This post may seem a little out there so please get your tinfoil hats. We have been an Itarian user for over 3 years and it provides some very powerful tools that helps us effectively support and secure our customers.
Let me preface my questions with my understanding of some things; admitting my understanding may be flawed in certain areas:
- Itarian staff have access to our dashboards
- Itarian performs most, if not all, product development outside the US
- Itarian does not provide audit logs for connections from remote tools such as remote control or file explorer
Having that as a backdrop, how can we as MSPs that utilize Itarian be sure that staff at Itarian are not using the system to compromise our customers? This is a concern with any RMM product. We as the MSP must trust our vendor and that they will not utilize their systems against us.
Even if Itarian provided audit logs of remote connections, could you fully trust those? Wouldn’t Itarian have the ability to sanitize those logs before sending them out?
So to my questions:
- How can we as the MSP verify/prevent that Itarian staff are not utilizing the tools without our knowledge/consent?
- Have any MSPs seen security breaches across a subset of customers that cannot be explained? Did an end user’s personal information get released and there is no explanation of how that data was accessed by the attacker?
- Would you trust management audit logs from your RMM provider?