Security Insights from the Splashtop MSP Advisory Council

Splashtop security insights

Splashtop Talks with MSPs About Remote Support, Security, and the Changing IT Landscape

Splashtop and managed service providers (MSPs) share a common priority that’s core to both our businesses: great remote support tools.

An estimated 30,000 MSPs in the United States use Splashtop Remote Support and/or Splashtop SOS software to manage and monitor endpoint devices as well as provide remote IT and helpdesk support to their clients. Splashtop has long relied on the expertise of a handful of MSPs, who have provided us with valuable feedback on their remote support needs.

To help us get even more in sync with MSPs, we decided to formalize our relationship with some of our MSP customers, forming an MSP Advisory Council. The goal of this group is to help keep us up-to-date on MSPs’ challenges, insights, and ideas so we can better serve this important market.

Recently, we talked with the members of the MSP Advisory Council about a range of topics, including security, the role of VPNs in their clients’ operations, and how the COVID-19 pandemic has affected their businesses. The Advisory Council members we spoke with were:

  • Craig Cohen, president, and CEO, HCS Technology Group. HCS specializes in providing IT project management and support to clients that use Apple systems.
  • Ralph Joedicke, co-founder and CEO, goCloudOffice. goCloudOffice works with small businesses of 100 people or fewer—with law firms a specialty, along with biotech, software, and financial services businesses.
  • Evan Jones, CEO, Jones IT. Typical JonesIT clients are 50-250-user tech startups, SaaS companies, and other venture-backed businesses in the greater San Francisco Bay Area.
  • Ramin Keyvan, president and CEO, Rhino Network Solutions. Rhino is a full-service IT consulting firm with clients in broad-ranging industries, from doctor’s offices and schools to software developers and auto body shops.
  • Sarah Tenisi, CEO, TenisiTech. TenisiTech views their IT services as a strategic rather than a nuts-and-bolts service, with clients of at least 50 people but that most often falls in the 100-500 employee range.
  • Steven Walker, president, and founder, Fast Break Tech. Fast Break clients range in size from 2 to 100 people, including medical offices, CPAs, lawyers, associations, and nonprofit organizations.

Q&A With the Splashtop MSP Advisory Council

Here are selected highlights of Splashtop’s conversations with the members of the MSP Advisory Council.

Splashtop: Remote support is a big part of how you’ve always done business. But did the restrictions of the COVID-19 pandemic affect how you or your clients have operated during the past year?

Craig Cohen: Covid restrictions were a big surprise to many of our clients. For our K-12 clients, it was like “the sky is falling” because they had to switch at once to remote learning. But even for them, the pandemic just accelerated plans already in place. Things they hoped to implement over a 2-year time span we were able to get up and running in 4 days, from start to finish.

Ramin Keyvan: The first two weeks after the pandemic shutdowns began, our business went silent. It was kind of creepy. Then everyone woke up and realized, hey, we can still do stuff. And then things went crazy. We needed to provide solutions that would allow our clients to do exactly what they were doing before but from 100 different places.

Ralph Joedicke: Remote working was nothing new for us, because the whole premise behind goCloudOffice’s business is to be “your office in the cloud” for small businesses. But the pandemic created a paradigm shift for a lot of our clients. It took them being forced to work remotely to understand the advantages of working in the cloud. Splashtop remote access saved the day for a number of our clients when Covid hit. It’s super valuable.

Steven Walker: For about half our companies, the pandemic restrictions weren’t a big deal, because they were already set up for remote work. The other half weren’t ready at all. Companies doing things like medical billing the old-school way had more challenges, but we got them all sorted out.

Sarah Tenisi: For our younger clients, who started in the cloud, the pandemic shutdowns weren’t a big deal. Many of our nonprofit clients were exclusively using desktop computers, so they needed to scramble and order a bunch of laptops to enable people to work from home. Really, though, this forced them to make a transition that they’d be likely to make soon anyway. And with the right technology tools in place, all our clients were able to keep their businesses running.

