Network Security

The Elephant in the Room - Election Security

The recent revelation by the Senate Intelligence Committee concluded that election systems in all 50 states were targeted during the 2016 election by Russian operatives. This should come as no surprise considering 2016 was likely only a reconnaissance mission. The stage is set for deeper and more insidious intrusions to grow over time without significant investment in election security. 

We need to acknowledge that the technology which gives us unprecedented access to one another through constant news updates, the ability to control home appliances and yes - even voting - are all lucrative targets for both individual hackers looking to make money and state agencies wishing to sow discord. In many ways, our greatest technological achievement of the past half-century has also become our Achilles heel. 

The sad fact is that the perpetrators don’t necessarily have to do much other than claim access those systems to create a sense of distrust in the security of the election system. Without changing a single vote, the mere knowledge that they claim to have accessed the system creates doubt and uncertainty regarding the outcome of the election. On top of that, the reality is that the majority of potential paths to a successful intrusion can be prevented with security enhancements that exist in the market today.  

  Election interference has the potential to do more than just throw results into doubt, it could also destabilize our democracy as we know it. In an age of misinformation, foreign-state sponsored propaganda and doubt, one of the few things that Americans are able to count on is the legitimacy of our elections. Without appropriate attention and investment that will be thrown into question as well, something we simply can’t afford in the current climate.

Fortunately, there are a series of common-sense steps we can take to increase our election security and strengthen our system. First, a uniform standard needs to be adopted for the security of voting machines and the networks on which they operate. A good baseline is the NIST Cybersecurity Framework which is widely considered to be the gold standard for security in the industry. A 2002 law called HAVA (Help America Vote Act) tasked NIST with creating voluntary guidelines for election machine security. While not as comprehensive as the Cybersecurity Framework, at a minimum these must be made mandatory. 

Secondly, voting machine manufacturers must be held to a higher standard. Since 2016 we have seen multiple instances of manufacturers recommending officials set up voting machines with less than optimal security practices. This must change. Not only in terms of the security controls which they recommend but also the ones they implement on their own networks. Supply chain security is critical. Default passwords, insecure networks, and lack of security consciousness are not acceptable for companies that work on critical election infrastructure. 

Finally, these rules and practices must be enforced just as rigorously and with as much emphasis as other security regulations such as PCI, HIPAA, HITECH, NERC, and FERC among others. The sanctity of our elections is too important for anything less. We have the tools, technology, and knowledge to solve the problem - now all that is required is the will. As a society, we have all been taught to treat emails, downloads, and phone calls with some modicum of suspicion. If we lose the integrity of our elections we will be forced to treat them with the same misgivings. 



Choose a Partner, not a Vendor

Choosing technology vendors for your MSP can be a challenging endeavor. Vendors tend to be full of grand promises of partnership, simplicity, and lead generation. Unfortunately, in many cases, once the contract is signed these promises quickly morph into monthly high-pressure sales calls. So how do you go about selecting vendors who will treat you as a partner rather than a customer? Below are five questions you can ask to help discern a dependable partner-focused vendor from those that see your MSP as nothing more than a line item on their P&L. 

 

1. What benefits does my MSP receive?

This is the most critical question to ask a prospective vendor. A vendor with any experience in the Managed Service Provider market should have a well thought out partnership program with numerous benefits. At a minimum, these should include: 

 

·     Lead Generation and Referral 

·     Training and Implementation Assistance

·     Webinars and in-person events

·     NFR License to test out the product

·     A sounding board that is not tied to a consulting cost

·     Co-Branded Marketing that is not tied to a quota

 

2. Do you set minimum quotas for your partners?

Unfortunately, in the MSP vendor space, many companies have taken to setting minimum quotas for their MSP partners. Even if these quotas are easy to meet at first, this can cause significant problems down the road, particularly in the event of a recession or other unforeseen event that disrupts the sales lifecycle. We recommend choosing vendors when possible that are flexible and willing to work with your MSP, rather than mandate targets. 

 

3. Do you allow a transfer of licenses?

In some cases, you may purchase a license from a vendor, only for the client you bought it for to go out of business or choose a different MSP. A flexible partner-focused vendor should allow you to transfer this license to a current paying customer. The last thing you want is to be stuck paying monthly for a license that is no longer generating revenue. Additionally, a vendor that is reluctant to allow you to transfer licenses is likely to be more revenue than partnership focused, which could mean a bad fit for you. 

4. Can you provide references from other happy MSP customers? 

Any experienced MSP vendor should be able to point out numerous success stories after working in the Managed Services Market. If they fail to do this when asked, or attempt to demure, this may be a strong indication that they would make a weak partner. A lousy vendor can cause just as much if not more trouble for your MSP than a bad hire.

 

5. How is your product priced? 

Implementation Fees, Onboarding Fees, Partnership Fees, Training Fees – the number of fees that vendors charge is infinite. A good partner-focused vendor will make their pricing as simple as possible to provide an excellent experience for their customers. Beware of vendors who have complicated fee structures that aren't easily understandable at first glance. This can make billing a nightmare and dramatically overcomplicate the partnership. A good rule of thumb is: if you can't get a complete picture of how much it will cost to deploy the solution to a client within a 5-minute conversation, it may be best to find a different partner. 

 

Vendor relationships are incredibly significant for Managed Service Providers. A weak vendor can cause untold difficulty, lost time, and extreme expense. Conversely, a partner-focused vendor will seek to grow with the MSP and will work hard to make sure that the service provider has the best experience possible. Don't get lulled in by false promises - ask the hard questions before the contract is signed to make sure you pick a vendor that will enhance your business.