Rightly or wrongly, many of the trends in how we consume things are driven by a desire for more convenience. This is as true in the technology, and by extension the cybersecurity, market as it is anything else.
People want to consume their technology as they do other services in their lives, with the option to turn capabilities on and off as and when they are needed. It is also true that, as organisations and their IT teams find themselves under evermore pressure with increasingly little time, they are looking to buy an outcome instead of buying a capability. In short, they want to know that it will just work and that they don’t have to worry about it.
In part, this outsourcing is also taking place out of a necessity created by the shortage of skills in the cybersecurity market. Organisations from large enterprises to small local businesses are finding themselves in the crosshairs of cyber criminals. Without the sufficient in-house resources to protect themselves, they are turning to service providers to help augment their internal teams.
The desire for peace of mind is one of the biggest factors driving the rise of cybersecurity as a service. Recent events give a clear demonstration of the multiple challenges organisations are facing on a weekly basis. Take the Log4j vulnerability, which has exposed organisations across the globe to criminal and state-sponsored hacking groups. In recent days, a number of reports have come to light of numerous threat actors exploiting the vulnerability. The fact is that this is probably only the tip of the iceberg. Many ransomware gangs will lay low, to avoid the backdoors they have created from being spotted, before snooping around systems to see what data they can access.
At the same time, compliance measures are getting tougher. The UK government has launched its new cybersecurity strategy, whilst the EU Commission is deliberating on a new Network and Information Security Directive. These are undoubtedly positive steps and essential if the UK and EU are going to continue to innovate and grow as digitally enabled economies and societies. However, both will create new requirements concerning cyber resilience reporting for organisations once in full force.
In the UK, this comes in combination with the recent announcement on more stringent standards for IoT device security – again, a much-needed initiative – and forthcoming updates to the National Infrastructure Security Bill. When you take the risks confronting organisations and the increased regulatory scrutiny they are facing, it is perhaps no surprise that they find the idea of agreeing to a service level that covers some, or all, of their cybersecurity operations and outsourcing that to a partner attractive.
Following on from the above, the fact is that many organisations do not have the time to regularly assess the security solutions they are using and evaluate whether, on the one hand, they are doing as effective a job as they could be, and two, whether there are more effective solutions out there. The upshot is that valuable new features may not be configured properly, new capabilities can go unused, and thus organisations fail to see a return on the significant investment many make into cybersecurity.
Finding a partner
Partners can provide real value here by carefully assessing their customers business, clarifying the alphabet soup of industry jargon, and making sensible recommendations for optimising and adding to their security stack in order to achieve a strong security posture and a clear return on investment. Moreover, thanks to the as-a-service model, partners and their customers are much more able to achieve this balance of security and value for money. This is possible because solutions can be spun up and down much more easily, ensuring that you are only paying for what you need at any one time. Further to this, the managed element means that customers can be more confident in having a range of security solutions from different vendors that meet their precise needs. This is because the partner is there to properly configure all of the solutions, so they work together.
As the complexity of end customer IT increases and the skills shortage continues to bite, the market for managed security services will continue to grow and become more competitive. In differentiating themselves in the market, partners should identify the vertical and technical expertise their business is built on and then expand from there. In progressing along this journey, partners can look to vendors and systems orchestrators for support and investment in their business. Finance solutions can lessen the cost of rolling out services further, whilst solutions and professional services offerings can be leveraged to help overcome skills gaps in the short-term whilst training is undertaken.
Whilst entering the cybersecurity market can seem a daunting prospect, with the correct support the reality is far simpler than it first seems. You don’t have to be a code-breaking cyber spy to get started. With the availability of solutions built for the as-a-service market and wide-ranging support available to help partners get up and running, there is a fantastic opportunity for partners to begin building on their existing business and create or expand a cybersecurity practice.
In working with the wider channel, existing or would-be MSSPs can find help to identify market opportunities through tools such as Canalys Alys, get to market with solutions and professional services from systems orchestrators, and then build this new revenue stream out with investment and training from vendors. It is incredibly important that partners take these opportunities, not only for the sake of themselves, but also for the ongoing security of our increasingly digital professional and domestic lives.