Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Every now and again somebody puts a new page in the playbook that everybody in the channel should just immediately copy. The page in question here has been penned by a company called CyberTrust, a managed services provider focused on security.

While there is nothing particularly unique about being a security MSP, what is unique is how CyberTrust went about creating a trusted security ecosystem for one of its largest customers that in turn greatly expanded the footprint of CyberTrust’s managed service.

The customer in this case is financial firm Fiserv, which is going to require that all of its suppliers and partners use the security infrastructure provided by CyberTrust. The reason that Fiserv needs to do this cuts right to the heart of a problem shared by just about every major company on the planet.

While every one of them can vouch for their own level of security, there is no audit process anywhere that certifies that every company operation in that company’s orbit has an equal level of security as Fiserv. And because security is only as strong as the weakest link in the chain, a single security breach anywhere in the extended network can have a catastrophic effect.

Of course, what the industry really needs is a set of security standards that every company should be certified on by a third-party audit. But in the absence of such verifiable standards, the next best thing is a common security framework managed by a single solution provider, in this case the client itself, Fiserv, that makes sure that all the participants in a particular ecosystem meet the same security requirements.

Cybertrust’s Partner Security Program offering allows clients to assess and evaluate the security risk of partners.

No doubt CyberTrust has ambitions well beyond Fiserv, but there is also no doubt the potential demand for such security services far exceed the capabilities of a single solution provider. And the solutions required to deliver this type of service typically far exceed the product sets of any one vendor, which means that when it comes to proving these services, it will be difficult for any vendor, with maybe the exception of IBM, to take this business direct.

Click here to view exclusive channel research from Amazon Consulting.

Building a managed security service is obviously not for the faint of heart and requires a fair amount of investment, so some solution providers may opt to resell the CyberTrust service rather than roll out their own service. But either way, this is the type of service where the solution provider is clearly providing a high-margin service beyond anything a vendor could ever claim to do better.

Michael Vizard is editorial director of Ziff Davis Media’s Enterprise Technology group. He can be reached at