Putting Solution Providers, MSSPs on the Same Team

By Michael Vizard
managed security services

As the security landscape becomes increasingly complex, multiple players are needed to work in tandem to provide managed security services. For starters, the cost of delivering these services is becoming increasingly prohibitive. Not only is finding people with IT security expertise extremely difficult in a highly competitive market, the salaries those security professionals can command are considerable.

The good news is that demand for managed security services is expected to create a $32.9 billion market by 2020, according to projections from ABI Research. That figure will climb to $32.9 billion in 2020 as more businesses are turning to MSSPs that offer expertise and dedicated security personal as they face continuing pressures due to a lack of internal resources, rising threats and government regulations.

Simultaneously, solution providers are also discovering they need to invest more in analytics to identify and prevent security threats that are becoming increasingly sophisticated with each passing day. In fact, solution providers of all types and sizes are also discovering that many customers will not take on new IT projects unless they can address the IT security issues associated with that project.

Solution Providers Team Up With MSPs

The end result is a fundamental change in how managed security services are being constructed and the willingness of solution providers to partner with managed service providers (MSPs) that specialize in IT security.  In fact, a three-tier architecture for delivering managed security services is starting to emerge that begins with vendors increasingly bearing the brunt of the costs associated with investing in technologies, such as big data analytics applications, that are optimized for tracking complex IT security events.

Symantec, for example, is investing heavily in cloud security services that it expects partners to resell. Amit Jasuja, senior vice president of products for enterprise security at Symantec, said it's not feasible for the average provider of managed security services to keep pace with the level of investment required.

"We've got 13 data centers distributed around the globe to collect data," said Jasuja. "Now we need to make it drop-dead simple for our partners and customers to implement security services."

In a similar vein, Dell is previewing a new advanced persistent threat (APT) protection service that it will deliver via Dell SonicWALL firewalls that are sold primarily via its channel partners. Bill Evans, senior director of product marketing for Dell Software, said the nature of the threats facing IT organizations now requires a more instant response that can only be delivered via the cloud.

"We're creating a service to address zero-day threats," Evans said. "That requires taking advantage of the cloud."

Similarly, Arbor Networks, a unit of NetScout, recently rolled out a managed security service for countering distributed denial-of-service (DDoS) attacks that its partners can resell. While partners can clearly use the company's software to build their own managed service, the economics of IT security would suggest that, going forward, more of them are going to rely on vendors to construct those services, said Sam Curry, chief technology and security officer for Arbor Networks.

"Not every organization has the skill set needed to combat a DDoS attack," said Curry. "We provide the visibility needed to combat those threats before they hit the firewall."

Simplifying the Process

Trend Micro Chief Operating Officer Wael Mohamed noted that one of the big factors driving this overall shift is the need to make IT security simpler to deploy and manage.

"We need to take advantage of the cloud to make IT security much simpler to provide in much the same way the hacker community has made it easier to launch attacks," Mohamed said. "But the MSP is still going to own the last mile of the delivery of security services."

None of this increased security complexity is lost on MSSPs, such as Solutions Granted, which is already reselling its managed security services via partners that don't have as much expertise in this area.

"A lot of MSPs prefer to just focus on managing the PC and maybe Active Directory," said Michael Crean, president and CEO of Solutions Granted. "Some of them then promote our brand as part of the delivery of their service, while some do not."

The nature of IT security threats has fundamentally changed. Whether it is directed by organized crime rings or nation-states, attacks are increasing in both volume and the level of damage they can inflict. As such, solution providers that attempt to go it alone—rather than tapping MSP expertise—when it comes to IT security are generally begging for trouble.

Michael Vizard has been covering IT issues in the enterprise for more than 25 years as an editor and columnist for publications such as InfoWorld, eWEEK, Baseline, CRN, ComputerWorld and Digital Review.

This article was originally published on 2015-10-30