Cybersecurity Technology Platform Selections to Build Robust Business For Managed Security Service Providers (MSSPs)

In the world of cybersecurity, every day presents a unique set of challenges as threat actors are continuously evolving their tradecraft. For those that have chosen cybersecurity as a profession, the endless game of cat-and-mouse is just the type of challenge they hoped it would be. But for most small and midsize businesses (SMBs), cybersecurity is not their chosen field. Rather, cybersecurity is necessary to protect the business but typically does not define or differentiate the business. In instances where cybersecurity defines the businesses, the tagging is frequently not a badge of honor but a spotlight on poor execution.

Cybersecurity Technology Platform Selections to Build Robust Business For Managed Security Service Providers (MSSPs). Source: ShutterStock
Cybersecurity Technology Platform Selections to Build Robust Business For Managed Security Service Providers (MSSPs). Source: ShutterStock

This common circumstance spells business opportunity for managed security service providers (MSSPs). Cybersecurity is essential for SMBs to avoid negative outcomes, but not a discipline that the vast majority of SMBs want, can, or should build and maintain within. Partnering or outsourcing part or all of cybersecurity operations to a MSSP allows SMBs to concentrate on the customer and partner-facing aspects of their businesses, where true differentiation is possible, while relying on the MSSP to prevent cyber incidents and stay compliant with pertinent data privacy and protection regulations.

The path to MSSP business success is, as with any business pursuit, not guaranteed. Prudent investments are essential across all interrelated service delivery elements of people, processes, and, especially, technologies. Cybersecurity technologies are particularly important as they impact the type and magnitude of investments in people and processes. The better the cybersecurity technologies are in enhancing productivity and shouldering complexity, the lower the investments needed in people and process, without jeopardizing the MSSP’s service quality and scalability.

In this article we share our perspective on market drivers for security services. We follow with our view on what MSSPs should consider in their cybersecurity technology selections.

Content Summary

State Of The Managed Security Services Business
A perpetually uneven playing field in the battle against cyber adversaries
Insufficient in-house expertise
Broadening exposure footprint
What To Look For In A Security Technology Vendor
What to Seek in a Security Technology Vendor to Succeed Operationally
What to Seek in a Security Technology Vendor to Flourish Competitively
The Last Word

State Of The Managed Security Services Business

Market demand for security services, both professional/consultative and managed, continues to grow year-over-year. In 2016, Frost & Sullivan determined that demand grew 19% in North America, and predicts that demand will grow 17% on an annual basis through 2020. Global demand is equally strong with a projected annual growth rate of 16% over the same time period.

The top three market drivers are:

  • A perpetually uneven playing field in the battle against cyber adversaries
  • Insufficient in-house expertise
  • Broadening exposure footprint

A perpetually uneven playing field in the battle against cyber adversaries

In the battle against cyber adversaries, IT security personnel are at a disadvantage. While tasked with protecting the business, they also must not impede business operations and strategic initiatives. Maximizing both objectives is seldom possible, especially in a highly competitive business environment. Speed-to-market typically wins over cyber precautions.

Alternatively, cyber adversaries have only one objective and that is to succeed. They use any means possible, for as long as possible, to locate and exploit gaps in their targets’ defenses. Their only restraint is cost: 1) the cost to plan, launch, and perpetuate attacks; and 2) the potential cost if discovered and prosecuted. With a focus on profit, cyber adversaries invest in improving their attack and obfuscation capabilities while reducing their operational costs.

This uneven playing field feeds demand for third-party security services. Security service providers support their clients in assessing and reducing their cyber risks, and if incidents occur, minimizing the impact. Leveraging their expertise across a variety of security technologies, plus armed with a history of perspectives on cyber adversaries’ techniques, tactics, and procedures applied against many targets, security service providers make a compelling argument that they can identify and reduce their clients’ security gaps and mitigate cyber adversaries’ advances better than their clients can on their own.

Insufficient in-house expertise

Surveys on the state of InfoSec, like the one below from The Center for Cyber Safety and Education, are replete with this conclusion of insufficiency. The previous demand driver of an uneven playing field, the next driver of a broadening exposure footprint, plus the sophistication of attackers and InfoSec teams saddled with a multitude of security technologies to master, InfoSec teams are in a perpetual state of insufficiency in both numbers and expertise. Additionally, with InfoSec experts in high demand, acquiring and then retaining them further extenuates this predicament. Augmenting InfoSec teams is a perennially robust driver in the demand for third-party security services.

