Under this subscription model, the client or customer is the entity that owns or has direct oversight of the organization or system being managed whereas the Managed Services Provider (MSP) is the service provider delivering the managed services. The client and the MSP are bound by a contractual, service-level agreement that states the performance and quality metrics of their relationship.
Thank you for shining a light on this systemic vulnerability. I don't think organizations realize that, in many ways, they inherit the security of their service providers. As another commenter noted, the RMM is overdue for radical reinvention. Security-minded MSPs may need to think about delegated access to customer environments, privileged access workstations, or other methods for remotely administering customer environments without that big fat one-to-many target that RMM represents. I think the MSP tooling ecosystem is general is problematic - MSPs design for scale and efficiency (making them an economical option for customers as opposed to hiring internally), but do I really want my password manager integrated into my RMM? Maybe not... There's a lot of market share out there waiting for MSPs that can develop real cybersecurity maturity.
At Ziptech Services we focus on designing, implementing and supporting computer networks for growing and mid-sized businesses. We provide straight talking business computing expertise for growing UK businesses and charities. Not for home … Virtualization, Office 365, Managed IT, IT Consulting, Hyper-convergence, Data Storage ... SonicWall, SolarWinds, Parallels, Microsoft Gold, Dell, ConnectWise ... Jim Simpson