The challenge is always on for IT leaders trying to balance resources and budgets to keep everyone happy. From stakeholders to users through to partnerships and customers, connectivity matters.
The role of an IT professional in a Management Services Provider (MSP) or an in-house IT services team has evolved so such an extent that accountability has fundamentally shifted, with responsibility for new elements, including the security of data assets, falling firmly on the well-worn shoulders of the IT Team.
Whether you’re outsourcing services to a Managed Services Provider or you’ve got your own in-house team, we’re here to share some insights into the changing role of an IT professional based on our knowledge from the inside-out.
So what’s changed?
Managed Service Providers used to be focused on patching software and fixing tactical computer issues. In recent times, and particularly in the last 12 months, since cyber attacks have been impacting us as organisations and as individuals, concern levels have elevated significantly.
The impact of this is clearly affecting organisations everywhere as accountability for the protection of data assets has become the hot potato of the industry. As an IT lead, it’s important you ensure your organisation isn’t exposed to unnecessary risk, and that you have a tight plan, tools, capability, technology and resources to fix any issues if they arise.
Prevention is better than cure
Getting on the front foot will eliminate a large proportion of pain further down the line. It’s not news to anyone. Interestingly we’re seeing a fundamental shift from the mentality of ‘one size fits all’ to a ‘every customer needs a custom fit’.
Where once a cookie cutter suite of technologies would eliminate most of the risk, now agility is king. Having the ability, tools and resources to adapt, update and evolve as the threat landscape changes, is where your protection journey should start.
So, whether you’re in-house or outsourcing, there are four imperatives we think you and your MSP should consider:
You can’t protect what you can’t see – a system audit should be non-negotiable
We’ve said it before and we’re saying it again – start with a detailed audit of your IT environment. The Asset Register is the absolute pinnacle of prevention focused thinking. Most customers aren’t truly aware of what’s on their network and we’re seeing a greater proportion of vulnerabilities exposed through old and often defunct technology. Whether it’s a printer which hasn’t been updated or an old piece of software you didn’t know anyone was using, know your exposure points – in our opinion it’s the non-negotiable of asset protection.
Understand the risk – prioritise every asset based on its risk to the network
Now you can see what you’ve got in your network and where your endpoints are. It’s not always straight forward and there are likely to have been some surprises which may or may not be easy to fix. But at least you know what you’re working with and you’ve got an breakdown of all of the different elements which could leave your network exposed. Now it’s time to understand the risk contained within them. Take your asset register and evaluate the risk of each component relative to others in the network and prioritise them accordingly.
Make a plan – work out a maintenance plan across all of your assets.
You’ve broken your assets down into technical components, and you understand and have prioritised the risk. Now it’s time to target those with the highest potential impact for priority resolution, in line with your Risk Register. The most effective protection trifecta is when high risk priorities, at risk assets and a well protected network come together to create a more favourable outcome in the event of an attack or breach.
Be agile and aligned – make infrastructure a living process rather than a dusty report
Having alignment and regular interactions between your MSP and SOC will make sure you avoid the pitfalls of disparate teams. With a rigid services plan, a carefully documented and detailed risk register and the right security controls, infrastructure protection becomes an end-to-end solution. This makes your networks less appealing for bad actors and response and remediation much easier to manage.
Getting these simple four activities right can enable your organisation to operate with confidence, provide assurance of performance, productivity and protection, and enable you to focus on the wealth of growth-driven outcomes ahead rather than continuously watching over your shoulder.
Want to know more? Let’s chat!