Too Few IT Security Workers Cited by 66% of InfoSec Professionals (n=19,275) and Top 5 Reasons for "Too Few". Source: WatchGuard
Too Few IT Security Workers Cited by 66% of InfoSec Professionals (n=19,275) and Top 5 Reasons for “Too Few”. Source: WatchGuard

Shortcomings in expertise and lack of personnel were also noted in the 2017 Security Pressures Report from Trustwave (below). Of note, the other operational pressures are correlated with lack of in-house expertise. For example, if security expertise were more plentiful, the pressure to defend against advanced security threats would be alleviated through dedicated and specialized staff concentrating on advanced threats. Conversely, MSSPs have the size and scope to develop and maintain pools of specialized talent.

Top Operational Pressures Facing Security Professionals. Source: WatchGuard
Top Operational Pressures Facing Security Professionals. Source: WatchGuard

The number of security products and vendor relationships further extenuates the challenges faced by understaffing—more variety to manage with finite personnel. The survey data from Cisco 2017 Annual Cybersecurity Report illustrates this multi-product/multi-vendor situation.

The survey data from Cisco 2017 Annual Cybersecurity Report illustrates this multi-product/multi-vendor situation. Source: WatchGuard
The survey data from Cisco 2017 Annual Cybersecurity Report illustrates this multi-product/multi-vendor situation. Source: WatchGuard

Broadening exposure footprint

Cloud services have permanently expanded the IT environment from prominently on-premises and co-location to include various cloud formations, and application-consumption models (licensed software versus software-as-a-service). The environmental choice for most IT organizations is hybrid with growing cloud tendencies. For InfoSec personnel, this has been a worrisome trend. First, as illustrated below, the pressure to move to the cloud and the perception of risk rank high. Second, InfoSec personnel are not only responsible for securing assets in ‘emerging’ environments, such as the cloud, but also in traditional environments (e.g., private data centers and corporate-issued PCs and laptops). Cognizant that threat actors exploit vulnerabilities wherever they exist, an expanding footprint forces in-house InfoSec personnel into essentially playing zone defense on a larger court with fewer players than its opponents.

Most Pressure to Adopt/Deploy and Poses Greatest Risk. Source: WatchGuard
Most Pressure to Adopt/Deploy and Poses Greatest Risk. Source: WatchGuard

Also telling on the demand for managed security services, 35% of InfoSec personnel responding to a survey sponsored by The Center for Cyber Safety and Education expect that their organizations will spend more on outsourced and managed security services over the next 12 months. Along this same trajectory, Trustwave’s survey (below) shows that nearly 90% of organizations in the United States either already partner with a MSSP or plan to in the future.

How likely are you to partner with a MSS provider to relieve some of the security pressures you face? Source: WatchGuard
How likely are you to partner with a MSS provider to relieve some of the security pressures you face? Source: WatchGuard

In another sign of growing demand and adoption of security services, Cisco 2017 Annual Cybersecurity Report shows a positive correlation between reliance on a third-party provider and future security services/outsourcing expenditures. As noted below, the higher the percentage of an organization’s security that is currently outsourced, the likelihood is higher that future outsourcing will increase (versus not change or decrease). This finding is particularly noteworthy among SMBs. From our interviews of a sample of tenured managed services providers (MSPs), SMBs are more likely to outsource a greater portion, if not all, of their security operations to a third party than larger sized enterprises.

What To Look For In A Security Technology Vendor

MSPs serving SMBs typically offer more than managed security services. IT and networking services are also offered, and for good reason. SMBs prefer fewer provider relationships to reduce their third-party governance effort and relationship complexity (i.e., single tie to tug). Additionally, managed services providers have made the wise decision to offer a range of managed services that span security, IT, and network as they rightly determined that the disciplines are interconnected (e.g., remediating a security incident may require a policy change in network equipment). Also, a broader managed services portfolio improves the MSP’s ability to foster stronger and longer lasting relationships with its clients.

