CFH #23 - Bill Brenner

[00:00:00] Managed I am the quest for an evolved identity experience and optimizing vendor relationships how to get in your partner's good graces. That in the latest news and trends in the managed security space, coming right up on Cyber For Hire

[00:00:17] Building bridges between managed security providers and their clients, it's the podcast where MSPs, VCCs, and end users take a united stand against cyber crime. This is Cyber For Hire. Struggling to monitor the growing threat landscape, pressure to reduce costs, security

[00:00:38] skill gaps, facing compliance issues, these issues can translate to operational, financial, regulatory and reputational risks to your business. Checkpoint can help. Checkpoint combines an MSSP Enablement Program, Cloud Delivered Multitennant Management, Stock Platform, and Superior Threat Intelligence capabilities to give MSSP's the confidence

[00:01:02] to grow profitably out of reduced risk. Checkpoint is 100% channel driven. We partner to deliver the best security everywhere. Visit MSSP Alert.com slash checkpoint. All right, welcome friends to episode number 23 of Cyber For Hire. How's everybody doing today?

[00:01:22] I'm Bradley Barth with SC Media in New York, and joining me today about five hours north of me on Interstate 95 is my fellow BB Bill Brenner, Vice President of Content at Cyber Risk Alliance aka the CRA, Bill is filling in for Ryan today, more on Bill's background later.

[00:01:43] First we got to get to the important stuff. Today marks the start of CRA's Identiverse Conference in Las Vegas, which I'll be covering in person. Last week I asked Ryan about Vegas Buffets this week Bill, I want to ask you about gambling

[00:01:59] as someone who often researches and reports on topics such as managing risk, how heavy of a gambler are you, what's your game, and do you like betting the soccer bets? No to the soccer bets.

[00:02:15] I would say I'm somebody that I think you have to take risks to innovate, and that's an all walks of life besides security. And I think it's true if you are in MSP.

[00:02:32] However, I tend to be more in the conservative side when it comes to how much risk I'm willing to take. For example, any buffet in Las Vegas to me that's too high a risk for my liking. So I'll eat somewhere else.

[00:02:54] But yeah, I think that when it comes to managing risk there has to be a middle ground. I think conservative most of the time, but no end to take risks. And it's especially challenging if you're an MSP or an MSSP because you're not just

[00:03:17] worrying about your own infrastructure, you're responsible for the infrastructure of other companies. And so to me, that does affect the risk level. Whereas I think if you were talking and in how security team, I think I would be more

[00:03:39] willing to be a risk taker though I still would not touch a Vegas buffet. All right, interesting. I don't know if I'm with you on the Vegas buffet. I'm a big buffet fan. It's worth the potential stomach problems later.

[00:03:53] The gambling I am with you, I tend to be more conservative play the games where you have your best odds against the house like blackjack. When I like to pretend like I'm interesting, I'll play some piegout poker because there's

[00:04:06] a lot of it's an unusual game and there's a lot of pushes, a lot of ties. No matter what I play, I usually end up losing. Well, anyway, I was curious to hear your thoughts on that bill.

[00:04:19] And there's plenty more to discuss today, but some news just can't wait, which is why we want to share what's top of mind today. So here's your headline courtesy of SC Media's Steve Zerrier. Researchers from proofpoint are warning of several API-based techniques that adversaries

[00:04:36] can employ against Microsoft Teams in order to fish for credentials or deliver malicious execute malicious executables. One technique involves using undocumented Teams API calls to create a malicious tab, one that points to a web-ized URL for instance, which you can then disguise as the original default tab.

[00:04:58] Another technique to abuse is to abuse Teams API calls to weaponize meeting invites by switching out default links with malicious ones. And a third tactic involves using Teams API or user interface to replace existing links in sent messages with malicious ones.

[00:05:19] While all of these exploits require the attacker to have previously compromised a user account or a Teams token, these types of compromises are not uncommon. So Bill, you know, Teams is a ubiquitous tool, one that MSSPs can certainly use for both internal messaging and external communication with clients.

[00:05:39] Why is this top of mind for you? Well, I hate to bring up the pandemic repeatedly, but I must because the way we do business, the way we interface with customers, the way we interface with clients has changed so drastically because of the pandemic.

