Have you heard about the recent massive ransomware attack? This one was aimed at the supplier to the MSP industries and distribution. Supply chain hacks are nothing new. Remember the Target hack happened because of a network connection to their HVAC vendor. (It’s a great story, and if you don’t know what happened I will be happy to tell it to you!) These supply chain attacks will continue to happen with MSPs being at greater risk because of the work that is performed for their clients.
What does the world look like in 2 years? For any vendor that you are sharing data with you will be sending out a questionnaire asking how they are protecting the shared data. If they ask for a network connection, there will be documentation, risk reduction will be completed, and audits to ensure that only the data needed is shared. These have always been the goals of IT.
An IT Administrator sets up a VPN once or twice a year on average, so to get it working they start with it completely open. Once they get the connection up and running the client is happy and they move on to the next fire.
The issue is that the job is not complete as it hasn’t been locked down, documentation created and customer updated security policies identifying the risk. Let’s face it, technical people got into the field because they love technology. Doing the paperwork is not why they took the job in the first place.