Product Webinar

Join our round-up webinar for feature demos, Q&A with the product team, and a sneak peek at what’s next.

July 22nd, 12PM EST

THE BUGLE
blog logo
Resources
BOOK A DEMOGET STARTED FOR FREE
MSPSTARTUPMARKETINGOPERATIONS
Resources
Write for the Bugle
THE BUGLE
Search
The Bugle
Categories
Library
DEMOGET STARTED FOR FREE

The ideal security stack - part one

author

Joshua Liberman

Illustration: Ram Prasath

cover

In this series, we take a look at getting security right for MSPs’ clients. The first article in the series is focused on visualizing the challenges presented by different types of clients.

Some of your most important decisions as an MSP will concern securing your sites. No matter what you get right, if you get the security wrong, you lose. But getting that stack right is complex and growing more so all the time. However, like any other complex task, the first thing to do is to build a process you can follow in order to analyze the challenge, design a response, and execute upon it. 

We will start by conceptualizing several different types of clients. Next, we will consider whether to tier our services or build a single, comprehensive solution. Then we will discuss the actual components of the stack. Finally, we will discuss the limitations of these choices. But now, let’s start out by visualizing the challenge(s) we are responding to.

Start Conceptually

The first step is to analyze how they do business. Are they on-premise, cloud-centric, or somewhere in the middle? Is local data protection their paramount concern or is most of that data elsewhere? Is protecting endpoints you rarely, if ever, see the most critical issue? Are these assets real (that is hardware) or are they virtualized (hosted)? 

Next, you will need to identify and enumerate just what you are protecting. This is quite a bit more challenging than you may realize, especially with today’s work from anywhere reality. The very act of identifying the resources and data locations is one of the hardest things to get right as challenges continue to evolve and as the resources change over time.

Finally, you’ll want to consider data pathways protecting not only endpoints and cloud, but the way they do business (in IT terms) and how to best armor those data paths. Options like going with SSL VPN vs. proxied RDS connectivity, setting up SAAS monitoring and alerts, engaging a SOC or SIEM, and looking out how and to where they move their data are a good start.

Premise?

For those still working largely on-premise, you will have servers, endpoints, and infrastructure to secure. But even the most premise-centric organizations also have M365 endpoints to secure with backup, filtering, and log reading and response. You will also have a standard perimeter to protect with solutions such as a UTM firewall and log reading and response services. And you can’t forget to secure WiFi, IOT devices, and remote access. Finally, no premise-based security solution is complete without truly comprehensive BCDR (Business Continuity and Disaster Recovery).

Cloud? 

There are some of us protecting clients that truly are all-in cloud shops. Azure, M365, WVD, maybe even Windows 365. Some of these clients never really had a premise shop and truly were born in the cloud, while others have made that migration over the past few years. For operations like these, especially those using virtualized endpoints, the concerns are different. There is no traditional perimeter, endpoints are virtual not physical (mostly), and BCDR is more of a SAAS protection play. Endpoint focused SASE solutions may be the best answer here. 

Hybrid?

Of course, most of us are supporting businesses with both premise equipment and a substantial cloud footprint, not to mention both local and remote users. We may have some clients with virtually no premise footprint and some that barely use the cloud. These hybrid sites are often the most demanding, as we must bring both premise and cloud “mind” to bear. You will require conventional premise defenses such as MDR and firewall log reading and response, as well as more cloud centric services such as SAAS alerting. 

Related reading: Cybersecurity tips for MSPs

Where’s the data?

Once you have a handle on these basic issues, and you’ve identified the nature of their business, you need to look for the data that needs protecting. Premise-based operations, at least notionally, have their data in one place, on their server(s). Cloud-centric companies store much or most of their data hosted somewhere. And hybrid operations obviously have data in several locations. Ultimately, you will find most companies are hybrid operations with data in widely disparate locations, some of which they are not even aware of.

And the data pathways

This is a new concept for many, but part of protecting any business, no matter how centralized or distributed its operations are, is identifying and protecting its data pathways. While on-premise networks make identifying these pathways easier, they present many challenges. There will be local data access, likely both wired and wireless, remote access into a premise location, by means of either SSL VPN or proxied RDS. And you will have access to hosted data, whether in public or private cloud(s), and, of course, M365. Cloud-centric practices, especially those built on virtualized desktops present entirely different paths to protect. Again, you’ll probably find that most of your sites are hybrid in nature.

