As an MSP owner, what's going on in the world of tech news is important, here we're bringing to you the highlights from the week to keep you up to date.
Table of Contents
Amazon Takes on Microsoft and the Department of Defense
Amazon and Microsoft have an MSP clash over JEDI, a joint project of Microsoft and the Department of Defense that focuses on the defense infrastructure cloud. Amazon is crying foul citing President Trump's ongoing attack against Amazon, referring to his tweets as a public record. Further, they feel he unfairly intervened in the procurement process leading to Microsoft's selection in the bid process.
The Department of Defense says not so, but Amazon has now taken the matter to court and only a month before JEDI was to be released. They're hoping to stall the release of JEDI until the case is settled.
Forget Magical Thinking: Cloud Security Security Threats Solutions lie with DevSecOps
The Cloud Security of containerized applications is at risk. Especially with "security teams believing that simply issuing decrees to over-stressed developers will be effective," says David Christian of Channel Futures. This method never worked for any previous technology, so it is "magical thinking" to believe it will now he ascertains.
Of course, there are many security issues when it comes to containerized applications. David suggests that the DevSecOps teams contribute code or take part in discussions with development teams. Besides, he suggests robust IAM policies and strict automation with no human access permitted for containerized applications in the cloud.
The Microsoft Azure Leak
A Microsoft customer support database was discovered by researchers fully open to the public internet. It had no encryption or passwords, nothing to restrict access to their 250M customers' private information. Once made aware of the issue, Microsoft realized it was a major faux pax and took swift action to remediate the problem.
This mistake wasn't caused by Microsoft Azure. The fact is clients install resources without checking their security requirements. In this case, it was Elasticsearch that out of the box, it lacks security and needs extra steps to ensure that it meets security standards.
So, while Microsoft is shouldering the responsibility to ensure it doesn't happen again, this wasn't their fault.
Read full article here
Security Predictions for 2020
The new year has arrived on the coattails of security breaches from 2019. Most businesses hope that lessons have been learned and that the precautions taken by MSPs are enough to prevent new incidents. As we move into 2020 and the new decade, there have been a lot of cybersecurity predictions and trends grabbing headlines. We have highlighted only a few of them here:
- The Shortage of Quality Cybersecurity Professionals
- Cloud Security Concerns
- AI and Machine Learning
- IoT Security or Lack of It
MSPs User Password Reset Security Practices
These days with many businesses using MSPs, security for even password resets is required. Users are calling a help desk that is off-premises so that it could be anyone saying there Joe Smith calling for a reset. How do you know if it's Joe or an impersonator?
It's best to have a standard practice when users call for help. There are a few ways to verify someone calling for support under different scenarios. Here are a few options you can use for password resets:
- Verify biographical information like their date of birth, as an example.
- Call them back at their direct number stored in their profile.
- Conference in another staff member who can verify their voice.
- Call the main switchboard number and ask to be transferred to them.
If you don't recognize the voice, always verify. Full thread is here
MSPs Discussion: Sending a USB Repair Stick
The discussion of the day, whether to supply clients with a USB stick that contains recovery software to fix routine problems. Most MSPs seem to side with visiting as it keeps the client happier. Depending on the environment, there are other possible solutions to consider first. Remote desktop for one.
The MSP consensus seems to be to try everything else before sending a USB stick or visit.
CompTIA+ Lobbies Against the Right to Repair Bill
CompTIA+ the provider of A+ certification, among others, have come out to lobby against the Right to Repair Bill. Many are shocked that they have made this move when historically they have been helping people get qualified to perform this kind of work.
Louis Rossman, a well-known youtube vlogger, posted a video on the issue, along with many others. So, why is this important? It seems as though CompTia+ is mostly trying to block small businesses from being able to provide these services. It is puzzling to many why they have taken this step.
PowerShell: Increasing Office365's Secure Score
Have you heard of Office 365 Secure Score? If not it's a security analytics tool and script developed to help increase your security in the cloud.
This script was referenced in both the MSP's' Us discord and the ITPP Slack channel, so it seems worth mentioning. It increases your Secure score by about 70 points and allows you to move mail with a high confidence spam rating to the Junk Folder. All-in-all, it's quite a beneficial add-on.
That's a wrap for this week's MSP news. I hope this week's news brought you as an MSP helpful information. Check back here for the next week's highlights.