Managed Service Providers (MSPs) create risks for their clients in several ways based on the following practices:
Overuse of Persistent Agents: MSPs often deploy multiple persistent agents (patching, antivirus, backups) across client environments. While some of these agents may perform needed functions, they are primarily selected for the convenience of the MSP, not the security of the client.
Persistent agents present a broad attack surface for cybercriminals, as each agent represents potential entry points into the client's
systems.
Remote Access Without Consent: MSPs often have the capability to remotely access client systems without the user's direct consent or knowledge. This includes remote control of devices, remote script execution, and transferring of files. While this facilitates easier support, it also creates significant security concerns, as unauthorized or unnoticed actions could occur. If malicious actors exploit these capabilities, they could compromise sensitive systems or data undetected, putting your patients and organization at risk.
Credential Control and Management: MSPs typically store and manage a wide array of sensitive credentials for their clients, including usernames and passwords for systems handling critical healthcare, financial, or personal data. These systems are rarely under the direct control of the client, often times store credentials in unencrypted formats, and can even be inaccessible to the client such that they are unable to directly confirm removal of revoked credentials.
Lack of Transparency and Client Control: Most MSP’s have an unprecedented level of access and control over client systems and infrastructure. Rarely are access logs and/or recordings of remote sessions made available as part of regular service delivery. Without mechanisms allowing you to revoke access, and monitor the MSP’s actions, there’s a gap in security and accountability.
The reliance on multiple persistent agents, lack of clear consent for remote actions, improper handling of credentials, and insufficient oversight over partner supply chain introduces security risks that can be exploited by malicious actors. As a TSP, Envision’s practices minimize and can even eliminate additional agent use, ensure transparency, and empower clients with oversight of critical credentials and remote access.