The Final Analysis

Using this framework of analysis, enumeration, and data pathways, you can now move on to designing the appropriate solution stack to protect your client sites. Of course, none of us is likely to serve only one type of client. And that leads us to the next part— do you build one stack to rule them all, or tailor your solutions to each site? Stay tuned.

authorImg

author

Joshua Liberman

President and founder of Net Sciences, Inc

Joshua Liberman is President and founder (in 1996) of Net Sciences, Inc, New Mexico’s most security-focused MSP. Joshua is a former rock and ice climber, martial artist, and lifelong photographer. He has traveled worldwide and speaks five languages. Heidi, his wife, calls him the most interesting geek in the world.

read moreicon

SHARE THIS ARTICLE:

0

The Most Trusted 

PSA-RMM Platform

for Modern MSPs

1
Group 184249.svg

No Contract

Group 184250.svg

No Credit Card Required

Group 184251.svg

Reliable 24/5 Support

rating-img
2GET STARTED NOW

SUGGESTED STORIES

0
Cover

ai

|

operations

|

msp

|

How close are we to a truly autonomous RMM?

Is the next step of RMM evolution truly autonomous?

Manish Balaji

3 min

1
Cover
A Unified Approach to Backup and Disaster Recovery for MSPs with the SuperOps and Axcient Integration

This integration is built with one core purpose: to empower MSPs with a unified platform for deploying, monitoring, and managing backup software—without the need to toggle between multiple tools.

Lakshmi Madhu

2 min

2
Cover
The cybersecurity wake-up call for schools: How you can stay protected

Schools and universities are now top targets for cybercriminals, facing rising threats like ransomware, phishing, and data breaches. With limited resources and growing complexity, education IT teams must rethink their approach to cybersecurity.

Sai Manasa

3 min

Powered by AI Superpowered for IT Pros

SuperOps

About usOur philosophyFeaturesPricingMarketplaceCustomersNews roomCareersContact usAffiliateResellersTech partnersEvents

Platform

PSARMMProject ManagementIT DocumentationAIFor IT teams

Resources

CommunityBlog - The BugleSuperPodSuperPod BytesBooksHelp CenterRoad to 1 millionTemplatesWebinarsStartups
Marketplace
SplashtopTeamviewerConnectwise ControlXeroWebrootQuickbooks OnlineQuickbooks DesktopPax8
Features
Asset ManagementPatch ManagementAlert ManagementPolicy ManagementIntelligent AlertingService DeskQuote ManagementAutomationClient ManagementContract ManagementNetwork MonitoringMobile appSmart TrackerScheduling

Learn

Best RMM softwareUEM SoftwareBest Patch Management SoftwarePatch ManagerUEM VS EMM VS MDMMSP AutomationBest PSA SoftwareBest IT Ticketing ToolOpen source RMM

Compare

AteraSyncroNinjaOneDatto HaloPSAConnectwisePulsewayKaseya

Subscribe to our newsletter

Follow us on

social
social
social
social
social
SOC_LogoHIPAA_LogoISO_Logo

© 2025 SuperOps. All rights reserved

Terms of use
Privacy policy
Cookie policy
GDPR
Security

Contact us: +1 628-270-9924 | +44 20 4525 2090

Powered by AI Superpowered for IT Pros

© 2025 SuperOps. All rights reserved

SuperOps

About usOur philosophyFeaturesPricingMarketplaceCustomersNews roomCareersContact usAffiliateResellersTech partnersEvents

Platform

PSARMMProject ManagementIT DocumentationAIFor IT teams
Features
Asset ManagementPatch ManagementAlert ManagementPolicy ManagementIntelligent AlertingService DeskQuote ManagementAutomationClient ManagementContract ManagementNetwork MonitoringMobile appSmart TrackerScheduling

Resources

CommunityBlog - The BugleSuperPodSuperPod BytesBooksHelp CenterRoad to 1 millionTemplatesWebinarsStartups
Marketplace
SplashtopTeamviewerConnectwise ControlXeroWebrootQuickbooks OnlineQuickbooks DesktopPax8

Learn

Best RMM softwareUEM SoftwareBest Patch Management SoftwarePatch ManagerUEM VS EMM VS MDMMSP AutomationBest PSA SoftwareBest IT Ticketing ToolOpen source RMM

Compare

AteraSyncroNinjaOneDatto HaloPSAConnectwisePulsewayKaseya
SOC_LogoHIPAA_LogoISO_Logo

Subscribe to our newsletter

Terms of usePrivacy policyCookie policyGDPRSecurity

Follow us on

social
social
social
social
social

Contact us: +1 628-270-9924 | +44 20 4525 2090