Back in January, the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory notice specifically talking about RMM providers being targeted by cybercriminals. We’ve known that, as a group, we’ve been a target for a few years, with the bad guys continuing to look at the RMM solution providers as a route into small businesses because there are still dollars to be made there.
With the establishment of the Joint Cyber Defense Collaborative (JCDC) in August 2021, CISA has its lens squarely focused on the MSP space. This gives the industry an incredible opportunity to collaborate with JCDC to help ensure that we’re working together to make the ecosystem more secure and helping to reduce the security risk for MSPs.
There’s no “me” in cybersecurity
I’ve always viewed security as a team sport.
Of course, we all compete for customers, but at the end of the day, from a security perspective, as vendors, we have a shared goal. That is to create a better, more secure ecosystem for our MSP partners as well as their SMB customers.
The collaboration with JCDC and the connections being made between the major RMM vendors, as well as the MSPs themselves, is already giving the group insights into how we can all more effectively drive our product development to support that goal—whether that is through improved documentation, more secure default configurations, or new security features.
And this initiative isn't just about the RMM vendors that are currently involved. There’s a wide swathe of folks collaborating with JCDC, from MSPs to federal agencies, and the list is growing. So, it’s the perfect time for us to make sure that we're all really hearing (and listening to) the voices of MSPs at the national level.
However, it is important to stress this is a collaboration with JCDC. It’s an opportunity for those involved in the MSP industry to work together to help create a more secure ecosystem. It is not intended to be a pathway into our systems. It is designed to be a free exchange of information to make us all better.
The bonding power of JCDC
If you look at the information CISA historically publishes, it’s extremely valuable. I subscribe to it, and every time they put out an advisory, I give it immediate attention. This is what gives them the power to bring everyone to the table.
By collaborating with JCDC, the group is aiming to develop guidelines to help make sure we're all putting out products that are as secure as possible for our customers in a manner that is consistent across the ecosystem. And that, to me, should be absolutely critical for all of us.
There are four key things I see coming out of this collaboration:
- It will help RMM vendors enhance the areas where we can be more secure by default. This is something we’ve already discussed in the working groups.
- It will also help RMM vendors inform partners about how to be more secure.
- It will help ensure that all RMM vendors are aligning with best practices at the industry level; we have not had that before.
- And finally, it will encourage sharing and collaboration amongst RMM vendors.
My personal goal is to help ensure that N-able is securing as many MSPs as possible. N-able partners or not, I want us to provide a secure ecosystem for all MSPs.
Positive global impact
And while the work the group is doing with JCDC to help secure MSPs may initially be focused in the US, it can have a positive global impact. Whether you’re sitting in the U.S. or Cape Town, Mumbai, Berlin, or Sydney, the information that the group will share about best practices and how to secure MSPs and drive the industry forward as it relates to security will resonate across the world. The ecosystem is global, and the benefit here is to partners in all parts of the world. It's just being championed by JCDC.
This is about the industry coming together to identify how bad actors are using MSPs and then sharing that information across the vendor community. The collaboration will help ensure that we are all fighting that fight together. And there's a huge amount of power and value in doing that.
N-able’s collaboration with JCDC has the potential to be a powerful one. The industry has a strategic plan now and we have working groups that we're going through. Ultimately, this is bringing MSPs and RMM vendors together to build a formal program, and that, to me, is something that is crucial to the development and future of our industry.
Dave MacKinnon (DMac) is Chief Security Officer at N-able. Follow Dave on LinkedIn. Read more N-able guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.