[00:06:05] This is just another example of that where the use of Teams among other platforms for collaboration or video meeting for files sharing, the use has just exploded as we've kind of evolved into this hybrid workforce.

[00:06:30] And you know, Microsoft, who I think has really made vast improvements in how it approaches security since I first started focusing on the security industry 20 years ago, massive progress but it's one of the biggest platforms and so it still has one of the biggest targets.

[00:07:00] And to that end, I think that MSPs have to really be watching for much more of this than perhaps they were used to 10 years ago. And it's more cloud based, the attack surface has multiplied exponentially as a result

[00:07:23] and that makes vulnerabilities and attacks like this all the more worth doing if you're the bad guy. Absolutely. I actually, in point, yeah, Teams is certainly a tool that we've started to really see increased exploitation on the part of attackers and it's something that certainly

[00:07:49] is going to continue to be an integral tool so it's important to be aware of some of the latest tactics and certainly now that these tactics are out there in the public,

[00:08:01] you know, that's great for defenders in order to know, all right, we have to look out for this but of course it also makes potential adversaries aware that these are methodologies they can employ so better to act sooner than later in terms of putting in the necessary precautions

[00:08:19] against these latest techniques. So thanks for your perspective on that bill, that's going to be our top of mind hot take for the day but now it's time to move on to our info sec news and trends topic of the week.

[00:08:31] So presenting our big idea in security managed to I am the quest for involved identity experience. No, as I mentioned before today is day one of the I. Denver's conference in Las Vegas where leaders and security gather to discuss advancements

[00:08:49] in the world of identity and access management for MSSPs that specialize in managed IM services is important to stay on top of the latest trends including those revealed in a series of reports and articles that cyber risk alliance has published as part of its overall I.

[00:09:05] Denver's pre show coverage for starters CRA security buyer intelligence report on I am looks at the progress that organizations have made toward implementing user friendly I am the biggest pain points in peating their I am journeys and the tools and solutions that adopt doctors are prioritizing.

[00:09:27] So this back and forth session that I'm going to have with bill now will discuss these and other findings from CRA's coverage. Now we've got an excellent guest to take us through this discussion today and I'm not just saying that because he's my boss.

[00:09:41] He's today's guest go host bill brener VP of content at cyber risk alliance. Bill is an info sec content strategist researcher director tech writer blogger and community builder. He was formerly director of research at I.N.s senior writer slash content strategist at

[00:10:02] so-fos senior tech writer for Akamai technology security intelligence research team and he's been an editor and a writer for various online security news publications. So Bill as always we're going to jump right into it.

[00:10:17] So can you start by setting the stage for us a little bit by giving us a preview of what the 2023 I dentevers show has in store for us and then can you also detail some of the

[00:10:31] key research and reports that CRA has recently published around the topic of I am and especially focusing on why your findings are relevant to our managed services audience.

[00:10:45] Yep so at I.N.s I think a lot of the discussion is going to be around what we were talking about earlier when we were talking about that Microsoft attack you know there's there's

[00:11:03] the question of how to do security better and deal with a rapidly expanding attack surface in the cloud and the challenges there are especially true if you're the personal security team responsible for identity and access management or if you're the MSP or the MSSP that is providing

[00:11:25] identity access management for clients. Become a lot more complex in terms of risks and in terms of solutions and I think things that are going to come up are going to include zero trust. So cyber risk alliance has done three different

[00:11:51] surveys on zero trust and this is as part of our CBR reports so cyber risk business intelligence reports these are monthly surveys that we do that cover usually anywhere from two to 350 respondents

[00:12:13] per survey and the three that we have done on zero trust has painted a picture of this conflict and this is a conflict that shows up again in a CBR report we just did a

[00:12:32] month or two ago directly on identity and access there's this clash between getting rock solid security and doing so while maintaining a good user experience and the two do not always play well together zero trust in particular has been a challenge because

[00:12:59] you know a lot of vendors tend to sell zero trust as this security device that comes out of a box when zero trust is really a concept of philosophy with four pillars but it you know

[00:13:21] identity and access management is at the heart of that and it is difficult to have that minimal to no level of trust without making it very hard for people to do their

[00:13:38] work or to do business with you. And so I think that conversation is going to continue I think that they'll also be a lot of discussion around passwordless so there's a lot in the media there's

[00:13:56] a lot on SC that we've produced that gets into you know but the prospect that we may really see the end of passwords around the corner this has been something that people have been talking about

[00:14:12] for almost 20 years at least since RSA in 2006 when Bill Gates did the keynote and declared that his goal was an end to passwords of course 18 years later here we are still using them.

