The government is telling your clients how to choose an MSP

The government wants to advise your clients on selecting a Managed Service Provider.  Will this help you, or hurt you?

The Cybersecurity and Infrastructure Security Agency (CISA) document “Risk Considerations for Managed Service Provider Customers” is a nine page guide meant to help organizations protect themselves and their critical data by understanding the risks surrounding outsourced IT.  While the intent here is good, the execution falls short.

The document was clearly not written for the main client base of Managed Service Providers, which is the SMB market.  It’s not an easy read and includes advice like “establish a supply chain risk council that includes executives from across the organization.”  How many of your customers are going to keep reading after that?

Another concern MSPs may have with the document is that it encourages a Shared Responsibility Model.  This is actually a good thing for MSPs.  When MSPs bring clients to us for help with cybersecurity and compliance, the client often has a misconception about what the MSP is providing for them for their monthly fee. This line can become even more blurry with hosted services and when the MSP completes the client’s cybersecurity or compliance questionnaires from the client’s customer or commercial insurer.

So will this help you, or hurt you?  It really depends on your decision to view this as a threat or an opportunity.  If you view it as an opportunity, you can share the guide with clients and use it to open the door to discussions around the need to protect themselves from increasing threats.  Alignment to a recognized framework could be the right move for many, others may just need some help determining where they are at greatest risk to make sure they have layered protection there. This type of proactive concern for their business is what turns vendors into partners.  Ignoring the document and hoping your clients never see it is choice that may keep the status quo going for now, but will likely come back to haunt you when the inevitable happens and you never helped them prepare for it.



Sign up for our Newsletter

Receive weekly emails for the latest cybersecurity news

Expand your team with Foresite

Enterprise-level cybersecurity and risk management for mid-sized businesses. Prioritize your security tasks and reduce the complexity of cybersecurity.