When businesses agree to hand over monitoring and management of their IT environments to an MSP, they expect those environments to be protected. That puts the burden on MSPs to implement technology and best practices to secure client environments, not only at headquarters but also at any other sites the client operates.
Securing multiple sites can be a challenge, especially if clients haven’t updated all the technologies at every location that run on the same platforms or if they use different security tools for different sites. It’s up to an MSP to assess the state of a client’s environment and make recommendations to deploy the tools and deliver the services that will keep all locations equally safe. Here are six best practices to accomplish that:
- Central Management
One of the MSP’s most compelling attributes is the ability to remotely monitor and manage client environments from a central location. Centralized security management is especially helpful because it removes complexity from administrative tasks, making it possible to employ a standards-based approach. This helps ensure all sites conform to the same administrative practices, security protocols, and technology, promoting uniformity and creating a safer environment. Remote monitoring and management also provides the organization with visibility into where users are on the network, including which endpoints they are using and which data they are accessing, providing yet another layer of centralized security management.
Securing all endpoints, regardless of location, is a must. This is a multifaceted endeavor that includes deploying anti-malware and content-filtering tools, and applying security patches as soon as they are issued and tested. It also involves providing training to make sure users understand current cyber risks and learn safe computing practices, such as the proper use of passwords and how to spot suspicious emails to avoid clicking infected URLs and attachments
- Site-based Firewalls
Firewalls provide a necessary layer of security that stops cyber threats. Each site should have a firewall with advanced protection features to block zero-day threats that can elude signature-based malware-defense tools. Signatures used in traditional AV solutions and firewalls are based on previously known malware, but hackers constantly introduce new strains, making it necessary to implement next-generation security tools designed to spot suspicious code that may turn out to be malware.
- Private Connections
Depending on the nature of the client or the expansiveness of the environment, it may be necessary to set up VPNs to protect sensitive data from prying eyes in the public internet. This may be the case even if clients keep a lot of resources in the cloud. Although clouds typically have the most updated and highest levels of security, it still may be necessary to protect connections between on-premises and cloud resources by implementing a VPN or procuring private lines from the internet provider to bypass the public internet.
- Mobile Management
Many businesses have BYOD policies, allowing employees to use personal mobile devices to access company resources, whether in the cloud or on premises. All users should be subject to the same set of access rules to avoid compromising company data. The implementation of mobile device management (MDM) helps secure and centralize management of those devices, preventing users from downloading unsanctioned applications and accessing restricted information. Mobile policies should cover password access, device approval, and the use of wipe capabilities for when devices are lost or stolen.
- Local Backups
Backing up to the cloud makes a lot of sense in order to create redundancy and ensure that data can be restored if a catastrophic event such as a fire or flood destroys a building. But keeping backup copies locally is also a good practice. It allows for quick restores if files or drives are destroyed. Local backups should include images and data for mobile devices to enable restores when devices are lost or stolen.
These best practices for securing multiple sites deliver peace of mind to clients and allow MSPs to add value. It also helps you take a few solid steps in cementing your role as a trusted IT advisor to your clients.
Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.