[00:14:29] We haven't gotten there yet but technology is really advanced in the last I keep bringing up the pandemic but it led to quantum advancements in what we can do and this is an example of that

[00:14:46] and so I think what kind of tools are available as alternatives to passwords how it will work how it fits into digital identities these are going to be discussion points and I also think

[00:15:05] that people are going to be talking a lot about you know we just had RSA last month and that conference overwhelmingly was preoccupied with artificial intelligence as a security threat and as a security

[00:15:25] enabler and I think at I'd deniverse a lot of people will be talking this week about where AI fits in in their environments and so those are just a few of the examples. Interesting I want to dig

[00:15:45] a little bit deeper into that cyber security buyer intelligence report on I am specifically I want to talk about certain implementation and adoption trends as part of the research you ask to IT and security professionals whether they're deploying identity and access management on premises via

[00:16:08] a cloud subscription as a hybrid model through a third party service or as a fully managed service and managed services came in last at only 8% a third party service was next the next least common

[00:16:22] response at only 15% so I'm wondering if there is maybe is there a trust issue here in terms of organizations still preferring I am to be one area where they feel that it's still under their control

[00:16:38] I'm curious to hear your perspective on this especially again considering our managed services audience and what those findings mean to them and how they shouldn't interpret them. Yeah I mean it definitely adds to a challenging environment if you are a managed service provider

[00:16:57] because the bigger the company the more reluctant they're going to be to hand over responsibility for this or somebody on the outside especially in this environment where third party providers are really under the microscope just because of the way that their use has proliferated in the last

[00:17:26] three years I think that if you are a managed service provider the places where you're going to find the most willingness if not trust the most willingness is you know your smaller companies that may not have full in-house IT and security team many of those so

[00:17:56] many if there is a lot of potential business but as you start getting to those larger companies I think that it becomes a lot harder to trust but I think that's something that managed providers

[00:18:12] have long dealt with and have long navigated so I don't think that's necessarily a new challenge so when you you mentioned that data point I think that that is not particularly surprising yeah

[00:18:31] I want to also talk about pain points based on your reports findings it seems like organizations perception of which pain points are most difficult to overcome those perceptions seem to shift depending on how far along the company of the organization is with its IM implementation

[00:18:54] those that are still in the planning phases sort of aka the future adopters seem to have different responses than current adopters where IM was already better established within their organization so could you share with us some of the findings there and is there any explanation for why the

[00:19:17] perspective does seem to change yeah I think it all it all comes back to the way the technology for identity has advanced particularly around digital identities and past-wordless I think when you look at the data

[00:19:40] you see the shift to fully cloud based identity and access management and changes scary there are so many offerings out there to choose from and not enough guidance on how to choose and select what you're going to use especially if you're a managed provider

[00:20:11] and you're you're going to the channel the your options that there's just so much to choose from and I think it just speaks to the care that managed providers need to take when they are

[00:20:26] proceeding I think if you're you had mentioned current adopters versus those who've been doing it for a while and I think if you're current adopter it's it's a little less of a shock, a little less of a

[00:20:45] culture shock because you're growing up in this environment whereas if you're somebody who has been responsible for identity and access management since let's say the early 2000s this is a new scary world a lot of security practitioners a lot of managed providers

[00:21:15] I think have done a decent job keeping up but misfires are really easy in this environment because things are moving so fast and by the way for the record among the future adopters the top two

[00:21:32] most commonly cited major pain points were unaffordable i.m. products and strain budgets and among the current adopters and implementers the top two challenges were identified as zero trust implementation and time constraints also even after the i.m. implementation is completed doesn't mean that

[00:21:57] your organization is entirely in the clear you simply reach the next challenge which is securing buy-in from your user base whether the users are your employees or your customers so finding the sweet spot in terms of security versus user friendliness still seems to be

[00:22:18] a major focal point for a lot of organizations. I think this is the biggest challenge right now that everything has become so complex and you have users that are doing business with you or working

[00:22:37] for you or with you as a contractor from anywhere you know we're not in these contained environments anymore and that makes this a really big moving target and I think that's where you

