Given the growing list of online security threats, managed service providers (MSPs) are naturally looking to leverage intensifying demand for cybersecurity. But how straightforward is it for traditional MSPs to add security to their offering?
To become a Managed Security Services Provider (MSSP), MSPs typically have three options: DIY their own branded service, partner with an established player, or resell a vendor’s white-label. Whatever the chosen mode, there are significant hurdles to profitability.
The core of any managed security service is the security operations centre or SOC. Setting up and sustaining a 24/7 operations centre however is expensive. The capex and staffing issues are enough to stop some MSPs from adding that extra ‘S’ to their acronym. Many of those that have find the complexities of operating a SOC profitably to be a business distraction needing constant attention.
The management issues are significant:
- Analysing a steady stream of threat data flowing into the SOC in real time.
- Supplying a variety of security capabilities per customer via technologies like SIEM, firewall, detection and response, endpoint monitoring, etc.
- A hailstorm of network alerts needing triage and analysis to sift real threats from hundreds to thousands of false positives.
- Numerous customers with bespoke SLA requirements across diverse sectors and verticals.
- Complex regulatory requirements with their own privacy and reporting requirements.
- Highly-skilled and highly-paid SOC staff and analysts.
Key to MSSP profitability is simplifying SOC operations wherever possible while ensuring that the services supplied are scalable. MSPs always need to flex their business models in order to add services, increase the number of users supported; or ramp-up the volume of data, processing and network resources consumed.
They also need to be able to scale down and avoid wasting money by paying for more resources than business volume demands. That’s an issue across managed IT services and it affects security as well. The core infrastructure of a security operations centre has to be effective at delivering protection, without degrading the profitability of the overall offering.
Data costs can also be a drag on SOC profitability. With the annual boom in data volumes continuing unabated, monitoring and analysing all the information moving in and out of corporate networks has become a huge money-maker for traditional vendors who supply SOC infrastructure. With pricing for core SOC technologies like Security Information and Event Management (SIEM) typically based on data volumes, vendors have basically embedded steadily rising costs into the managed security services business model.
How To Overcome Barriers To Entry & Ongoing Profitability In Managed Security
Business challenges of this magnitude could make any MSP think twice before making the leap to manged security, but there are ways to overcome them and benefit from the surging demand for cyber security:
- Focus on technologies: In the first instance a SOC should be built around systems, rather than people. Technology can be reconfigured or upgraded when you need to scale. Staffing your SOC and ensuring the right skill sets are in place can be difficult and very expensive due to the demand for cybersecurity experts in the market.
- Make your people more effective: Highly-skilled people will always be an important part of a managed security services business, and technology can’t replace the human element. Ensuring that the latest technologies are in place will make the people more effective and help ensure that threat detection and remediation happen faster.
- Automate wherever possible: If core SOC capabilities like real-time monitoring and analysis of security alerts generated by all the applications and network hardware are automated, it is much easier to scale clients’ requirements quickly. Automation can also make the SOC a source of intelligence that clients rely on to make better decisions. The latest tools can recommend approaches for defending against threats while helping improve workflow to make the SOC faster and more effective.
- Demand pricing that ensures visibility of SOC costs: MSSPs need predictability of costs. SOC infrastructure pricing around core technology like SIEM should be based on, for example, the number of network nodes in need of protection, not the amount of data moving through them.
Making the leap from MSP to MSSP means operating scalably and effectively. Clients demand detection and response to attacks in real-time with zero tolerance for error. IT service providers who add managed security services to their portfolio but don’t optimise their SOC operations will struggle to sustain profitability in a lucrative but increasingly crowded market.