In order for this multi-service model to work for the MSP and its clients, the MSP must have vendor partnerships that are designed from the ground up to assist the MSP in succeeding operationally and flourishing competitively. To that point, we turn our attention to the attributes to seek in a security technology vendor.

What to Seek in a Security Technology Vendor to Succeed Operationally

Comprehensive Set of Security Technologies Under a Single Roof: The state of preventive security to block and narrow attackers’ inroads is a multi-technology effort. No one silver shield exists that can thwart all types of attacks. Therefore, MSPs need a security vendor that can provide an incrementally expanding set of security technologies in its platform, but in a manner that does not require the MSP to retool its internal operations in serving its clients. Analogously, as adversaries devise new plays, this should not require the MSP to revamp its defensive scheme. The existing multi-technology platform should adapt accordingly. Additionally, as new security technologies are added to the platform, they are modular in design so the MSP can turn them on and off as individual client needs warrant.

Evergreen Best-in-Class: Security technologies are not commodities with similar effectiveness. Rather, effectiveness of individual security technologies (e.g., anti-virus) will vary across vendors, and relative merits will change over time. An expectation by a MSP is that its security platform vendor actively scans the market of individual security technology vendors, and evaluates new vendors and enhancements by existing vendors. Where a new best-in-class technology comes to the forefront, the platform vendor completes a switch within the platform with as close to complete transparency to the MSP’s operations as possible. What is not transparent is that the MSP’s clients receive upgraded security without having to lift a finger.

Cross-Technology Visibility and Control: Layers of security technology are a nightmare to coordinate and optimize unless they are intrinsically woven together. Another expectation of the security platform vendor is that visibility and management allows the individual security technologies to function synergistically. Otherwise, the platform is only a unifying front end—valuable but insufficient in a constantly changing exposure footprint and cybersecurity threat landscape.

Compliance Supporting: The reach of data protection and privacy regulations continues to expand. For example, companies that offer goods and services to people in the European Union (EU) will soon be subject to the EU General Data Protection Regulation (GDPR). Compliance enforcement of GDPR takes effect on May 25, 2018. Effective MSPs understand pertinent regulations, like GDPR, and take proactive steps to ensure their clients are compliant. MSP effectiveness, however, is dependent on its means to report compliance status and identify areas for remediation to return clients to a compliant state. Compliance-tailored visibility and reporting must be a built-in feature of the security technology platform; otherwise, the MSP suffers operationally, and its clients are at greater risk of non-compliance.

Hook into Common Management Toolsets: MSPs have invested time and money into management toolsets such as Professional Services Automation (PSA) and Remote Monitoring and Management (RMM). To ensure favorable payback on these investments, the security technology platform must be compatible with them. Otherwise, the MSP’s personnel are hampered by productivity-robbing swivel chair operations.

No Truck-roll Mantra: Although security delivered as a cloud service will grow in relevancy, on-premises appliances will continue to dominate. What will be common across on-premises and cloud-delivered security is no truck rolls. Physical ‘touching’ of the platform does not occur. Where there is touching, two-cable connections (power and Ethernet or a Wi-Fi alternative) and pushing the ‘power’ button is all that is required to begin and complete self-discovery and self-configuration.

Integrated Ecosystem: Even with the multiple security technologies integrated in the vendor’s platform, MSPs may have other security technologies from other vendors (e.g., SIEM and vulnerability management) that need to be integrated with the technologies in the vendor’s platform. Easing potentially bespoke operations, the multi-technology platform vendor has a well-developed security technology ecosystem.

What to Seek in a Security Technology Vendor to Flourish Competitively

No MSP is without competition. The growing market demand for security services guarantees that more competitors will arrive, and existing competitors will strengthen their positions. The multi-technology platform vendor can assist its MSP customers in building beyond the security capabilities resident within the platform, so the MSP’s ability to flourish is bolstered.

