consider DevOps. Many MSPs are small businesses, but a shift toward thinking of themselves as an
            enterprise with many business units (i.e., clients) may be a helpful first step toward building operational

            maturity – an imperative for strong cybersecurity practices. Meeting the diverse operational, security, and
            compliance  requirements  of  an  MSP’s  various  “business  units”  does  not  have  to  mean  sacrificing
            efficiency. To the contrary: for over a decade, enterprise IT teams have successfully integrated practices

            like DevOps to manage evolving business requirements at scale.

                   MSPs may not be developing code or forcing agile development cycles on their helpdesk teams,
            but they are well acquainted with operational issues ranging from resource constraints and bottlenecks,

            inconsistent system administration practices, to lack of control or visibility into the execution of customer
            projects. Incorporating iterative, repeatable processes and paying off technical backlogs (internally and

            in customer environments) are goals that any MSP can get behind, and DevOps offers a roadmap to
            achieve them.

                   The Phoenix Project, a 2013 “novel about IT” by Gene Kim, Kevin Behr, and George Spafford, is
            an excellent introduction to these concepts. Implementing DevOps begins by tracking and prioritizing

            work  objects,  identifying  bottlenecks  and  blockers,  and  continually  resyncing  on  those  work  items,
            problems,  or issues. As MSPs develop  a DevOps-like operational capability, they will soon find that
            concepts like infrastructure-as-code and configuration-as-code, widely adopted in the enterprise, have

            already solved some of the major gaps that exist in RMM platforms, such as how to manage single-tenant
            customer environments in the cloud.

                   Future iterations of RMM could support MSPs in this evolution by enabling the management and

            deployment of configuration-as-code. What would it look like if a company like HashiCorp made an RMM?
            We imagine that it would provide strong controls around least privilege, separation of duties, JIT access,

            and programmatic review of privileged activity, and it would all be fully driven by APIs. That’s an RMM
            that the security-first MSP could confidently adopt.



            We Say We Need an Evolution

                   The RMM platforms used by MSPs today are not up to the task of meeting modern cybersecurity

            challenges. MSP tooling and practices must evolve to keep pace with the threats facing service providers
            and  their  customers.  As  an  industry,  MSPs  play  a  critical  and  privileged  role  in  securing  the  U.S.
            economy, especially small businesses. It is time for MSPs to rise to the occasion by adopting “security

            first” as a core business value, even if it means challenging the status quo in process and tooling.








            Cyber Defense eMagazine – June 2021 Edition                                                                                                                                                                                                94
            Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.