[00:22:54] start to see that concern and so when we talk about the pain points i go back to it I said a few minutes ago about zero trust and what we've seen in recent cbr reports there where it's

[00:23:11] very difficult to accommodate a workforce that spread out all over the planet and you have things that become issues like the harder it is to use the technology that's assigned you the more you're going to start engaging in shadow IT so working around

[00:23:36] the things that are inconvenient with your own personal devices which opens up a whole new gigantic can of worms at the conclusion of the cbr documentation cRA offered five key recommendations to readers do you want to share some of them with our audience particularly

[00:24:04] ones that you feel like are especially pertinent to our audience? Yes I think give me a second because I want to really speak to the MSP audience here. I think it's important to note that these five

[00:24:25] tips tend to be for general audience so let's get specific and for that just give me a moment so a few practices a few tips that will help organizations really move the identity access management goal posts forward are you know having an identity access management game plan

[00:24:55] so depending on your organization and depending on whether you use managed services or provide them you have you're going to run into a lot of questions as you consider rolling out updated identity access management policies so you really have to pick through

[00:25:19] understanding and documenting what the roles and responsibilities of stakeholders and end users do the policies comply with existing agreements and regulatory frameworks. How much communication and training is needed to get the workforce on board with these developments so

[00:25:41] developing an identity and access strategies critical to really make the right decisions clarify expectations and make progress on benchmarks along the way. The other thing that will help you move the goal post is and this is the heart of it, this is front and center keeping the user

[00:26:06] experience top of mind you know identity and access management should never break the user experience yet you know as we see in the survey results this is a persistent concern among respondents. I'll actually quote one respond and two said quote it can be difficult at times to find

[00:26:29] the balance between a better streamlined user experience and high security practices. Not disrupting the end user is difficult and requires more people than we currently have devoted to the project. Now if you're on the managed services side that becomes all the more slippery

[00:26:50] but really every decision you're making has to factor in how do you provide the best possible identity and access management without making it a hellish experience for your users, whether they're customers or whether they're employees, whether they're contractors. The other thing is

[00:27:17] identity and access management it's not a set it and forget it silver bullet that's going to eliminate all of the breaches out there on some for all. It's you know really about iteration, not full immunity it's having solid security but having the ability to constantly

[00:27:42] make the upgrades and get better over time. So organizations can significantly reduce their attack surface by for example focusing on even one or two projects at a time instead of trying to eat the entire apple at once. So perhaps that may mean introducing multifactor authentication

[00:28:15] to a subset of the company you're working with before scaling it more broadly. Maybe that involves testing out analytics software that establishes a baseline of network activity. Whatever it is your focus is moving the goal post in small doses rather than trying to

[00:28:37] blast across the field in one big sprint. The other thing is think of identity as the perimeter we used to talk about perimeter security and the context as it being the mode and the walls

[00:28:56] around the castle to defend the castle and then people started operating from all from everywhere, especially during the pandemic. And so identity the perimeter is changed but really when he get down to it identity so individuals doing business with you or working for you wherever they are

[00:29:22] the world they are the perimeter now and so it really has to be about how this massive uptick and remote workers endpoints and connect from anywhere assignments you know can be made to work better.

[00:29:41] And then finally another piece of advice in the report is consider allowing with an identity access management provider. Now this is this is a no-brainer in my view there are a lot of companies out there that specialize in assisting you with configuring identity access management solutions

[00:30:05] and policies. Consider looking in any companies that can offer affordable solutions that can help you build on what you have. Excellent run down of some of the various recommendations that your report has to offer and certainly there are a lot of very relevant findings to our audience

[00:30:34] that might be of interest to our viewership so bill before we wrap up this conversation just give a reminder to our listeners once more in terms of where they can find both the CBR report but also just the full identifers sorry the full identifers coverage package

[00:31:00] that we're offering and that's up and running over these next couple of weeks. Yep so you'll want to check back on the SEMedia homepage regularly we have a special page set up with identifers coverage and so there you'll see coverage that we've already done ahead of the event

[00:31:27] you'll see content that we produce during the event and you'll want to check back after identifers because we're going to keep adding to that section but for finding the CBR reports

[00:31:43] if you go to our resource section on SEMedia all of the resource articles a huge chunk of those our articles that are based on different parts of the report any of which will link link you directly