Managed Incident Detection and Remediation (IDR): Even with the most comprehensive and best orchestrated multi-technology cyber defenses, there is no 100% guarantee that attackers will not make landfall. Managed IDR is a rising services category among MSPs, with the objectives of quickly identifying attackers and malicious insiders, understanding past and potential next movements, and then taking steps to remove the attacker or at least thwart its advances. The multi-technology platform vendor assists the MSP in at least two important ways: 1) provides threat intelligence on new instances of attacker methods, so MSPs can take proactive steps (e.g., check for targeted vulnerabilities) to mitigate their clients’ exposure (a central intelligence role); and 2) provide easy-to-use views on each MSP client’s environment in support of security forensics and threat hunting.

Demonstration through Communications: Although a portion of the MSPs’ clients are satisfied with ‘silence from the MSP as a sign of effectiveness’, most MSP clients, we believe, value reassuring communications that demonstrate security vigilance. The core message from MSPs should be that the absence of business-impact security incidents is not by chance or by accident, but through a very active practice. Furthermore, security intelligence from the multi-technology platform vendor plays an important role. Intelligence on relevant security topics and trends in threats and remediation—areas in which the vendor is particularly well versed—can be packaged and tailored by the MSP to communicate in an intimate fashion to its client base.

Co-Marketing: MSP clients and prospects are well aware that the power of the MSP’s services is a combination of the MSP and its security technology vendors. Joint marketing campaigns are useful in showcasing the collective capabilities of the MSP and vendor. Also, vendors separately create marketing campaigns and programs for use by their MSP client base.

Training: The aforementioned operational success will be lost if the MSP cannot utilize the vendor’s platform of technologies to their full extend. Training in various forms (online classes, workbooks, boot camps, etc.) and 24×7 helpdesk support assist the MSP in mitigating the challenges of a tight security labor market, and prepare its staff to serve clients with templated proficiency (i.e., solve a problem once and solve for many, rather than a trial-and-error approach for each client).

Digital Transformation Services: Businesses of all sizes are struggling with how to use technology to their advantage. Reaching across the disciplines of IT, networking, and security, the MSP can be that linchpin to technology-driven business transformation ‘done right’ for its clients. Whether the digital transformation is exclusive to reducing cyber risk, or enabling business expansion without extending cyber risk, the operational foundation of the multi-technology security vendor’s platforms should assist.

Flexible Pricing Options: MSPs need flexible pricing options from their vendors to align with their business operations and their clients’ payment preferences. As MSPs expand their service portfolios, they also need greater flexibility to source products from vendors through a variety of contract terms; for example, fixed versus pay-as-you-grow. MSPs also need flexibility to enable and disable services on-demand without having to incur upfront costs. Such flexibility serves both the MSP and its clients in consuming products and services that make the most sense for their respective businesses. This pricing flexibility also provides a pathway for MSP clients to incrementally trial new services and expand their service adoption without the MSP being forced into making financially risky “inventory” decisions (i.e., how much of each service to order and pay in advance of sales).

The Last Word

Few MSPs sprang to life offering security services to their clientele. Rather, they listened to their customers, confirmed the robustness of need and business opportunity, and then moved forward. They are on a journey together.

Alas, this journey is not as simple as standing up a firewall and establishing a few static policies. Security is complex and dynamic. For MSP clients, that is exactly what they do NOT want to encounter. They want and will pay for MSPs that insulate them from the complexity and dynamism of operating security and that ensure the resiliency of their business operations (business disruption due to a security incident is unacceptable).

For MSPs, they need a technology partner that is “all in” in helping them succeed in the business of being a MSP. In this paper, we outlined the many attributes MSPs need from their security technology vendor. MPS should be as discriminating in selecting a vendor partner as their clients are of them. WatchGuard is a security technology vendor that discriminating MSPs have chosen.

In market for over 20 years, WatchGuard has pioneered cutting-edge cybersecurity technology delivered as easy-to-deploy and easy-to-manage solutions. With industry-leading network security, secure Wi-Fi, and network intelligence products and services, WatchGuard enables over 80,000 small and midsize enterprises from around the globe to protect their most important assets. In a world where the cybersecurity landscape is constantly evolving, and new threats emerge each day, WatchGuard makes enterprise-grade cybersecurity technology accessible for every company. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America.

As a company that sells 100% through channel partners, with an extensive and global base of MSPs that provide IT security products and services to their customers, WatchGuard enables both resellers and MSPs to effectively grow their business through managed security services.

Source: WatchGuard