Company looks to be more proactive and transparent
ConnectWise is enhancing security testing and processes earlier in the software development cycle and is expanding the role of third parties in strengthening its security posture.
The Lowdown: Officials with the managed service platforms and portfolio company on Friday said the moves were made as part of its “shift left” strategy of being proactive in its security efforts, including incorporating security early when developing software to head off threats and other issues.
The Details: The secure-by-design practices include threat modeling, abuse case development, automated testing coverage, and tighter integration between security and code delivery pipelines. ConnectWise also is bolstering its vulnerability management with a form bug bounty program, which includes continuous testing by multiple individual testers with an array of expertise to harden the security of the software.
Transparency also is part of the company’s security push. It recently launched the first version of its Trust Site, which serves a source of information for ConnectWise partners and the MSP community on a range of security, compliance, and privacy issues. The company also is planning to create a section for security bulletins outlining alerts, product vulnerabilities, critical patches, and updates. Users also will be able to sign up for notifications.
In addition, the site will allow for people to responsibly disclose vulnerabilities.
The Impact: ConnectWise’s security enhancements come at a time when the channel – and MSPs in particular – are under increasing threat from bad actors who see service providers as a single access point into many of their customers. The FBI and Department of Homeland Security warned MSPs and cloud providers almost two years ago about the threats.
Background: ConnectWise has been putting a focus on security. In January, the company took several steps to strengthen the security of its ConnectWise Control remote desktop software in the wake of a security consultancy finding flaws. The increase security push also comes as ConnectWise moves to buy rival Continuum.
The Buzz: “With the current cybersecurity threat landscape in our industry, everyone is a target. Hundreds of software providers, thousands of MSPs, and the millions of SMBs those MSPs support are all at risk,” ConnectWise CEO Jason Magee said. “That means that all of us have a part to play in combating those threats – and that includes ConnectWise. We take trust and transparency seriously, and it’s important that our partners understand the steps we are taking to push them and the entire industry as a whole to be more secure.”