[00:32:02] to the report you can also access all of the CBR's via the cyber risk alliance homepage so if you go to the site and you click under if you click under you see all of your options at the bottom of the home page

[00:32:30] and you can click on to the iDeniverse link that's right there and that will at least take you to the CBR on identity and access management you can also click on the business intelligence page where

[00:32:51] we have all of these and a shortcut that I take if you go to the about on the home page of cyber risk alliance and you go to press you will see press releases and most of those press releases

[00:33:07] are about the CBR's and all of which will link you directly to them. All right excellent and I would be remiss not to also mention that if you go to the SEMedia website under the events tab

[00:33:20] you can find the e-sumits and they're back in April you can you can pull up an on demand two-day e-sumits on identity and access management too which has really some excellent coverage of some key I am issues everything from finding support for your I am program throughout your

[00:33:39] organization to things like paying for MFA as a premium service in some of the controversy and debate around that that and a lot more there's definitely a lot of food for thought there as well

[00:33:54] bill before we move on to part two of our episode I wanted to get to know you a little bit more with a segment that we like to call we speak geek. Now this is sort of a show and tell

[00:34:09] type game where we embrace the geek culture the people typically associate with the cyber nerd community because at the end of the day everybody is a little geeky about something so bill I mean

[00:34:21] just looking at your work environment right there I mean you have to be geeky about something there I feel like you could almost pull anything from your immediate environment around you and

[00:34:30] hold it up and say this is what I'm geeky about so so bill how do you speak geek. So I think the best way to demonstrate how I speak geek is to show you it's behind me

[00:34:41] so I geek out over music you can see right there let me from motorhead I have these miniature guitars a lot of the Eddie Van Hale and guitars is Jimmy Hendrix right there. I'm also very much into the Star Trek universe and others sci-fi so

[00:35:06] I have my one of my prize possessions is the Jean-Luc Picard Face Pum, a flux capacitor from back to the future. A cling on batleth which is a sword this is real I've cut my hand on it a

[00:35:23] couple times it has the added benefit because it's metal like and pop all of these magnets onto them and that's great I mean those are all amazing conversation pieces I'm sorry go on what else

[00:35:38] were you going to bring out there's a phaser that's from the Kelvin is it set to start what is it set to what is it set to it's set to kill is it oh come on you got to set it to stun man

[00:35:52] phaser safety phaser safety let me yeah so this is stun okay red that's kill all right and are those the only two settings I I do yeah I mean what other settings would you need for a phaser

[00:36:17] right like sleep maybe or something I don't want to stop somebody or or you either want to stop somebody temporarily or permanently so I guess that's true there's not going to be like a

[00:36:29] a tickle setting I also I also collect a lot of stuff at security conferences so cards for example and I know the mirror we have the mirror effect going on but these are cards against security

[00:36:45] which came from four to the side per version of cards against humanity that's great yeah these these are all fantastic you know these are the type of things that when you're you know conducting an

[00:36:58] online meeting you know you're you're trying to establish some you know rapport with somebody they see one of these things that they have in common with you and it instantly creates this bond

[00:37:10] and in fact with the star trek stuff especially I think you're maybe the third person we've had on on the show which really geeked out about star trek so it's it's clearly you know a very

[00:37:23] popular pop culture item that's celebrated amongst our our cyber community but with that I appreciate you sharing your little museum collection they are of all sorts of cool items but

[00:37:38] we're out of time for the first half of our show but we're still not going anywhere we got a whole second half left to go so please come back we're gonna have our big idea in business which is

[00:37:47] optimizing vendor relationships how to get in your partners good graces that and a lot more coming right up so we will see you in a moment on the other side all right welcome back to cyber

[00:38:02] for higher the managed security podcast once again I'm Bradley Barth with SC media in the first half of our show we talked with Bill Brenner at cyber risk alliance about recent identity and

[00:38:13] access management trends right now I'd like to welcome Bill back in to examine our MSSP industry strategy topic of the week presenting our big idea in business optimizing vendor relationships how to get in your partners good graces obviously managed security providers want to optimize

[00:38:36] their rapport with customers but don't overlook the importance of fostering a mutually beneficial relationship with your cyber solution vendor partners as well and this segment will look at how MSSP can best leverage their vendor agreements to ensure they're receiving top-notch responsive

