Risk considerations for Managed Service Provider Customers

September 3, 2021

No business or organization wants to be the victim of a cybersecurity attack. Adversaries target organizations of all sizes and in every industry, so cyber security is not just a large business problem. They often try to breach an organization’s systems through weak spots or entry points outside the direct control of organizations, such as via third-party vendors. Therefore, it’s no longer enough for organizations to secure their data and information systems; they must also encourage enhanced cybersecurity practices of their managed service providers (MSPs).

To help mitigate these risks, the Cybersecurity and Infrastructure Security Agency (CISA) released a new CISA Insights titled, Risk Considerations for Managed Service Provider Customers. This resource provides a framework that government and private sector organizations (to include small and medium-sized businesses) outsourcing some level of IT support to MSPs can use to better mitigate against third-party risk. The framework includes best practices and considerations from the National Institute of Standards and Technology and other authoritative sources with guidance geared to the three main organizational levels that play a role in reducing overall risk:

Senior executives and boards of directors
Procurement professionals
Network administrators, systems administrators, and front-line cybersecurity staff

The bottom line is that outsourcing IT services provides both increased benefits and risks to an organization. Key responsible individuals should take a step back to look at the security practices in place across their enterprise to answer:

Who is responsible for security and operations when outsourcing IT services to an MSP?
What are the most critical assets that we must protect, and how do we protect them?
What should an MSP provide to an organization in advance of a contract award to demonstrate security controls in place?
What network and system access levels are appropriate for third-party service providers?

It will require effort and time upfront for an organization to review its security practices and answer these types of questions. But, in the long run, it will help them spot pockets of risk from third-party vendors and improve their overall security and resilience.

To read/download this resource, visit: CISA.gov/publication/risk-considerations-msp-customers

For supply chain, risk management information and resources, visit: CISA.gov/ict-supply-chain-library

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

How can security leaders charged with investigations handle the management of interviewers and interrogators, as well as handle interviewing, including dealing with false confessions and misleading information?

Poll

Recruiting Diverse Candidates

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Risk considerations for Managed Service Provider Customers

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Risk considerations for Managed Service Provider Customers

Related Articles

Related Events

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.