MSP Blog Logo

Cyber Security

Business Growth

Sales and Marketing

IT Services


Empowering Your MSP Business to Grow and Prosper—One Post at a Time


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

The Empire Needed an MSP: BDR and Security Best Practices NOT followed in Rogue One: A Star Wars Story

Posted December 22, 2016by Joseph Tavano


Rogue One: A Star Wars Story is an international hit, grossing over 357 million worldwide in its first week and breaking the mold for the sci-fi space opera franchise. The untold story of the crack team of rebel commandos who steal the plans to the galaxy’s ultimate weapon—the Death Star—is being praised by audiences and critics alike for its innovative approach and its fearless direction.

After multiple viewings, when one has taken into account the new characters, impressive score and the overall thrust of the plot, it’s possible to relax a bit and think of other interesting concepts in Rogue One. From the perspective of an MSP, it’s interesting to think of the loss of the Death Star plans as a major data loss event for the Empire—essentially, a large scale organization with multiple (trillions?) of endpoints—and how their in-house processes failed. If only they had an MSP who could act as a galactic vCIO to provide up-to-date knowledge and expertise, the Empire may have withstood their security breach with their plans safeguarded and intact.

Let’s look at a few ways the Empire could have benefitted from an MSP.

Note: Before going any further, please note there are minor spoilers that follow.


Dependence on Physical Media

Data tapes? Really? Rogue One may have taken place “a long time ago in a galaxy far, far away,” but it’s hard to believe the Empire wouldn’t employ a cloud-based data architecture of any kind. All too often, major organizations are even today still relying on physical media to store and house their backed-up data instead of moving to a cloud-based solution.

In essence, the Rebel Alliance hacked their way into the Empire’s data center. The real twist of the knife is that the Rebel Alliance’s operation would have been impossible if the Empire was using a fully-managed BDR solution that utilized offsite replication and data redundancy across multiple sites. If so, once the attack on Scarif started, the Empire would have been able to delete their files at their Scarif data center with the security that they were backed up across numerous other sites. And what’s more, the plans themselves could have been split across multiple sites, making the odds of ever stealing the full plans nearly impossible.


Weak Encryption/ No Encryption

Once the Rebel Alliance stole the plans, it took them absolutely no time to open and look through all the data they’d stolen. A proper security posture would call for data like this to be encrypted in strict compliance to regulatory standards. With encryption, the Alliance may have been stalled long enough for Darth Vader to retrieve the data, or may have never been able to read the plans at all.


No Firewall

After realizing there was no physical way off Scarif, the rebels decided to opt for plan B—to wirelessly transmit the plans to the Rebel Fleet waiting for them above the planetary shield. They did this utilizing the Empire’s own transmitter, which was easy enough to do because there were no firewalls of any kind in place. This lax security posture allowed Jyn Erso, Cassian Andor and K2SO to effectively walk in and start using the Empire’s machinery for their own purposes.



Luke Skywalker said it clearly to the Emperor in Return of the Jedi: “Your overconfidence is your weakness.” And as with any CEO, the precedent put forth at the top pervades the entire organization. The empire was overconfident in their physical media, physical security and in-house operations, with lax security controls and outdated best practices. They clearly did not have a recent assessment from an external firm, who would have been quick to point all of this out.

The Empire should have hired an MSP to operate as their vCIO to assess their overall posture to data backup, disaster recovery and security who would be able to implement software and services to bring them into regulatory compliance.

After all, Darth Vader can only mitigate so many problems. Once data is gone, it’s already too late—and that’s a bitter reality that even the Force can’t change.



Joseph Tavano is Senior Content Marketing Manager at Continuum, with more than 14 years of experience in content creation, content marketing, event marketing, marketing communications, demand generation and editorial across a range of industries. He is the author of several eBooks, blog posts, thought-leadership articles and other marketing and product collateral that enable Continuum partners and IT service providers in the channel to make their businesses stronger and grow their profits. In 2016, he launched the Continuum Podcast Network, which publishes multiple shows every week and reaches tens of thousands of IT professionals every year. A native of Boston, he holds bachelors in English and History from Suffolk University and resides in Salem, Massachusetts.

Topics: BDR, Cyber Security

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus