Security is the latest buzzword in technology, and everyone is looking at products and services to help secure their environment. What amazes me is that when you ask about documented Standards and Practices, I usually hear crickets chirping. Consider these common "best practices" you already follow:
When you go to the shopping mall, you lock your car, right?
If you have your tech kit with you, you lock it in the trunk, right?
When you leave for work in the morning, you lock the front door of your house, right?
You tell your kids not to take candy from strangers, right?
These are all forms of "best practices" that we follow without thinking, so why do we still open port 3389 for RDP? The common answer is that the client can't afford to implement an RDP gateway or licenses for VPN access. Then there are the outdated and unpatched systems. These are often needed to provide access to archival data, but are still on the network. Take them off the network or put them in a separate network with restricted access.
The questions you need to ask are:
- Can your customer's business survive if they lost every bit of data they had?
- Could they pay the "ransom" if their data was encrypted?
- What would be the impact to your business when your client suffers a loss because you didn't observer (or enforce) good practices.
We have Standards and Practices documents for many aspects of our MSP practice. These ensure that the work we do is consistent and follows reasonable and secure methods. Our "SAP" documents cover things like building web servers, creating a network time infrastructure, server disk partitioning, securing admin accounts, network segmentation, printer management, and building virtualization platforms (with specifics for VMware and Hyper-V). These range from as few as three pages to two dozen or more, depending on the topic and number of variations.
These are guidelines, not rules, that establish the specific configuration and "build" documents that the engineers follow. This takes some effort, but standards breed consistency and that provides a level of control over the environments. When you control an environment, you increase the overall reliability, which reduces your work and improves customer satisfaction.
The entire MSP Builder solution stack is built on standards and consistency. This allows us to develop automation that works well because it leverages the standards in our foundational products. This also helps with security - everything is designed and documented, not merely "implemented". If a risk is discovered, it's easy to identify the scope and remediate.
So - start small.. create some basic operational standards and follow them! Get buy-in from your engineers, because your business is only as good as your staff. Not sure where to start? We'll be posting ours in the document library in a couple of days. Use Google and see what others are doing and adapt to your environment. Don't delay.