified industry front against attackers, Weeks added.

If the MSP industry doesn't make more progress on the unified security front, the industry could wind up facing new government regulations and compliance requirements, Weeks also warns.

Still, Weeks sees progress from vendors and MSPs alike. For instance, Datto rolled out mandatory 2FA services to MSPs in January 2020, he notes. We'll share additional thoughts from our time with Weeks soon.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.