We, like most CSP’s get leads directly from Microsoft. These leads generally consist of potential customers looking for Cloud products, email security, and professional services related to Microsoft. Occasionally we will get a lead from a customer that has used a CSP before but had a bad experience. There are CSP’s and MSP’s that do not have all the necessary security practices in place, and unfortunately, when CSP’s are breached, so are their customers.
Why Finchloom is Different
We are a direct CSP only dealing in Microsoft Products. We adhere to all Microsoft specific security protocols as we only operate in the Microsoft space. MFA and single delegated admin access are just the baseline. We are a Gold Partner offering all above-board practices when it comes to security. Every year Finchloom has an annual audit to ensure that not only we are secure and compliant, but in turn, our customers are as well.
At Finchloom, we value the security of our customers, and take many preventative measures to ensure that they are, and stay secure. We DO NOT create accounts in customers tenants that are shared by our employees, a practice that we have heard about far too often.
Old CSP Practices
Last week, we heard from a customer that was upset because their CSP was breached. Partners are a weak link, we have access to many customers, and are targeted because if we are breached the hacker not only gets access to us, but could also potentially access our customers information if we lack proper security. Customers are focused on securing their own companies, and if their partners are not secure as well, it may all be for nothing. Here at Finchloom, we take several measures to prevent this.
Old MSP and CSP’s
There are practices that are no longer allowed by Microsoft. You, as a customer need to be aware of what your CSP is doing regarding your tenant because it can impact the security of your business. Below I have listed a few poor practices that we have heard about recently.
- Create shared accounts in the customers environment
- Some CSP’s create their own shared accounts in customers tenants. For example, I (as an example of bad practice) go into a customer’s tenant and create a new user and password. I give that account global admin rights. Once this in in place, I then share the password with my coworkers as the account used to manage X Company as a CSP. Now, all the CSP employees know the username and password to access the admin of the entire company. To combat this, we use delegated partner admin access, an authorized channel through Microsoft. This access gives us the rights we need to provide subscriptions to customers and support their tenant. We do not go in and access our customers data unless we are explicitly asked to.
- Companies use the same password across different accounts, even if it is a shared or named account.
- Other CSP’s might use the same domain and password across multiple company accounts. For example, using eassalley@company1.com, eassalley@company2.com, etc. with the same passwords allocated to each account. If one is breached, all are at risk.
- Open remote access to servers
- If you have servers, MSP’s will sometimes add an agent onto them to monitor what is going on, back them up, and access remotely for patches. This needs to be controlled because the agent has full access to the server. We do not use agent-based server management. At Finchloom, we move servers into Azure. Once in Azure, servers are managed natively within Azure for backup, patching, and monitoring. No 3rd party agents are installed on your servers. Typical remote access is done over RDP port 3389. This requires you to open that port to the internet which has recently been a problem. We differ because we put the servers in Azure, and utilize a secured network to access Azure first before getting onto their server. We can utilize a site-to-site VPN to access environment securely without opening the servers port to the internet.
Make Finchloom your CSP
Do you know your CSP’s security practices? Are they maintaining their data, and in turn your own? Finchloom is proud to utilize state-of-the-art security practices. We put the security of our customers first, and in doing so protect ourselves for our customers sake. If you want to learn more about how Finchloom differs from our competitors in terms of security, request a Free Consultation!