Managed services providers don’t need to become full-fledged managed security services providers, but they should have some cyber skills and be able to talk to customers about the latest threats.
With CompTIA including free CompTIA ISAO access as a new benefit to all MSP members, now’s the time to raise your cyber profile—and to let customers know about it, according to MSP members of the CompTIA ISAO.
“The reason I joined [the CompTIA ISAO] is that cybersecurity is part and parcel to the services that we have to offer. That’s just reality. You can’t be an MSP today and not provide cyber services,” said Ilan Sredni, CEO of Palindrome Consulting, a Hollywood, Fla.-based MSP. “The CompTIA ISAO was a very easy way to digest the amount of information that’s out there in relation to all the cybersecurity threats going on.”
Sredni started Palindrome as a traditional MSP business, adding security services several years ago. The problem was that subscribing to different sources and groups to access information on the latest threats was an expensive and cumbersome process.
“I read a lot and tried to educate myself on everything, but it was difficult. The ISAO really made it very simple to digest all pertinent information coming through my inbox. I’d get all this information and need to figure out is something actionable, informational, or urgent? Maybe it didn’t even apply to us. Now, it’s easy to tell and share with team members so we can all be aware and act accordingly, when necessary,” Sredni said.
Expect More Recognition, New Perceptions to Your Business
Another benefit of CompTIA ISAO membership is prospects and clients tend to think of you as a cyber expert—a nice distinction to have in the market, Sredni said.
“Prospects will say nobody else has approached them to talk about cyber, and when you explain how you’re getting threat information and reacting to all the latest risks, they say ‘I don’t get anything close to this from my current provider.’ That’s happened quite often,” he said. “Being in the CompTIA ISAO, we’ve been able to get ahead of the curve and talk security before anyone else has.”
CompTIA ISAO membership can also be a differentiator from competitors claiming to be security experts who really aren’t, Sredni said. “Unfortunately, a lot do that. Realistically, most are not cyber experts. They say ‘My IT guy is a cyber expert’ but what certifications does he have? Where is he getting his information from? They view their MSP, sometimes a one-man shop, as a cyber expert.”
Access to Latest Threat Information, Analysis Spurs Faster Response
The Microsoft PrintNightmare security vulnerability from July 2021 is an example where Palindrome learned about the issue through the CompTIA ISAO, proactively notified customers, and then addressed the vulnerability before any damage was done—and before others were even talking about the issue, Sredni said.
“I was 24 hours ahead of most other organizations. We’re always looking for ways to talk with customers and stay relevant—that example was a big help,” he said.
A piece of advice for MSPs actively involved in security—let your customers know how you’ve protected them. Don’t fall into the trap of not communicating with them because nothing’s wrong, Sredni said.
“One problem we as MSPs have is most clients haven’t called a help desk in six months and start to think ‘Do we need them?’ We’re protecting, paying attention to what’s going on. It’s our job to remind them that being a trusted provider is more than answering the phone to fix a password. It’s a lot of behind-the-scenes work to protect their data and keep them safe. All the information we get from the CompTIA ISAO has paid for itself numerous times over by creating goodwill with existing customers and bringing in new customers based on our expertise.”
Enhance Your Reputation with Prospects, Customers
Coincidentally, right around the time PrintNightmare was accelerating, CompTIA ISAO member IND, a Whippany, N.J.-based MSP, was bringing on a new employee that had previously worked at another MSP. That employee couldn’t believe how fast IND was responding to the threat, said Matthew Lang, IND’s CISO.
“He said ‘You’ve communicated it out, raised awareness, and [his old company] hadn’t even known this had happened yet,” Lang said.
The CompTIA ISAO’s threat analysis and alerts have helped IND elevate its status as a cyber leader in its markets, according to Lang.
“I can get alerts from [other sources] that say ‘This thing’s wrong. Go figure it out.’ That’s very different from the CompTIA ISAO and ‘This thing’s wrong. Here are our analysts’ comments that help this make sense,’” Lang said. “It allows you to adjust faster so you’re ready to roll. Everywhere in life, hours matter. It allows us to understand things quickly, and to take actions and just stay ahead.”
Leveraging the Power of Community
Security threats can be a complex concept to understand, let alone develop a plan and proper response. Many MSPs don’t have an abundance of expert cyber skills on staff, but they can rely on other CompTIA ISAO members to break risks down into understandable, actionable steps.
“Resiliency isn’t just about fixing the problem, it’s about explaining the risk and figuring out how to remediate the risk,” Lang said. “I’ll see something suspicious and send it to the [CompTIA ISAO] analysts so that I don’t have to go and read 400 blogs and security researchers and industry analysts to figure it out. I get the expert analysis and then I can go start the process for what needs to happen.”
The community-based aspect of the CompTIA ISAO has helped foster partnerships and increase cyber awareness with customers—but also within his own organization, said Lang.
“Stuff that used to be optional inside of an MSP like five years ago, that stuff’s not optional in my mind anymore. We need to know a better level of understanding of what’s going on,” he said. “I’ve been trying to change this mentality and I think the CompTIA ISAO helps. It brings us all this information up into your vision. The MSP feels more assured that if something happens, you’re in a good place. And if it’s outside of our control, we know how to go in and get as much control back as possible. It definitely is contributing to making our clients more secure.”