Jonathan Whitley, Sales Director for Northern Europe at WatchGuard Technologies, looks at what’s behind the growing demand for managed services and how MSPs can migrate to MSSPs.
You can forgive CISOs and IT departments of being of a nervous disposition. No one wants to wake up to news that they have a breach on their hands. But the fact is, regardless of size or type, companies and public sector organisations feel more under attack than ever. They are also under pressure to meet the demands from new legislation - not least of course, GDPR.
SMBs, who once felt secure in the belief that they were not big enough to be targeted, now face real threats on a daily basis. But unfortunately they often lack the budget or in-house expertise to achieve a strong cyber security posture. Without the capacity to stay one step ahead by shoring up defences or regularly configuring, monitoring and updating security products and processes, SMBs and left playing catch-up and keeping their fingers crossed.
To compound the problem. SMBs often don’t have level of visibility into what IT resources are being consumed, where they reside and how they potentially interact. Whether it is a tablet device running lightweight bookkeeping or project management software or a back-office system running SaaS applications, organisations need to be able to identify what data is being used, where it is stored and how it’s processed by users and applications.
So, what is the answer, faced with a myriad of vendors claiming to offer ‘the solution’? It appears that more CISOs and IT teams are looking to their existing Managed Service Providers for help. They want them to add the extra S and move from being an MSP to a Managed Security Service Providers (MSSP).
The fact is that many SMB IT departments will not know the technical differences between a Unified Threat Management (UTM) appliance and a Next Generation Firewall (NGFW), for example And why should they? Making sure their IT systems run effectively and reliable has always been their top priority.
As a result of this growing shift in approach, traditional vendors of security hardware and software have to learn quickly so they can offer and deliver cloud-ready packaged security services. Every network needs a full arsenal of scanning engines to provide visibility, threat intelligence, and protection against spyware and viruses, malicious apps and data leakage – all the way through ransomware, botnets, advanced persistent threats and zero- day malware.
As well as helping MSPs to move to MSSPs, security resellers that have built successful businesses on selling hardware, need support to embrace the new services model. This includes providing support and education as well as the technical tools to deploy, manage and provision an MSSP security estate and give full visibility to customers.
And of course there are the commercial arrangements. Moving from up-front purchase payments to recurring revenues is quite a culture shock and has a major impact on the business. So, vendors need to help resellers make the change. This includes accommodating annual and monthly billing and flexible licensing, as well as the ability to scale up and down instantly to meet changing customer requirements.
It is clear that the growing complexity of protecting SMBs and distributed enterprises against increasingly sophisticated threats and data regulations—coupled with the shortage of skills and pressure on budgets — is driving more businesses to outsource their security services. Vendors and resellers who do not recognise this transition and to work together to change their own technologies and business models, run the risk or being left behind.