A week before the start of IT Nation, my manager asked me if I wanted to attend the conference in Orlando. A colleague had backed out last minute, and we needed someone else to cover the booth with Jeremy Young, Blumira’s new Director of Partner Strategy.
Despite the last-minute request, I was enticed with promises of warm Florida weather and a free trip to Universal’s Wizarding World of Harry Potter.
So naturally, I packed my bags. I didn’t know much about ConnectWise’s IT Nation Conference, but I knew that Blumira solves a challenging requirement for log monitoring and retention and detection and response in the MSP community — we just needed to spread the word.
Jeremy and I talked to a lot of MSPs about Blumira, but I also learned invaluable lessons about the MSP community and the challenges they’re currently facing. After attending sessions and speaking with MSP owners, techs and managers about their on-the-ground experiences, I’ve found that these challenges seem to be top-of-mind:
The Kaseya attack was a big deal for MSPs, and resulted in a lot of industry changes. One of those changes is cyber insurance providers cracking down and requiring more stringent security policies for MSPs and their customers to get coverage. As one attendee put it, “Insurance companies are doing homework on you.” It’s simply not an option anymore for MSPs to slide by and not follow every parameter that the insurers mandate.
Many cyber insurance carriers already require that both MSPs and customers meet certain technical requirements, like enabling MFA. MSP owners and techs predict that similar requirements — like one year of log retention, SOC support, performing pentests, or having a SIEM — will become commonplace.
At IT Nation, attendees also talked about the idea of the cyber insurance space becoming more regulated. The current cyber insurance market is a wild west; insurers create their own technical requirements depending on whatever they feel is best. Many MSP owners believe that in the future, the government will be in control of those decisions, not the insurers.
We can already see this happening. In New York State, the Department of Financial Services released a first-of-its-kind Cyber Insurance Risk Framework in February of 2021. In it it calls out, “A robust cyber insurance market that effectively prices cyber risk will also improve cybersecurity. By identifying and pricing risk created by gaps in cybersecurity, cyber insurance can create a financial incentive to fill those gaps to reduce premiums.”
No translation needed to understand that either premiums are going up, or more controls are going to be mandatory.
Many MSPs that I spoke with were frustrated that their customers either don’t understand or don’t care about cybersecurity. IT Nation attendees said that they see a lot of glazed-over eyes once the conversation turns to cybersecurity. Many of their customers mistakenly think that they’re too small to be a target for ransomware.
Even seemingly easy wins aren’t as easy as they appear for MSPs. Multi-factor authentication (MFA), for example, is easy (and often relatively inexpensive) to enable but difficult for customers to get on board with. Some MSPs dealt with this challenge by leaning heavily into SSO solutions like Azure and Duo.
MSPs are concerned that the customer education problem is creating an unhealthy dynamic in which MSPs need to step into the roles of bad guys. MSPs don’t sell technology, they sell trust and relationships. One MSP owner quipped that when he is forced to lecture, nag and beg their customers to be secure, it’s no longer a partnership; it’s a dictatorship.
MSPs are dealing with this pushback from their customers in a variety of ways. Some give their customers more time and accept the risk that comes with doing nothing. Some eat the cost of certain tools and controls they feel are must-haves. Some ask security laggards to sign a waiver that says that they understand and accept the risks of not deploying certain technologies or enabling certain policies. Other MSPs are simply dropping customers that refuse to comply with security best practices. Neither method is ideal and breaks down trust — the very foundation of an MSP’s business.
Customers that do care about security often have a big ask: 24/7 coverage. But for MSPs, establishing and maintaining an in-house security operations center (SOC) is a complete non-starter due to the expensive and administrative burden.
Many MSPs are solving this issue by outsourcing to a third-party SOC, or even relying on an EDR vendor’s SOC. But that solution also presents issues, like alert fatigue and added complexity for MSP technicians that are already stretched thin, not to mention the hefty price tag that comes with most outsourced SOC security solutions.
What struck me most was how tight-knit the MSP community is. Everyone seems to know each other, which can feel a little intimidating as a first-time IT Nation attendee (even with a familiar-to-the-MSP-Community-face like Jeremy Young at my side). What was crystal clear, however, was a pervading sense of kindness and generosity within the MSP community.
This was especially evident in the session In The Aftermath of a Buffalo Jump, in which Robert Cioffi, COO and Co-Founder of Progressive Computing described his harrowing experience with the Kaseya ransomware attack in July that compromised 80 of his customers. Cioffi described how the MSP community banded together, flying in from every corner of the United States to help him and his customers recover from the incident. Some of these members of the MSP community were people he hadn’t even met before, but they had heard that a fellow MSP owner was in trouble and wanted to help with the purest intentions— and on a holiday weekend, no less. If that’s not a testament to the incredible strength of the MSP community, I don’t know what is.
I may not have considered myself an official member of the MSP community when I arrived at IT Nation, but after getting a glimpse into that world, digging into the challenges that MSPs are facing, and meeting new people, consider me a convert. I’m excited that Blumira will continue to help MSPs protect their customers against cyberattacks and solve the challenges that they face every day. After all, the vast majority of the global economy is made up of small businesses and it’s an honor to secure the MSP channel that serves them.
Blumira is a cloud SIEM with 1 year log retention and 24/7 SecOps support for urgent issues built into our affordable per-user pricing. Blumira offers free NFR licensing to MSPs for internal use. For more information, contact Jeremy Young at jyoung@blumira.com.