[00:38:52] service and the gaining access to the most up-to-date solutions in the most flexible pricing plans Bill where are MSSP's most guilty of not extracting the most out of their vendor relationships what assets are they not leveraging what are they not asking for that they're entitled to

[00:39:14] so I'm not going to single out managed providers entirely because this includes them but is also not limited to them and that is communication with your providers with your with your vendors there tends to be the habit of you have your security solution deployed

[00:39:40] and unless something really specific goes wrong or there's an attack really blowing up in the news people are not spending enough time just communicating with the vendors and this this the shoe is on the other foot too vendors are all over the place when it comes to

[00:40:07] regular communication and management of customers using the technology in the field and I think really having that you should be touching base with with your vendors on a regular basis whether that's weekly whether that's bi-weekly whether that's

[00:40:32] monthly but just having that communication when there's an update to be made or when something bad is happening those are all situations that are communications that happen under stress and that isn't always conducive to working well with each other so to me that's

[00:40:58] that's one of the big things to me the best vendors out there take their account management deadly seriously and are having regular meetings to go over what's working and what's not so to me that that's that's really one of the huge items

[00:41:25] I know you said you don't want a single out MSSP is because obviously vendor relationship management is something that all all organizations need to contend with but from the vendor perspective

[00:41:37] I'd be curious to ask you do you feel like vendors see MSSP's as just another customer or are they a power customer because they are effectively exposing the vendor solutions to a multitude of

[00:41:52] client organizations and if that's the case can MSSP's leverage this status as a as a power user get across that hey you might want to treat me as a VIP here because I have that

[00:42:06] multiplier effect with working with all of my clients and exposing them to your solution yeah well interestingly enough I think where you find vendors doing best at their communication with clients it's they focus on the power users the you know the VIPs as you put it

[00:42:32] and it's often other parts of the organization that have responsibilities tied to your product that need regular communications now if you're a vendor you can't do one on ones with everybody all the time but there are things that you can do to make sure that you're speaking

[00:42:57] to those who may not be the VIPs and that includes newsletters that you can be creating for them regular email tidbits tips, news updates here things happening in the news that you should be watching out for

[00:43:21] when it comes to security and here is how you should be using our product for that specific challenge I think those are some things that help for sure but it really is if the two sides are talking to each other unless there's a problem well that's a problem

[00:43:49] well right because you're not going to serve the client the best you can and you're not going to use the product if you are the client as best you can for your environment absolutely I mean at the end of the day it is a two-way relationship right so

[00:44:09] if you're an MSSP and you've got certain vendors that you'd like to see a better relationship with it might be that what you get out of the relationship also depends on what you put in and

[00:44:24] actually if we're also even being candid here in some cases there might even be a little bit of a quid pro quo to these relationships where it becomes where you really trying to create a a mutually beneficial relationship on both sides where we're both sides really getting something

[00:44:43] out of having a closer relationship would you would you not agree I would so in your mind what would you say should be of highest priority for managed service providers coordinating with their their vendor partners

[00:45:05] what what if if they want if you were going to say you know be a little more assertive be a little more forward state what it is that you want out of this relationship what what in your mind should

[00:45:16] be at the at the top of their list so in this part of the communication I really do think that MSSP's have our responsibility to keep the feet of the vendors they use to the fire

[00:45:35] you have to always be coming back and asking questions you have to hold them to the standard where anytime a change is made somewhere it's communicated anytime and update is not just ready to

[00:45:54] deploy but in the works and is going to be deployed within save that following month needs to be communicated so communication you know I know I've spent a lot of time talking about how both sides

[00:46:10] can do it but when it comes to the managed provider side you really just have to constantly be asking questions about what's what's new will kind of update or around the pike how can I prepare

[00:46:30] now for when that's ready to deploy how are we you know are there ways that we're using you in our environment that is not as optimized as can be let's talk through that but yeah you

[00:46:47] have to constantly keep a vendor's feet to the fire and I think most most of the vendors would tell you the same thing absolutely and it's really it's the nobody wants to do a

[00:47:03] poor job you know oh no absolutely not and I mean at the end of the day the the managed services provider working with these vendors again you know they need to also understand what's

[00:47:14] highest priority for them and be able to as you said communicate communication so often is the key that's been an ongoing theme through so many of our episodes already build in in cyber for higher