Evan Jones: There’s not too much that’s different for us about the way we provide support now compared to pre-pandemic times. The biggest difference with Covid is that our clients are more concerned about the security of their endpoint devices with everyone working from home and using their own computers and servers.

Splashtop: There’s been a lot of news lately about high-profile breaches and other IT security issues. What are your clients’ top security concerns—and how are you helping them operate more securely?

Craig Cohen: Sometimes clients will reach out to us after they see some big security breach in the headlines. But mostly it’s up to us as MSPs to proactively point out what needs to be done on the security front.

Sarah Tenisi: IT is a highly trusted space, so if we can build rapport with our clients—and it can take a year to establish the relationship—they’re usually willing to turn over the reins and give us authority to handle their security. It means we become the security arms for their businesses.

Evan Jones: Ransomware is a hot topic in security, because it hits the hardest. Once someone is hit by ransomware, all the light bulbs go on and they get really serious about security. But still, not enough clients are asking us enough security questions.

Steven Walker: It’s harder to support security for people working from home, especially when the same computer they use for work could be shared by kids for schoolwork or by others in the home. If people don’t have two-factor authentication on their email, they leave themselves open to phishing, which can lead to ransomware or fraud.

Ramin Keyvan: In the old days, our big message was to back up data. Now things like ransomware are huge, and businesses have to be concerned about network security issues. For many of them, that’s just too big a topic to handle. They tell us, “I have a business to run.”

Splashtop: Among security experts and enterprise IT pros, a current model for security is known as zero trust—meaning instead of trusting that your security practices and protocols are working, you continually verify, reauthorize, and check everything. In other words: don’t trust, verify. Are your clients aware of zero trust?

Ramin Keyvan: The days of using computers without paying attention are gone. It’s important to adopt a zero trust approach. But most of our clients aren’t familiar with that term. We have to explain it to them, over multiple conversations. We have to convince them that they can’t trust what they read online. There’s a real psychological disconnect. Our response is, yes, it’s annoying and inconvenient, but you can literally lose your business if you don’t pay attention.

Evan Jones: Our clients aren’t typically familiar with the zero trust concept. We usually explain it as “the opposite of how things used to be”—meaning instead of assuming that any device connected to the corporate LAN is there because it’s allowed to be, you continually re-authorize access and re-authenticate devices and users.

Ralph Joedicke: Our small business clients don’t know the zero trust concept. And proper zero trust practices are expensive and can affect performance. We use monitoring technologies and techniques to improve their security without costing our clients too much. You need to find the balance between a strict zero trust approach and performance. It’s better to do what you can than to do nothing.

Craig Cohen: Zero trust adoption is like a trickle-down economy. Larger companies with bigger budgets, as well as those that absolutely require secure operations, want zero trust. Eventually, the wisdom of the bigger clients will trickle down to the smaller ones, especially when the larger companies enforce security compliance as a requirement for doing business with them. but right now the smaller companies don’t know what they don’t know.

Sarah Tenisi: Our clients have no idea what zero trust is. The problem with IT people is that so often we don’t know how to set aside our jargon. We talk with our clients about zero trust principles, but instead of using that term we talk about outcomes, shortcomings, and results.

Splashtop: What can the industry in general, and remote support providers in particular, do to make security easier and more effective for you and your clients?

Ramin Keyvan: I wish there were a way to just stop people from clicking on email or web links. Stop and take a breath before clicking, or call us first. It’s critical that real information be presented and not have it be lost in marketing speak. It’s important that all providers have a system at the back end that’s verified and certified for security, including things like SOC 2 compliance, which Splashtop has. And I like that Splashtop has two-factor authentication and force password changes every 6 months.

Evan Jones: We appreciate when remote support and other vendors publish exactly what they do for security, so we can try to poke holes in it and help fix things. Nothing is 100% secure, of course, but it’s important that companies disclose and remediate any breaches they experience. Open communication and immediate response are important. Being transparent. Security by obscurity doesn’t work.

Sarah Tenisi: I can tell you what we do. After years of begging and pleading with clients to institute multifactor authentication, then have some of them fall prey to phishing scams and ransomware when they ignore our pleas, we now say, either you do multifactor authentication and keep your security up-to-date, or we’re not the right fit for you.

