June was a busy news month for managed service providers (MSPs), and, unfortunately, the news was all bad. According to Reuters, the global hacking campaign known as Cloud Hopper breached the security of at least eight technology service providers, including giants like Hewlett Packard Enterprise, IBM, Fujitsu, Tata Consultancy Services and NTT Data. I talked about Cloud Hopper in my webinar last month - a massively organized operation. (Cloud Hopper that is, the webinar was pretty well organized too!)
This past spring, we also saw an increase in ransomware attacks against MSPs that serve municipal governments and public transportation systems. In several cases, the ransom was paid, either by the breached entities or by MSPs that wished to keep their names out of the news.
As you can imagine, trusting extortionists to keep their word is not a sustainable business practice. According to research from SentinelOne, 45 percent of U.S. companies hit with a ransomware attack paid at least one ransom, but only 26 percent of those organizations got their data unlocked. Moreover, 73 percent of those same companies were attacked later, presumably by repeat offenders who had now identified a reliable source of revenue.
All of this is quickly leading to a day of reckoning for the entire MSP industry, and any provider who delights in a competitor’s misfortune is being seriously short-sighted. It is entirely possible that end customers will eventually start suing MSPs to be compensated for lost data, ransoms, or both. It is equally possible that MSP customers will lose faith in outside services and return to the in-house model. In either case, that would be the end of the MSP industry as we know it.
And the cracks are already showing. More and more customers are demanding hard evidence of vendors’ compliance with standards like SOC 2 Type II, GDPR or NYDFS 23 NYCRR 500. Not every MSP is set up or funded for full compliance with those tough standards.
So, how will MSPs survive? Part of the answer lies in understanding how MSPs got here in the first place. The MSP business model took shape long before the rise of sophisticated, state-sponsored hacking. Back in the 1980s and 90s, security was not necessarily part of the MSP’s core offering. Routers and firewalls were presented as add-ons, extras that created an opportunity for upselling. And today, that notion of security as an option is still regrettably persistent in some quarters.
It’s pretty clear that MSPs now need to demonstrate a serious commitment to data security. When prospective customers ask how their information will be safeguarded, an answer about multifactor authentication will no longer be enough.
There’s a better answer, one that MSPs can start giving right now. That answer is Tehama. Tehama is a complete SaaS-based work environment that ensures instant security compliance through 150 controls. And with Tehama, any work done on the platform continues to conform to the requirements of your customer, with every activity on the platform generating a permanent record.
MSPs are often overwhelmed by the complexities of each customer’s policies. Tehama helps you eliminate complexity with a streamlined, simplified workflow. We provide clean end-user compute white rooms that give you total control over access to your mission-critical and data-sensitive applications. The firewalls, the storage, the infrastructure and the access policies are all provided for you in one place, and they are managed by you from one dashboard with a single sign-on. Our contained and collaborative workspaces operate as a virtual extension of your secured business infrastructure in the cloud. In just minutes, you can onboard users and launch ready-to-work Tehama rooms for collaboration on Microsoft Windows or Linux virtual desktops. And Tehama’s flexible pricing model means you can scale your subscription affordably as your customer base expands.
Tehama is uniquely capable of safeguarding the assets of today’s MSP customer. And that makes it uniquely capable of safeguarding the reputation of today’s MSP. In fact, we are so confident in Tehama that we’re offering MSPs and MSSPs six months of free access to our platform. This is your opportunity to test-drive an online environment that complies with the world’s most rigorous security standards.