The Benefits of Providing Identity Management Solutions

MSPs and integrators can benefit greatly from introducing identity management solutions and education to their client packages. Here’s how.

Leave a Comment
The Benefits of Providing Identity Management Solutions

If there’s anything we’ve learned from speaking with so many MSPs, it’s that the way lower level employees use personal data can often affect their business data’s security — but the dangers can be avoided with identity management solutions. Is your MSP or integration firm providing them?

What is identity management?

Simply put: identity management just means the processes in place for authenticating individuals accessing apps, systems, or networks.

Things like:

  • using password managers — i.e. EVERY website/service has a different, complex password
  • employing multi-factor authentication — especially on all BYOD devices, the mailbox, email, etc.
  • establishing (and regularly updating) a list of trusted sources — that way, employees will know who and how potential phishers may target them and with what data they might try to do so with

But whether you’re a typical AV integration or a managed service provider (MSP), there’s always a chance that your clients’ lower-level employees aren’t using your apps, systems, or networks correctly, presenting obvious security risks.

What’s worse, some of those individuals’ personal data habits might be the problem, according to Raffi Jamgotchian, president/CTO of MSP Triada Networks.

“We had a client whose personal info was being used in online attacks,” he said. “For example, their secretary was contacted with info showing it was the CEO contacting her using info he would have known.

We’ve seen overt extortion, something like ransomware, threats, etc. But they had enough information on the victim to make it seem legitimate.”

A common attack goes like this:

  • An office manager or personal secretary is contacted
  • The message contains information that the supposed sender would know/phrased in a way they would phrase it (this is actually the attacker using social engineering to their advantage)
  • The employee is asked to complete a task — such as providing critical business data, buying and revealing gift card codes, etc. — and confirm this via email or phone

Edward Mana of MSP company Technology On Demand says one of his clients was contacted about a bank transfer. But this time, it was the company’s physical mailbox which was compromised.

“When they can look at sent mail, and know a company’s website and mail habits, that’s dangerous,” Mana says.

“When you think about it, how many people leave building access and proximity cards in their personal vehicles?”

Selling identity management services

As an MSP or integration firm, there are several ways you can transition to adding identity management services to your new and existing clients’ packages. Here are the steps necessary to doing so:

Proving its worth

You need to foster awareness of what client information (personal and business) is currently open for attacks. 

We engage with customers at annualized tests (penetration, network intrusion, phishing exercises, etc.), we’ll also find key employees/execs what info of theirs is available online. That info will be leveraged for social engineering,” says Jamgotchian.

Offer a pro bono scan, demonstrate any dangers, and from there, show these dangers are legitimate concerns, and that monitoring them on an ongoing basis should be part of their bundle.

Use tools you’re already providing them to expand into their personal web identities.

Drive the message home in an educational way

The engagement described above shouldn’t be a one-time thing.

“Realistically, it’s a constant communication,” says Mana.

“You can’t just send one newsletter. If we give them best practices like using MFA, we then go through with constant security reviews. It’s not a call every single time, ‘user one, how are you? User two?’ It’s more of a ‘while I have you on the phone, have you had any issues? How come your personal emails aren’t set up with multi-factor?‘” he says. 

Bundle wisely

“We’re running into ‘recurring revenue resistance,'” Jamgotchian says. “You have to be creative with your bundling: a few years ago, we over-bundled, with a package fee which kept putting more and more in the bag, leaving a lower margin for us. You have to make arrangements to get yourself out of that situation.

Identity management benefits to MSP/integration businesses

Identity management solutions benefit more than just your bottom-line: they provide an opportunity to connect deeply with your clients, proving you are looking out for them beyond the typical contract-fulfillment. 

There are also some business efficiencies to gain from communicating these concerns to clients.

“It results in less noise from clients, less ticketing, less potential for breach – we’ve not had a client who has had a significant breach,” says Mana.

Read Next: 4 Steps for Creating a Cyber Security Strategy for AV Clients

“Any time we’ve had any sort of problem, it’s always because we’ve allowed ourselves to accommodate the client. No good deed goes unpunished. When we’re trying to accommodate a CEO, that’s when we get into trouble, not when we’re enforcing. We’ve now drawn more clear lines in the sand with equipment, firewalls, and the IT environment as a whole. On one hand, we may be less accommodating, but on the other, we own our environment and know what to expect.” 

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!