AI: The Force is Strong With This One
AI has been the buzz for several years now. When OpenAI unleashed ChatGPT on the public in late 2022, it went from being a murmur to an all-out roar. Since then all of the major tech companies like Microsoft, Google, Meta, and Apple have released their own flavor of AI. There has been a lot of discourse about whether AI should be regulated or even that AI will be the end of us all.
Let's put all of that aside for a minute and look at the some of the power that AI holds and how it can be used for both good and bad. Like all technology, AI can be abused and used for nefarious purposes. When it comes to cybersecurity this is even more true…
Compliance-as-a-Service…Great Idea! But Start With Your Own Practice
This week, Kaseya released it 2023 Global Benchmark Survey Report. The survey, completed by more than 1000 respondents worldwide (predominantly the Americas), highlights the top trends in the MSP industry for the current year and compares them against the previous year.
Unsurprisingly, CyberSecurity ranks as the highest concern of MSPs showing a 15% increase over the 2022 results. In fact the top five new services MSPs plan to offer in the coming year fall into the Cybersecurity services category. Topping the list at 39% is Regulatory Compliance Management and Reporting. This is followed by Managed Detection and Response, Dark Web Monitoring, Identity and Access Management, and Security Awareness Training.
The interest in offering Regulatory Compliance Management services, often referred to as Compliance-as-a-Service makes sense with the increase in regulatory requirements.
However, many MSPs need to start by getting their own house in order. True compliance requires that policies and procedures are documented, processes are audited, and all employees are trained and follow the documented procedures. Although many MSPs have implemented strong security measures and practice good general cyber hygiene, many lack the documentation and consistent auditing to pass an external audit.
Why CIS is the Best Security Framework for MSPs
A couple of months ago I wrote about the importance of adopting a security framework to give structure and process to securing your practice. I went over several common frameworks and debated the pros and cons of each. In this article I am going to delve into the reasons why the Center for Internet Security (CIS) Frame work is the best for MSPs.
When we compared the NIST and ISO Frameworks to CIS, we discovered that NIST and ISO were somewhat loose and vague in regards to what controls needed to be implemented in order to be compliant. Both standards leave a lot of leeway for alternative approaches to meeting the standard of the control. While this flexibility may be desirable in some situations, it can be confusing and lead to lapses in security…
Microsoft New Commerce Experience is Here: The Five Things MSPs Need to Do Now
By now, most Managed Service Providers are aware that Microsoft has rolled out a new licensing model for the most common Office 365 and MS 365 products. Their New Commerce Experience (NCE) model introduces term-based licensing with firm commitments. New licenses can be purchased as 12-month or 36-month (not yet available) term agreement with early termination fees applying should the client cancel the agreement prior to the end of the term. The termination fees are equal to all fees that would have been paid if the agreement had not been canceled. Microsoft is also offering a month-to-month NCE option. However, that subscription comes at a 20% premium. This is a significant departure from legacy licensing program which allowed termination without penalty.
In addition, Microsoft is increasing prices on several Office/MS 365 products by as much as 25% on March 1st…