While there are many characteristics that you need to consider when choosing a managed service provider (MSP), security should be one of your priorities. After all, you’ll be entrusting business-critical data to their system. Unless they offer a high level of cyber security, MSPs should not be on your short list of possible vendors.
There are a host of reasons why you should focus on MSP security, and several critical points that should be covered by any vendor you are considering. Let’s take a look.
MSP Security is Your Security
Regardless of the services you’re getting from an MSP, regulations and industry standards increasingly focus on risks that vendors pose to your information. By May of 2018, research indicated that third-party IT infrastructure data breaches cost small businesses an average $179,000 per breach, while large organizations lost $1.474 million per breach.
That means you need to do your due diligence regarding potential MSPs, and the following questions can help you evaluate how seriously they take cyber security.
How do you provide secure services to end users?
You want specifics here. Look for security controls that include regular patch management, anti-spam technical controls, ransomware protection, and end-to-end encryption.
How do you allow me to control user rights?
Your MSP should offer an Identity and Access Management (IAM) capability that allows you to control access to your data. You should look for an MSP whose platform enables you to assign and remove administrative rights from users as needed.
How do you manage endpoint platform protection?
An MSP with robust cyber protection combats the latest attack, like fileless malware and memory injections, with defenses that utilize cutting-edge technologies like machine learning.
Fileless malware doesn’t install software on machines but uses already downloaded software and applications to collect information. Memory injections occur when a malicious actor infects an authorized process running in memory with code that lets it bypass other protections.
Anti-malware solutions that use artificial intelligence and machine learning can detect these new attacks because they can distinguish between normal machine behaviors and abnormal behaviors that indicate an attack is happening.
How do you log monitoring activities?
Cybersecurity revolves around the concept of “trust but verify.” You can trust your MSP based on their responses, but you need to know that they document their detection and response activities. Additionally, your MSP needs to be able to provide you with logs that document the way they respond to your systems, networks, and devices. Therefore, you should be able to request logs that capture activities on endpoints, routers, application events, proxies, and Internet-of-Things (IoT) devices.
Choosing a secure MSP
Once you've assessed the MSPs security and documentation, you need to think about the way in which you're going to be able to use their services. You need to know how much information they provide you, when they offer it to you, and how they enable prioritization.
To truly manage your security, you need to be able to access all information easily. An MSP who offers a dashboard-style user interface with real-time data collection will give you the insight you need to manage your data protection.
Regular, routine backup and recovery
Your business solution needs to enable your business resiliency and recovery programs. Whether it's a malware attack, user mistake, or natural disaster, you need to make sure that your MSP can offer complete backup and recovery. While file sync and share works to enable business processes, it doesn't provide full restoration and recovery needed when your system crashes and you lose operating systems and applications.
Blocking and filtering capabilities
You need to control the way users can inadvertently undermine your security efforts, whether that’s visiting a malware-spreading website, opening an unknown email attachment, etc. Top quality MSP platforms allow you to blacklist apps containing Flash or other insecure protocols, giving you greater control and protection over the devices that can access your data and infrastructure.
One of the growing attack vectors cybercriminals are using involves altering archives and backup files. Being able to authentic files in order to prove they are original and unchanged is an important security measure. An MSP dedicated to cybersecurity should have a data integrity and verification functionality that allows you to prove current authenticity, as well as point-in-time integrity.
Choosing a secure MSP protects your business and your customers. By listening to its MSP customers, Acronis created the Acronis Cyber Cloud platform – which included data security as a top priority.
Each service offered as part of Acronis Cyber Cloud addresses the security concerns of modern business.
- Acronis Cyber Backup Cloud offers complete data protection, including Microsoft 365 backups.
- Acronis Cyber Disaster Recovery Cloud delivers business continuity services so your systems can failover nearly instantaneously.
- Acronis Cyber Notary Cloud offers blockchain-based data certification to ensure data authenticity.
- Acronis Active Protection is the first-of-its-kind, integrated anti-ransomware technology that’s powered by artificial intelligence.
As a single turnkey cloud solution that bundles multiple, reliable modern data protection services in one, Acronis Cyber Cloud empowers MSPs to offer easy, efficient, secure cyber protection. Ask your service provider about Acronis Cyber Backup Cloud with Acronis Active Protection!