Advanced security technologies such as data loss prevention and sensitivity labelling should be pre-requisites before customers proceed with Copilot rollouts, IT partners heard at CRN’s Channel Meets Security event in Sydney on May 14.
IT partners at the event heard that customers are still often in the dark when it comes to visibility of their data and understanding of what to protect.
“One of the biggest challenges we're finding at the moment when talking to partners and even speaking with their customers is the question of what are they trying to protect and where does it actually sit? You have to be guiding them the entire way through,” said Mark Voyce, solutions development executive at event sponsor Ingram Micro.
“There’s a good chance that defining policies for AI usage and who gets access to what using just-enough access principles, that hasn't been brought up in conversation previously."
"It's not a very natural conversation for them to have and it's not information on hand they might have as well. So, it's something for you to guide them through.”
Platinum Technology director Steve Raw said his company’s approach to protecting client data is by "adapting the zero-trust framework specifically to data."
"It's based on the same ZTNA (zero trust network access) methodology we've used to secure networks, and by extension endpoints and servers for some time, but we are now specifically targeting the data itself.”
For Platinum Technology, certain data protection measures are essential for clients using Microsoft Copilot.
“As IT professionals there are many advanced security-based technologies which we have been preaching for years. Sometimes these technologies, such as data loss prevention and sensitivity labelling, have had a hard time being accepted," Raw said.
"Our basic approach to Microsoft 365 Copilot is to treat these controls as pre-requisites before proceeding with any rollout.”
Fujifilm CodeBlue head of solutions Vipin Hooda spoke more generally about how the company is helping customer prepare for AI.
“First and foremost, we take our customers through an AI assessment, which is a combination of stakeholder interviews, workshops and technical assessment which essentially provides customers with a snapshot of where they are in the AI journey, making them understand their data landscape, risks involved, what the technical maturity and user awareness levels are for their environment, followed by a remediation and adoption roadmap to AI, and power their people and business with tools such as Copilot for Microsoft 365," he said.
Hooda encouraged partners to look at the credentials of their partners.
"As compliance is key to maintain customer's trust and confidence, as a trusted managed service partner it is crucial for us to extend the scrutiny beyond our own ISO security certifications to third-party vendors and partners too as auditors and cyber insurers are increasingly asking customers about the compliance and certification status of all involved parties," he said.
"It not only assures customers that their MSP will handle data responsibly but also the vendors or partners that their MSP works with will too."
Leaning on others
IT partners’ ability to provide the gamut of customers’ cybersecurity requirements remains an ongoing topic of discussion.
Reece Appleton, regional director for ANZ at event sponsor Huntress, commented that “MSPs typically don't have the security expertise, certainly at scale, to deliver the necessary offerings to support their customers particularly on 24x7 basis. So, we've seen a lot of partners partner with the likes of us or MSSPs to deliver those services.”
Marc Beder, APAC general manager of event sponsor 11:11 Systems, talked up the company’s ability to assist partners with around the clock cybersecurity services.
“We've built a SOC we operate 24x7, which most organisations struggle to do, especially in Australia – it's very expensive to have people on the ground looking at screens 24x7. How can you simplify that and benefit from scale that's been established somewhere else?” Beder said.
He encouraged partners to consider the level of service provided by third parties. “Contrary to what most people think, the choice of technology is not the most important thing. Instead, [ask] am I getting the response when I need it? Is someone watching those alerts when I can’t? When you are breached, then what? Where do you recover to? How do you recover?" Beder said.
"For those that haven't been involved in a cyber incident, it's not a single recovery. It's not your latest or your most recent recovery point. In fact, that's the last thing you want to touch, because that's probably affected…It's assistance in the end-to-end that's part of that simplified security message. It's not just a point service that takes me half the way.”
Consolidating and automating the stack
Toolset consolidation was also on the agenda. Steve Stavridis, APAC VP of sales at event sponsor OpenText Cybersecurity, talked about bringing backup and recovery into this story.
“A lot of MSPs are nuts and bolts in security with less appetite or capability around the recovery aspect," Stavridis said. "When they’re dealing with cyber-insurance, cyber-insurance is mandating users are educated, but also mandating the ability to recover data."
"We're empowering our partners to move into recovery, with all the trusted tool sets, the intuition, the automation that's already there, but also thinking about business continuity, thinking about having infrastructure that's always on through HA (high availability), DR (disaster recovery) etc.”
"From an OpenText perspective, we talk about consolidating all those tools into a single portal from a procurement, management, operational standpoint, and at the same time providing API connectivity to all the third-party tools that are out there," he said.
Victor Guerrero, APAC director of channel and alliances at event sponsor NinjaOne, said that “Automating that whole stack is what's important…It's just a must have in order to get the economies of scale in order to be able to serve your clients properly.”
“Even just getting things right from the customer perspective when it comes to things like onboarding and off-boarding – there's a whole bunch of things that automation takes out at that human mistake level.”
Fuse Technology head of sales Peter Limnios encouraged MSPs to consider their current security stack before looking to build advanced offerings.
“Advanced security is one thing, but what are you doing in your existing stack? What's your core technology? How do we bring it back to basics? If you're investing in the shiny new products, but you haven't actually got your house sorted first, are you doing the right thing?” he said.
Limnios spoke about the importance of having a minimum security standard. “I think it’s really important now as an MSP that we actually do have a minimum standard to say if we're going to work together, this is where you need to be, it’s for your own good and it's also for our own good. So we start there and then we just tier up and take a modular approach.”
Simplifying cyberinsurance
SherpaTech COO Tim Stephinson spoke about the challenges cyber-insurance complexity can create for IT partners and their customers.
For example, claims can fall between professional indemnity and cyber-insurance policies: “The professional indemnity says ‘I exclude cyber incidents’ the cyber policy says ‘I exclude professional indemnity incidents’ and this can create problems where the insurer says ‘it’s not me! At claim time,’ Stephinson said.
Stephinson spoke about opportunities for IT partners and their customers to simplify this and other cyber-insurance complexities.
“If you can choose a provider that gives you a combined cyber and professional indemnity policy, you remove the potential conflict between those two policies and we can give more protection in the case of a claim.”
Next stop for CRN Channel Meets Security is Melbourne on October 9th. If you'd like to attend the Melbourne event, contact us. If you would like to sponsor CRN Channel Meets Melbourne, please contact Steven McDonald.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
