00:09:27 Rob Danser: https://attendee.gotowebinar.com/rt/8568983811519451147
00:10:42 Rob Danser: https://members.trumethods.com/step/trumethods-joins-it-glue-qa-with-gary-and-bob/
00:12:50 Biren Shukla: We use it and have signed it for several years now.
00:12:51 Derek Gabriel: lol, I would full on consult a lawyer
00:13:28 Jared Belcher: We use it - no idea what the implications would be legally either.
00:13:37 Sara Geiser: same here
00:14:56 Derek Gabriel: most likely haven't read it... we work with a risk management team, who are law professionals and they review contracts like this for us and give advice. They work nationally, if you need a referral, let me know.
00:15:13 Charlie Siegel: sure, that would be great
00:16:06 Derek Gabriel: Customers sue everyone, and whomever has the most money ;)
00:17:13 Biren Shukla: @derek I would love too get the referral.
00:17:17 Derek Gabriel: Also, and not lawyer, but things buried in TOS and fine print, especially for SaaS products, are frequently thrown out in court, because it's unreasonable
00:18:37 Bill Taylor: Better
00:18:45 Dan Seafoot: This sounds awful
00:18:58 Dan Seafoot: (not your mic.... suing everyone)
00:19:05 Jorge Viveros: Haha Dan is in Canada
00:19:08 Jorge Viveros: they don't have to deal with this
00:19:08 Bill Taylor: Good timing though Dan
00:19:30 Dan Seafoot: Too true, Jorge
00:19:37 Andrew Millington: "Sorrrrry; you've been served."
00:19:45 Andrew Millington: -Canadian Process Server
00:20:07 Rob Danser: lol
00:21:48 Mark Lacerra: https://aws.amazon.com/compliance/shared-responsibility-model/
00:22:32 Carmine Tiano: I'm in Toronto we sue everyone
00:22:35 Carmine Tiano: :)
00:23:05 Jared Belcher: Takeaway from today's call - sue early and often!
00:23:18 David Griffin: Here’s Microsoft’s - https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
00:25:05 Rob Danser: HAHAHA Jared don't let that get out :-)
00:29:36 Sara Geiser: our sales group are making them aware of our security "mandatory" needs like 2FA at the start of their conversations before they are clients
00:30:33 Biren Shukla: We have a HIPAA client that is declining getting MFA so we are having them sign a document to extricate us from all liability.
00:31:01 Dan Seafoot: yeah - the Hold Harmless document. We haven't used one with anyone yet
00:34:09 Neil Murray: Problem is that those documents will rarely stand up in court. The counter argument tends to be that the MSP didn't do a good enough job of explaining the risk as to why the tool is so important.
00:34:31 Derek Gabriel: extricate the liability, I like that word ;) .. .maybe also let's excommunicate the liability :D
00:34:33 Neil Murray: If nothing else, though, those hold harmless documents can be an eye opener that you're serious about it.
00:36:02 Derek Gabriel: @Neil - this is not what I've heard from our legal team, but YMMV and jurisdictions are all different, however, I'm not aware of any case law where an MSP did their due diligence, and a customer declined, but the MSP was still held liable.
00:37:53 Derek Gabriel: I am certain it's important to pair the declination of service letters with strong MSA and SOW documents .. again #NotALawyer (but have one on retainer lol)
00:38:22 Neil Murray: I don't know the US rates, but I know that here in Canada a signed document won't always hold up in court depending on how well it's argued. It was mentioned a few times in the TruMethods Cyber Security sessions though.
00:39:12 Joe Giltner: In space no one can hear you scream...
00:39:43 Rob Danser: hahhaa
00:40:04 Brooke (she/her) Smith: "Client expressed understanding of the risks" goes into EVERY single one of my tickets when these issues are discussed....
00:43:16 Jared Belcher: vLAN for the win with cameras and other network equipment that wants ports. Isolationism is the key!
00:43:59 Derek Gabriel: Talk to clients like 3 year olds or golden retrievers…
00:44:10 Bill Taylor: We're all in the expectation setting business :)
00:45:52 Derek Gabriel: yeah. we started providing Keeper for our customers - ESPECIALLY their exec teams
00:46:29 Tom Hogue 2: what’s the tool called?
00:46:45 Jorge Viveros: @Tom - LastPass, 1Password, DashLane
00:46:51 Jared Belcher: LastPass
00:46:53 Ian Thomson: Yes, we push our own standard solution, been through a few products, and its our key conversation right now with clients
00:48:22 Derek Gabriel: In addition we try to use Passwordless with Azure AD whenever possible and we bought a bunch of branded usb token keys which we give to client execs as well. Part of onboarding.
00:49:55 Jorge Viveros: https://www.getquickpass.com/
00:50:00 Odin Fuhrman: nice thank you!
00:52:30 Derek Gabriel: Dicekeys: Security keys you create by rolling dice https://www.crowdsupply.com/dicekeys/dicekeys
00:53:23 Derek Gabriel: we stared with MyGlue a couple years ago... it's weak. Users were frustrated, and Keeper and other FULL password management platforms have much more mature offerings for MSPs
00:53:38 Derek Gabriel: BUT I say if your choice is nothing or MyGlue, definitely offer MyGlue to the customers.
00:53:59 Derek Gabriel: Cup your ears Rob.. I'm talking shit about ITGlue ;)
00:54:14 David Griffin: Hahahaha
00:57:06 Ole Doc Steve: Actually ITG recently added vault to allow MSP to set the encryption key over default.
00:57:15 Derek Gabriel: we LOVE liongard
00:58:11 Jared Belcher: Liongard setup is definitely a task and management needs a lot of attention
01:01:26 Derek Gabriel: TruMethods has equal love ;)
01:01:48 Ole Doc Steve: liongard best on larger clients with complexity, dynamic clients, or long term client. Extensible but we aren't tapping full use.
01:01:58 Odin Fuhrman: ah crap I can't make it!
01:01:59 Derek Gabriel: happy to talk more about Liongard if anyone wants details … firstname.lastname@example.org
01:02:07 Odin Fuhrman: have fun next week
01:02:10 Odin Fuhrman: have a great weekend!