What the Executive Order for Improving Cybersecurity Means for MSPs

In May, the Whitehouse issued an Executive Order on Improving the Nation’s Cybersecurity which laid the groundwork for the Nation’s response to the latest security breaches and sought to address the persistent and increasingly sophisticated malicious cyber campaigns threatening the public sector, the private sector, and ultimately the American people.

The order is aimed at improving the Government’s efforts to identify, deter, protect against, detect, and respond to these actions and actors. Last month, an additional memorandum was released. The July Memorandum, known as the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems focused further on protecting the Nation’s critical infrastructure from ransomware and other attacks.

So how will this order, currently directed at Federal Agencies and those IT and OT service providers who contract with the Federal Government impact the Managed Service Providers and Managed Security Service Providers serving the private sector in the weeks and months to come?

The May Executive Order mandates several requirements including that government agencies and departments make bold changes and significant investments in zero-trust architecture, software standards and more. While the memorandum from July sets standards for technology and systems used by private companies in food, energy, power and water.

While the trickle-down impact of this order could take some time to directly impact those providers serving the private sector and non-critical infrastructure (food, energy, power and water) customers, the order set the framework for encouraging the private sector to adopt similar measures – and experts caution that it’s only a matter of time before MSPs and MSSPs will be required to comply.

Impact to MSPs When it Comes to Cloud App Security

The May order states that the Federal Government must modernize its Cybersecurity including by increasing the Federal Government’s visibility into threats and must adopt security best practices; advance toward Zero Trust Architecture and accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) while centralizing and streamlining access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.

CISA (The Cybersecurity & Infrastructure Agency, which is part of the Department of Homeland Security) asserts Alert (AA20-245A) which highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. These are the steps which MSPs should be taking now to both protect their customers and to prepare for future mandates.

Specifically, this Advisory furthers the recommendations covered in the President’s Executive Order on Improving the Nation’s Cybersecurity regarding monitoring operations and alerts and responding to attempted and actual cyber incidents and employing automated tools, or comparable processes, that check for known and potential vulnerabilities and remediate them, which shall operate regularly, or at a minimum prior to product, version, or update release.

What Does this Mean?

It means that IT departments and IT Service Providers should be monitoring all applications, tools and devices that touch their operation to prevent or mitigate exposures.

Further, The Cybersecurity and Infrastructure Security Agency (CISA) released insights on Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses which details specific actions that every MSP should be taking.

CISA recommends the following mitigations and hardening guidance:

• Apply the principle of least privilege to customer environments.

• Ensure that log information is preserved, aggregated, and correlated to maximize detection capabilities.

• Implement robust network- and host-based monitoring solutions.

• Work with customers to ensure hosted infrastructure is monitored and maintained.

• Manage customer data backups.

Why is the Government Making these Recommendations?  

As Cloud and SaaS Application usage continue to dominate today’s IT landscape, it’s important that the user behavior associated with these popular applications be tracked and monitored. In many cases, IT professionals are properly securing traditional IT assets, like local networks, devices and servers, but are not yet keeping up with user behavior and configurations with the most widely used SaaS applications.

Top motivators for Cloud and SaaS app adoption, such as the ability to increase productivity and reduce costs is increasingly driving businesses to seek attractive alternatives to on-premise solutions.  Moreover, the global pandemic has dramatically shifted how people work and as a result, organizations have scaled up their use of Cloud and SaaS applications to support collaboration and productivity from home. This shift in the landscape has created a breeding ground for hackers and bad actors who will undoubtedly use the opportunity to cripple businesses, both large and small.

In addition to the governmental recommendations, SaaS Alerts recently released its inaugural SASI (SaaS Application Security Insights) report in June which shares additional recommendations in light of the growing threats:

• One recommendation for any technology professional is to monitor as many SaaS applications as possible to provide a full scope of security gaps and visibility of user behavior via cross correlation.
• It’s highly recommended that companies monitor file-sharing activity within SaaS applications and work with end users to ensure they terminate “old” share links, in order to maintain proper security hygiene and mitigate risk.
• Security policy changes providing individuals additional access or privileges is also critical to remediate. If a bad actor gains access to any environment, most will change security policies to give themselves a free pass to run wild within the application.