No one wants to hire a managed service provider only to discuss a “shared responsibility” model. But you’re always going to have to play a role in protecting your infrastructure.
Any participating organization has the opportunity to select the Trust Services Criteria that apply to them.
At Deft, we participate in all five.
A critical vulnerability has been made public for Apache’s Log4j Java-based logging tool. It allows an attacker to alter code remotely.
If your organization is using SolarWinds Orion, the CISA ED advises its immediate shutdown and partnering with an organization that conducts incident response to assess impact.