|
|
|
|
|
Becoming a Managed Security Service Provider: The Critical Success Factors
Published Dec 4, 2016
|
Over the last couple of years, between the spate of high profile cyber-attacks, the resulting focus on security and the uptake of cloud and IoT, today, enterprises in the Middle East have realized that the only way to truly safeguard against cyber threats is to deploy cloud-first, integrated security solutions that address the entire threat defense lifecycle.
While this makes perfect sense in principle, the reality is that few organizations, if any, have the resources and the technical know-how to deploy and manage a robust security solution across the enterprise network. To address this security gap, more and more organizations are turning to Managed Security Service Providers (MSSPs). In fact, according to a 2015 Infonetics research report titled ‘Cloud and CPE Managed Security Services’, the demand for managed security services is growing at double digit figures and is expected to reach close to $20 billion globally by 2019.
Global IT research firm Gartner, defines managed security services as remote monitoring or management of IT security functions delivered via shared services from remote security operations centers and not through personnel on-site. For inclusion within Gartner's MSSP criteria, players must be able to remotely monitor and manage through shared service delivery, firewalls, intrusion detection prevention devices from multiple vendors and have security operations centres in multiple locations, amongst other requirements.
Service providers like telecommunication and internet service providers use such a broad-based portfolio approach and as such possess all the requirements to deliver robust managed security services. So what are some of the key success factors that service providers should consider when embarking on this MSSP journey?
Bridging the Talent Gap
Talent shortage in the Middle East and globally for that matter, particularly in the security space, is a topic of much discussion. In fact, by 2017, reports suggest that there will be a shortage of 2 million cybersecurity professionals skilled in analytics and forensics. The limited resource availability directly translates to weak security protection levels within an organization and the net result is longer lead times for protection, detection and correction. While this is one of the main drivers for organizations choosing to partner with MSSPs, the onus now falls on the service provider to bridge this talent gap.
Competing against security vendors for talent could be an effort in futility so service providers that are serious about building an MSSP practice should have a clear strategy for hiring, training and retaining security personnel with a focus on nurturing in-house talent. Not only should personnel be technically savvy and have a thorough of the various security products and solutions, but as importantly, they need to have a deep understanding of the threat landscape in the region and possible attack vectors to allow them to spot potential threats to an organization.
Partner with Best-in-Class
Over the last couple of years, we have seen the emergence of a staggering number of security vendors on the market, almost all claiming to be ‘best-in-class’! The good news for MSSPs is that they are spoiled for choice but the bad news is that many of these solutions overlap and providers often trade off product features for ease of integration and collaboration between the various products and solutions.
Rather than opting to integrate disparate point solutions, service providers looking to build an MSSP practice would be well served to partner with a couple of key security vendors from the outset to develop a security service platform from the ground up that address the needs of the market and customers they are looking to serve.
Address the Hybrid Cloud
At present security service providers and end customers take joint responsibility of the business security integrity. Due to growing complexity of security solutions and the increasing need to focus on core competence, managed security service providers are under pressure to take full management control of the business security environment. This is compounded with the growing adoption of cloud in the region.
With the increasing adoption of hybrid cloud in the Middle East (primarily because of security and privacy concerns) and increasing spending on public cloud solutions, MSSPs will soon need to take charge of monitoring end user cloud application activity along with hybrid solutions and to that end, should integrate security in to all their applications and product offerings.
Become a Trusted Advisor
Too often, vendors and partners alike, use the term ‘trusted advisor’ when characterizing their partnership with end-customers. But what does being a trusted advisor really mean? It means, building a level of accountability and transparency with the customer that goes far beyond just providing tactical security services. MSSPs should be in constant communication with their customers, regularly sharing analytics, threat intelligence and incidence reports. By educating the customer on their security posture, MSSPs allow the customer to take more informed, ‘evidence-based’ decisions and in doing so, gain the customer’s trust.
Across the nineties, the early generation of internet service providers would bundle a firewall at the customer site with a public network connection and would manage it is as well. This was the start of managed security services from service providers, almost ten years ago. Since then the challenges of managing IT security for both service providers and businesses have transformed and scaled tremendously. This has created the opportunity for service providers to increasingly manage the routine IT security operations for end users. And for end users, the core competency and scale of the technology platforms managed by service providers, has given them confidence to contract out the administration of their IT security operations, a win-win for all!
Posted by
VMD - [Virtual Marketing Department]
|
|
|