[00:47:27] is really being able to you know communicate you know your wants and needs with your with your partners with your clients so if you're looking for more responsive service if you're looking for you know what's what's the newest most up-to-date solutions if you're looking for more flexibility

[00:47:43] in your pricing plans you know these are the type of things where you absolutely need to speak up and certainly vendor relationship management will be an area that we will explore in several future episodes as well as we dive even deeper into into this topic

[00:48:03] for this particular episode due to some time constraints we're going to have a little bit of an abbreviated episode or a little bit of an abbreviated part two of our show so we're going to move on

[00:48:15] from here to the next segment of our show which is called Dear Cyber for Higher and now this is an advice column segment where we get to play marriage counselor between managed services providers

[00:48:27] and their clients to help men fences when the relationship goes awry and so the following letter that we present here has been dramatized and anonymized to protect the innocent but the conflict

[00:48:40] represented here is a very real problem that companies face and so so so build them about to present to you this scenario as always we've got some very juicy MSSP melodrama to present to our

[00:48:56] audience today and this one is going to come from the client side of the relationship so fellas cue the music dear cyber for higher I'm not sure why I'm even bothering to write the

[00:49:11] email it's not as if you're going to acknowledge it I'm just a lonely voice in a vast hollow echo chamber longing to be heard I'm sorry I'm not being fair to you but that's how I feel sometimes

[00:49:26] because my MSSP partner has become so uncommunicative whenever i email my account manager with an issue that requires his attention it takes what seems like an authority for him to respond via email

[00:49:40] I know I'm not as only client but sometimes I wonder if he's this way with all his partners or just me am I the unreasonable one am I too impatient perhaps I do send a few too many emails what is an

[00:49:54] important waiting what is an appropriate waiting time to hear back when I send out an inquiry sincerely increasingly ignored insecure and impatient in Indianapolis Bill in an earlier episode with Ryan we had a letter that complained of an on-response of customer support

[00:50:14] help line now this is a little bit of a different offshoot of that here we have the person in charge of of managing your case not really being timely with their response on the other hand some

[00:50:26] questions or maybe more high priority than others and as acknowledged in the letter sometimes the MSSP may be bombarding the client with communications so what's typically considered a good practice here how long should it take for an MSSP to respond to an email when should a client feel

[00:50:44] emboldened enough to follow up so that it's a harder question to answer than if they could seem on the surface you know in my in my world view communications like this should be same day you have a question you get a response and some guidance same day

[00:51:13] because insecurity things are moving so fast that it to me it's not okay if you know if you're if you're the MSSP and your client comes knocking with an urgent question or maybe not even so

[00:51:32] urgent it's not a good look to wait days to get back to them if you are the vendor interfacing with the MSSP it's really the same thing and this might be maybe it's to

[00:51:51] draconian or rigid for some folks but in my mind yeah I think same-day communications are vital and if it's not going to be same day because there are reasons things do happen sometimes it

[00:52:07] takes longer to address a question but just letting the other side know that you're working on it that they've been seen even if it takes a couple days for a full answer I think

[00:52:23] that's really the key showing that you're there you working on it and you see them absolutely a hundred percent you can't leave the other side hanging and so there you go again perfect illustration of how it seems to so often come back to the notion of communication

[00:52:43] just another perfect example of that right there normally this would be the point of the show in which we would also give you our relevant pitch of the week but we're a little short on time

[00:52:53] this week so we're going to wrap things up a little extra early today but I would really love to thank once again my guest fill in host billbrenner from the cyber risk alliance for being with us today

[00:53:06] thanks for swooping in and fairly last minute assignment and providing us your expertise and perspectives today really greatly appreciated we hope we can have you on again soon to to share some of your thoughts one more time we're going to continue our

[00:53:23] i-deneverse coverage next week as well as i'll be conducting an interview from the actual convention with our guest for next week as we explore some additional issues surrounding identity and access management but in the meantime we're going to go

[00:53:43] but uh do not despair because we will be back again next week with episode number 24 meanwhile feel free to check out even more cybersecurity podcasts content on the sc media MSSP alert and channel e-dee websites until next time i'm Bradley Barth please reach out to us

[00:54:01] VR showpage with your comments questions and insights all about the business of cybersecurity we'll keep the conversation going on the next episode of cyber for hire your inside source for cyber outsourcing