21 April 2019

How Secure are the Passwords your MSP uses?

How Secure are the Passwords your MSP uses?

How does your IT managed service provider (MSP) secure the passwords they use to access your systems?

Despite cyber-security concerns, few clients know where these passwords are stored or how often are they updated.

With IT security, it’s what the client doesn’t see, that can matter most

Protecting Passwords

First Focus, a leading MSP in Australia and New Zealand, identified that strong password management was a fundamental business priority. Over 5000 passwords for client accounts and systems were being held securely, however, the process was more manual than ideal.

The Thycotic Secret Server system was chosen following in-depth trials of four centralised credential and password management systems. The key to Thycotic’s selection was its level of automation, auditing, usability, and time-saving capabilities.

First Focus were one of the pioneers in Australia and NZ in taking security technology for privileged account management that’s used by the biggest and most secure companies in the world, and applying this to managed customer networks.“ said Kris Hansen, MSP Sales Director at Thycotic.

Dan Maker, project lead with First Focus, explains the importance of password automation.“The other providers we looked at were very good at password storage. The big difference was Thycotic’s automation engine means we can automatically update passwords, for example, every month or quarter. You don’t want to have the same password forever, you want to change it periodically and Thycotic can manage that very well.”

Removing Human Error

Moving all of the passwords into the new system was a major project, with further automation work planned. However, implementing Thycotic means the service desk will no longer change passwords or need to check any interdependencies manually, leaving no room for human error. Time savings for service staff and clients have been achieved through faster access to accurate, individually managed passwords.

Detailed audit reporting provides additional security, with every user action involving a password recorded, including the system and time accessed. These records provide important protection for clients and accountability for current and former First Focus staff.

First Focus believes that one of the key differences between MSPs is the quality of the internal processes and the systems used. Those systems may not always be visible to clients, but like password management, getting it right is critical.