Page 93 - Cyber Defense eMagazine forJune 2021
P. 93

·         Rethinking Unattended Access

                   Day-to-day desktop support in client environments should not require unattended access. What
                   if user support were instead conducted as attended support, with the end user requesting and

                   authorizing  remote  access  at  the  time  of  need?  By  requiring  user  consent  (that  cannot  be
                   overridden by checking a box in the RMM) to connect to or execute commands on user desktop

                   environments, the ability of an attacker to leverage an RMM platform to breach many customers
                   at once is greatly hampered. For endpoints that truly require unattended access, MSPs could use
                   privileged access workstations (PAWs) to connect to dedicated “jump boxes” within customer

                   environments.  By  segmenting  and  protecting  the  vectors  for  remote  access  into  a  client
                   environment,  an  MSP  demonstrates  their  understanding  that  with  great  power  comes  great

                   responsibility.

               ·         Utilizing Just-In-Time Access

                   Minimizing the number of always-on administrator accounts is a key component of managing
                   privileged  identities.  As  stewards  of  their  customers’  security  posture,  MSPs  should  insist  on
                   reducing the attack surface of always-on, unattended remote access into customer environments.

                   As Dan Ritch explores in the Thycotic cyber security blog, The Lockdown,  Just-In-Time (JIT)
                   access  seeks  to  authorize  privileged  access  only  when  it  is  required,  protecting  against

                   compromised administrator accounts and providing an audit trail for privileged access. A future
                   RMM built on JIT principles should include a mechanism for the customer to review, authorize,
                   and log requests from the MSP before granting privileged access to the environment.


               ·         Managing Single-Tenant Customer Environments

                   Do MSPs really need consolidated access to customer environments through a single pane of
                   glass, or could they administer customer environments individually without much of a trade-off
                   with efficiency? When it comes to the cloud, MSPs are already doing this. Today’s RMMs do not

                   support  meaningful  management  of  cloud-native  environments  such  as  Microsoft  Azure  and
                   Office 365. Emerging tools such as Microsoft 365 Lighthouse aim to bridge the gap, but MSPs
                   may be wise to reconsider the necessity of aggregating all customer environments and seek out

                   different styles of management.

                       3.  Modernizing IT Service Operations Through DevOps

                   It’s not just a problem of tooling. As an industry, MSPs are overdue for an upgrade of their internal

            processes and practices. Observing enterprise trends in IT operations over the last 5-10 years may prove
            useful for breaking out of the “locked-in” mindset that RMM ecosystems can perpetuate. Specifically:






            Cyber Defense eMagazine – June 2021 Edition                                                                                                                                                                                                93
            Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.
   88   89   90   91   92   93   94   95   96   97   98