From The Microphone

Welcome to the MSP Radio newsletter, catching you up on some stories you might have missed! Each week we'll pull a few stories from the podcasts, give you highlights and insights, and make it easy for you to catch up on the latest news and commentary.

Share the newsletter and podcast with your colleagues, and help change the conversation around delivering technology services.

You May Have Missed...

Updates on the Right To Repair

From Friday, Feb 8th's Business of Tech Podcast: First, Motherboard has reviewed the contract for Apple’s Independent Repair Provider program, which is intended to allow independent repair shops to purchase parts, tools, and diagnostic services from Apple to repair its hardware.

From the piece, quote “In order to join the program, the contract states independent repair shops must agree to unannounced audits and inspections by Apple, which are intended, at least in part, to search for and identify the use of "prohibited" repair parts, which Apple can impose fines for. If they leave the program, Apple reserves the right to continue inspecting repair shops for up to five years after a repair shop leaves the program. Apple also requires repair shops in the program to share information about their customers at Apple’s request, including names, phone numbers, and home addresses.”

The contract raises questions such as “will Apple stand behind its products sold through these stores”, “how much can Apple really audit”, “what constitutes counterfit”.

Second, listener Keith Schoolcraft brought to my attention the testimony of CompTIA’s Director of State Government Affairs at a hearing in Washington State on proposed legislation around the Right to Repair, in this case legislation SB 5799.    In video testimony available in a link online, CompTIA testified against the bill, QUOTE “on behalf of our 2000 members”.    I’ve included a link to the testimony, as well as Keith’s opinion piece on the matter.

Why do we care?

There’s a real battle going on around the right to repair.

I’m personally very “pro” right to repair. I own a lot of gear, and in particular, have a hobby of collecting and fixing up old retro video game gear.    I can see a world where that becomes illegal based on the kind of lobbying going on by large technology companies.

Now, today’s angle.    I’ve been talking a lot about “getting involved”.   For many of the listeners of this podcast, I suspect you are both a member of CompTIA… and not even aware they are lobbying this way.

Don’t like it? Yeah, speak up.

Because, for the record, I don’t like this.   CompTIA, you’re wrong, but more importantly, if you can’t accurately represent your actual total membership, including all of those independent shops and people you certify, you should stay out of this fight.    You do not speak for me as a member, for sure.

An MSP's details were on sale on the Dark Web

Huntress Lab describes their interaction with a cybercriminal on the dark web who was selling access to a managed services providers online Control Panel

Shadow IT and Shadow IoT

From Monday, Feb 10th's episode: Shadow IT, the trend Jay McBain at Forrester loves to bring up, has some new data… and this time, it’s Shadow IoT too.

1Password recently conducted a survey of adults who work with an IT department.   64% of respondents report they have created at least one account in the past 12 months that IT department doesn’t know about.    Security is often an afterthought, with passwords shared between end-users informally.

Adding to that Infoblox has research showing that most enterprises had more than 1,000 connected devices to their networks, and about 80 percent of IT leaders reveal they have identified shadow IoT devices, like wireless access points, on their infrastructure.    At least 46 percent have discovered up to 20 shadow IoT devices over the past year, and 29 percent of organizations saw more than 20.

Some good news – companies take the risk very seriously, and Eighty-nine percent at least have some type of security policy in place for personal IoT devices connected to their network.

Why do we care?

This highlights the disconnect between users and IT.    It starts with education, so users understand the actual business risks that come with devices.

Smart organizations are moving to a highly untrusted system, where most users and networks are explicitly untrusted.   In many cases, 80% of users can be external to the core systems rather than internal, and the focus becomes protecting the key assets of the business and ensuring that access is only as required and minimal.   This can make a significant difference for organizations, but is not the “default” approach for many.

Special Episodes of the Podcast

This week past week, three special episodes of the podcast were released, bringing some unique perspectives to the podcast.

On Wednesday, CJ Arlotta brought perspective to the recent security stories, and specifically, ransomware.
On Thursday, Jim Roddy reviewed the recent survey around Sales Compensation
On Friday, TC Doyle interviewed Carolyn April about CompTIA's 2020 Industry Outlook report.

Check out these great episodes of the show.

Podcast

The Business of Tech

Are you subscribing to the Business of Tech podcast? Each day, the flood of technology news hits. In an industry that always changes, finding focus on the important things is critical. The Business of Tech podcast focuses on the news you need to know and why. Subscribe now to get this 5 minute podcast in your favorite podcatcher.

Upcoming events!

Catch these upcoming educational events!

Making Ethics Pay in a World of Distrust and Big Tech
- March 9-12, 2020 at the Venetian & Sands Expo in Las Vegas, I'll be presenting this unique keynote address, as well as participating on another panel and moderating a third. Use promo code SOBEL to save on your registration. Would love to have you there.