Virtualization Technology News and Information
VMblog's Expert Interviews: SiteLock Talks How MSPs Can Make Their Case for Comprehensive Site Security

interview sitelock 

Forty-five percent of website owners believe their website security is being handled by their host, and 25 percent of website owners are unsure.  Website owners don't know that site security is their responsibility, and in the instance of a breach, hosting provider's hands are clean while the site owner is left confused. 

But MSPs can help flip the script.  I spoke with David Mason, Inside Channel Development Manager at SiteLock, to learn how MSPs can show site owners the value in their own site and help educate site owners on the importance of website security and whose job it really is to protect those sites. 

VMblog:  In what ways do website owners accidentally increase their own risk of attack?

David Mason:  There are several ways a site owner is increasing their own exposure to an attack. Two common risks include an outdated core content management system (CMS) software and third-party plugins. Each contribute to a website's increased risk for attack and are not top of mind for the average website owner. 

For example, we can compare a website to a house. An outdated CMS is similar to a crack in the foundation. Relying on outdated third-party plugins is like having windows that don't lock. Ultimately, a website requires maintenance just as a house does. Website owners must regularly inspect their website to ensure everything is up to date. 

VMblog:  Why isn't it the host provider's responsibility to warn site owners of these vulnerabilities?

Mason:  Most owners host their websites in a shared hosting environment. The site owner is essentially renting space from the host. Similar to an apartment complex, the host is responsible for keeping the overall environment safe and clean, but the website owner is responsible for locking their doors and windows. The hosting provider may warn a site owner if there is a vulnerability, but it's often too late. It's best if website owners take a proactive stance to ensure that any vulnerabilities are identified and handled before they can cause damage. 

VMblog:  What do MSPs have to gain from pushing website security?

Mason:  MSPs are trusted advisors. They provide guidance for their clients on the tools needed to secure their infrastructure, such as antivirus solutions for their laptops and desktops, and endpoint security. Website security is a growing area of opportunity and a crucial piece of a client's security infrastructure that is frequently overlooked. By including website security in their offerings, MSPs cement their status as trusted advisor and further strengthen their client relationships. 

VMblog:  What actions could MSPs take to increase consumer awareness or curb unknown threats?

Mason:  The products and services that MSPs offer must deliver real impact for their customers, as their reputations are on the line. MSPs should include website security as a part of their education efforts and product offering so their clients can implement a comprehensive security ecosystem. 

VMblog:  What are some of the best practices that individuals can adapt to ensure proper site protection, regardless if they are warned or not?

Mason:  The best course of action is to take a proactive stance. Make sure that all core CMS systems and third-party plugins are up to date and that any unused applications are removed. It's also recommended to have a website scanner that can help identify any malware or vulnerabilities, as well as a web application firewall (WAF) to help block any threats. 


Published Thursday, March 15, 2018 9:24 AM by David Marshall
VMblog's Expert Interviews: SiteLock Talks How MSPs Can Make Their Case for Comprehensive Site Security - EMC VMAX - (Author's Link) - March 16, 2018 2:16 AM
VMblog's Expert Interviews: SiteLock Talks How MSPs Can Make Their Case for Comprehensive Site Security - EMC VMAX - (Author's Link) - March 16, 2018 2:16 AM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2018>