John Ford serves as the VP & CISO of the newly established ConnectWise Cybersecurity Center of Excellence (CCCoE) Mr. Ford brings over twenty years of experience to ConnectWise serving domestic and multi-national organizations in all areas of Information Security and Compliance. Mr. Ford held several executive roles in the health care arena as a Chief Compliance, Chief Security, and Privacy Officer.
Before entering the health care industry, Mr. Ford held executive roles leading the global Information Security team at Tech Data, a leader in technology distribution, and also at SAIC, accountable for the integration of Security infrastructures spanning the intelligence, law enforcement, and department of defense communities. He began his career as a Security Engineer for Lucent Technologies where he held progressively accountable positions enabling the global build-out of the support and professional services functions for Information Security and Access Products.
Check out the ConnectWise and Cisco Webinar on Cybersecurity View Recording >>
Worldwide SMBs are projected to grow their spending on remote managed security to an estimated $21.2 billion by 2021, making it the highest growth area in the managed services market. Yet many IT service providers are shying away from this services goldmine because they don’t possess the people, process, or technology to address increasingly sophisticated cyberattacks. Ironically, your customers believe you are handling ‘all things’ security related, which begs the question; is there a way to have a common language to communicate and mitigate the ambiguity of ‘who owns the risk?’
Why does your customer feel you are responsible for ‘all things’ security related? Have you ever said any of the following things to a prospect and/or customer? “We are your outsourced IT department. We reduce your risk and exposure. Our Virtual CIO (vCIO) meets with you quarterly to ensure your business and technology requirements are in alignment. You pay one monthly fee that is outcome driven. We do it all!” For more than ten years, our industry has preached managed services at every industry event and customer/prospect engagement. Our industry has prophesized managed services and therefore conditioned our customers that ‘we do it all!’
With today’s attacks becoming more sophisticated, the days of securing ourselves and our customers through a tools-based model (endpoint and firewall protection, email security/backup, and DNS) are not enough. Some managed service providers (MSPs) have started to add phishing services with security awareness training, which is an excellent step in meeting compliance for security awareness training.
To recalibrate our customer’s mindset, we need to be able to speak a common language about how the threat landscape has changed, and what has worked for years, won’t work in the future. A cybersecurity risk assessment is necessary to identify the gaps in your customer’s critical security controls and to determine actions to close those gaps. Learning how to perform a risk assessment, and more importantly, the art of having the conversation about ‘who owns the risk,’ are the critical next steps an MSP should be taking with their customers if they are not today. Vulnerability scanning and continuous monitoring would be critical next steps, post risk assessment.
ConnectWise has an ever-evolving ecosystem that extends from the roots of our core platform. Our ecosystem consists of 160+ solutions you can purchase through us plus even more integrations available in our Marketplace. Learn how you can connect into the ecosystem in your own unique way.
See security experts from ConnectWise and Cisco as they talk about managed security and how you can prepare to offer it.