In our previous article, ‘Securing staff identities in the cloud, why it matters and where to start’ we discussed the significance of Identity and Access Management for a robust cloud security strategy. We talked about how to get started rolling out features like multi-factor authentication (MFA) and the importance of prioritising security in the cloud.
However, for many businesses, the question remains, how do you focus on cloud security with limited IT resources in-house and who takes responsibility for it?
***Spoiler alert: The answer is a Managed Service Provider (MSP) that specialises in modern workplace and here is why.
Often in small businesses, the responsibility for IT falls to either the business owner or an employee who happens to have a little more technical knowledge than everyone else.
“We often see staff who might be technically minded taking responsibility for the business’ IT. This is generally not an effective solution as they can only scratch the surface. They don’t know enough about the key components, like security, to provide sufficient support,” says Jason O’Shannassy, Senior Cloud Architect at Retrac.
Usually, the default ‘IT guy’ is able to jump in and fix a problem with an employee’s email or prompt the team to download the latest system updates. Whilst helpful, this is not digging deep enough into the workplace IT. According to Jason, whilst these staff members might be able to help solve a quick tech issue, they are not equipped or experienced enough to take the proactive measures needed to keep a business secure.
“If you think about the worst-case scenario and consider being affected by something like the Cryptolocker virus, the reality is skin deep knowledge won’t help, neither will a firewall. You need someone with knowledge on having the right mail filters, desktop AV and associated policies. It’s a massive ask to expect someone in a full-time role to take this level of responsibility on as well,” says Jason.
A good MSP knows all this and more and has a clear purpose to ensure your organisation has the necessary measures in place.
“With security applications there are a lot of options in terns if what to turn on and what not to. For example, are you using Windows Information Protection (WIP), are you monitoring access to your data? If you have staff using their own devices, are you using the security centre to control the WIP safeguards. These are the kind of things that we are qualified and trusted to do,” notes Jason.
The justification of using unexperienced in-house staff is often attributed to cost. For many businesses, the idea of paying for support is cost they think they can avoid.
“This is the wrong way to look at it and comes back to business leaders not thinking they need it. That’s fine whilst everything is running smoothly but what happens when disaster strikes, what is the cost then?” asks Jason.
It’s very easy for businesses to fall into the trap of not understanding their security needs until after a breach has happened, which then serves as a trigger to review IT procedures.
“It might be an initial cost, but it is a worthwhile investment for your business. As specialists we know how to implement the right solutions to protect your business. It’s a lesson you can’t afford to learn the hard way,” adds Jason.
Another reason to enlist the help of a modern workplace focused MSP is to ensure you are staying up to date with new product releases and capabilities. At Retrac, the team pay close attention to the Microsoft roadmap to ensure they are aware of any new developments.
“We test all the new Microsoft features whilst they are in preview. This allows us to develop an understanding of them so when they reach general availability, we know which of our customers might benefit from them. We actually go out of our way to learn about these things, to validate and check everything. We want to understand all the security features so we can increase value for our customers and, we enjoy learning about it,” says Jason.
By having their finger on the pulse, an MSP can strengthen the security with every new release and capability. In addition, they can upskill staff to ensure they are confident using the various security features.
“We train customers on the best way to roll out and manage things like MFA. We provide email tips, reminders and send out security threats to all customers to ensure they are aware of their existence and to assure them that they are protected,” adds Jason.
When thinking about your IT and who is managing it, you need to think about the whole picture and realise that a big part of the picture is security. When you think about the risks and the significant repercussions of badly managed security, you quickly realise it requires specialist expertise.
“You might not think you need the help now, but you do. It’s up to you whether you realise that prior to losing data or after,” warns Jason.
Retrac is a modern workplace speciality MSP. Retrac’s Security Bundle helps you understand the risk by auditing your environment. We help prepare and implement security policies, educate your team, and then plan, execute, and maintain threat intelligence.
Our team of experts can help you recover from an incident, assess your vulnerabilities, and secure your environment moving forward. Contact us today to understand how Retrac can help protect your business.