Vertical markets, Cloud Security, Content

Microsoft 365 Security Best Practices: Will CISA Give MSPs, MSSPs A Boost?

Opportunity appears to be knocking for MSPs and MSSPs in the U.S. federal government market, where questions about proper Microsoft 365 security settings are now front-of-mind.

Indeed, the CISA (Cybersecurity and Infrastructure Security Agency) has issued requests for comment (RFCs) on eight Microsoft 365 security configuration baselines. The request is part of a larger  Secure Cloud Business Application (SCuBA) project to secure federal civilian executive branch agencies’ (FCEB) cloud environments.

The baseline guidance covers:

It sounds like the CISA may soon seek similar guidance on Google Workspace security.

SaaS Application Security: Growing MSP and MSSP Opportunities

The CISA effort highlights a continuing mind shift in the SaaS market. Indeed, when SaaS applications gained popularity some customers and channel partners assumed that the applications were fully secured by the software providers. Fast forward to present day, and most customers now realize they'll need to take extra steps to safeguard each SaaS instance, user access and associated data.

Amid that market reality, startup companies such as Augmentt and SaaS Alerts have emerged to help MSPs and MSSPs safeguard Microsoft 365. But the partner opportunities don't end there. Take a look at the Top 15 Most Popular SaaS Applications for Business, and it's a safe bet customers will need help monitoring, managing and safeguarding many of those systems.

Still, Microsoft 365's massive installed base makes it an obvious first target for hackers. Amid that market reality, the CISA is seeking comments about the Microsoft 365 baseline security guidance through November 24, 2022. Indeed, the agency wants "insight on the feasibility, clarity, and usefulness of the baselines. Comments should be submitted [email protected].

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.