Page 94 - Cyber Defense eMagazine forJune 2021
P. 94
consider DevOps. Many MSPs are small businesses, but a shift toward thinking of themselves as an
enterprise with many business units (i.e., clients) may be a helpful first step toward building operational
maturity – an imperative for strong cybersecurity practices. Meeting the diverse operational, security, and
compliance requirements of an MSP’s various “business units” does not have to mean sacrificing
efficiency. To the contrary: for over a decade, enterprise IT teams have successfully integrated practices
like DevOps to manage evolving business requirements at scale.
MSPs may not be developing code or forcing agile development cycles on their helpdesk teams,
but they are well acquainted with operational issues ranging from resource constraints and bottlenecks,
inconsistent system administration practices, to lack of control or visibility into the execution of customer
projects. Incorporating iterative, repeatable processes and paying off technical backlogs (internally and
in customer environments) are goals that any MSP can get behind, and DevOps offers a roadmap to
achieve them.
The Phoenix Project, a 2013 “novel about IT” by Gene Kim, Kevin Behr, and George Spafford, is
an excellent introduction to these concepts. Implementing DevOps begins by tracking and prioritizing
work objects, identifying bottlenecks and blockers, and continually resyncing on those work items,
problems, or issues. As MSPs develop a DevOps-like operational capability, they will soon find that
concepts like infrastructure-as-code and configuration-as-code, widely adopted in the enterprise, have
already solved some of the major gaps that exist in RMM platforms, such as how to manage single-tenant
customer environments in the cloud.
Future iterations of RMM could support MSPs in this evolution by enabling the management and
deployment of configuration-as-code. What would it look like if a company like HashiCorp made an RMM?
We imagine that it would provide strong controls around least privilege, separation of duties, JIT access,
and programmatic review of privileged activity, and it would all be fully driven by APIs. That’s an RMM
that the security-first MSP could confidently adopt.
We Say We Need an Evolution
The RMM platforms used by MSPs today are not up to the task of meeting modern cybersecurity
challenges. MSP tooling and practices must evolve to keep pace with the threats facing service providers
and their customers. As an industry, MSPs play a critical and privileged role in securing the U.S.
economy, especially small businesses. It is time for MSPs to rise to the occasion by adopting “security
first” as a core business value, even if it means challenging the status quo in process and tooling.
Cyber Defense eMagazine – June 2021 Edition 94
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.