Craig Cohen: Regulatory compliance is a big issue for many of our clients, including companies in the medical or pharmaceutical industries. Remote support providers need to make sure they support all the major security and data privacy compliance schemes, including HIPAA, SOC 2, ISO, and GDPR.

Splashtop: In the olden days, meaning a decade or two ago, VPNs (virtual private networks) were the go-to method for allowing corporate employees to work remotely. Nowadays, many companies still assume that VPNs are a necessity for remote work. What’s the status of VPN use among your clients, and what do you think about VPN technology in these modern times?

Ralph Joedicke: We don’t recommend VPNs as a normal setup; it’s required only in very specific situations, like when U.S. employees travel or work overseas. One of our clients in the financial services industry moved to Mexico. To meet industry regulations, she had to show that she was working from a U.S.-based IP address—which required setting up a VPN. But otherwise, there’s no good business reason for any small business to have a VPN.

Ramin Keyvan: We’re often asked if clients need a VPN when working from home. Our response is, “Is there a business or compliance requirement for VPN?” One of our clients in the mortgage business had a firewall-supported VPN, but they switched to Splashtop for remote access and found it easier use. It’s also easier for us to train them on. We don’t have to have conversations about the multiple steps needed to set up and use the VPN.

Craig Cohen: VPNs are a concern with BYOD (bring your own device), which is now more of the norm with so many people working from home. Even with password protocols in place, you can’t stop users from downloading things or personalization of their own devices that they use on the corporate VPNs. Although for bigger companies, there are new per-app, service-based VPNs that are stronger than before.

Steven Walker: It depends on what local database applications clients are utilizing to determine if they need a VPN or not. Using remote devices on VPNs could be safer by using two-factor authentication and not saving their password. A strong antivirus endpoint is also required for any BYOD device to access a company VPN.

Evan Jones: Many clients ask, “Should I have a VPN?” They’re not really sure what it is, but they’ve heard they might need it to support their people working from home. VPNs are one of our biggest nuisances. They’re buggy and problematic, they disconnect too easily, they make it harder for us to monitor the security of our clients’ systems—we find that those businesses that don’t require using a VPN are much happier.

Sarah Tenisi: Some of our clients still require VPNs, especially if they rely on legacy applications that aren’t available in the cloud.

Splashtop: OK, allow us to finish with a question directly about our business. Why did you choose Splashtop for your remote support capabilities, and how are you using our products today?

Ramin Keyvan: I first discovered Splashtop through a client that had office space across from Splashtop’s offices in San Jose. I remember thinking, “that sounds kind of cool.” Then several years later, an MSP colleague and good friend asked if I was using Splashtop. I contacted them, gave it a try, and now I use Splashtop remote support for all my clients. They do everything that the bigger remote access providers do, and at a fraction of a cost. Plus, they have much better tech support. If you find something that works, stick with it.

Evan Jones: There’s not much I could suggest to improve Splashtop for remote support. I also like that the company is very open to hearing our suggestions for new features.

Sarah Tenisi: We started using Splashtop as part of the NinjaRMM (remote monitoring and management) system. But we’ve heard that Splashtop now does many of the things we thought we needed an RMM for, so we’re going to start a trial license with Splashtop as a standalone product.

Craig Cohen: Splashtop replaced the RMM and other remote support tools we were using. We really like the way Splashtop actively engages with IT people. They tell us, “We know what we do well; tell us what we can do better” and then they improve things. They care about how we use their products. Support is part of their culture.

Steven Walker: We first encountered Splashtop through a chiropractic office that became a client, and they were using Splashtop to allow doctors to log into the treatment room TV and see the patient records already displayed. That process saved them minutes with each patient. Now we’re big Splashtop fans. Splashtop SOS is the best tool ever!

Splashtop: Thank you all for your time. This has been a really interesting conversation. And thanks to all of you for your efforts as part of the Splashtop MSP Advisory Council.


You might also be interested in:

Free Trial Banner on the Blog Bottom