Pat Larkin, Ward Solutions
Pat Larkin
CEO, Ward Solutions
The first obstacle to providing MSS is the amount of product and service development investment and expertise required to get service offerings MSSP-ready, Larkin says. Services offered by MSSPs are distinct from standard services from a service delivery perspective, as well as from a services platform, sales model and commercial structure perspective.
Another obstacle is the level of financial investment required to provide MSS. “Most offerings require some level of customised service provider platform and service delivery model, and thus usually require substantial investments on the part of the provider,” Larkin notes.
In addition, the level of sales investment required to sell an MSSP offering “is also significant”. The sales cycle for security services tends to be more complex with more barriers compared to vanilla cloud services. “Issues such as isolation, multi-tenancy, data and service location, disaster recovery/business continuity planning (DR/BCP), discrete security policy conformance and supplier assurance tend to be far more onerous for security services than for a lot of other cloud services,” he remarks.
Larkin stresses that MSS is not for everyone and assuming the whole market or all customers will accept their standard MSSP offering “is a fundamental mistake that some managed security service providers make”. In the medium term, a significant number of customers will still want traditional offerings or a significant variation to the technical or commercial model that effectively invalidates the MSSP model.
As for vendors and distributors, the first thing they can do for partners is “to bring their own commercial models in line with the managed security services model”. A significant number of vendors require significant upfront investment on the part of the MSSP in hardware and some software and “don’t have appropriate licensing or financing terms to truly support an MSSP”.
Other vendors don’t offer appropriate certainty on their future licensing or hardware purchase models to allow MSSPs to offer certainty on their price books for a three-year timeframe.
George O’Dowd, Novi
George O’Dowd
Managing director, Novi
MSPs have long offered managed security as part of their overall service offering but a reactive service is no longer sufficient to protect businesses against the latest and most sophisticated attacks, O’Dowd argues. Service providers need to offer regular firmware updates, as well as visual inspections and the provision of regular training sessions to company staff to educate them on information security best practices.
“While many MSPs are in the position to support their customers from a managed security perspective, they need to analyse their service offering and make sure that it is up to the task of defending against the newest techniques being employed by cybercriminals,” O’Dowd warns.
One obstacle to the implementation of MSS for many organisations is the perceived prohibitive cost of adoption. “While it is true that some of the more advanced solutions, such as sandboxing platforms, might be cost prohibitive for individual organisations for the time being, this will change as the technology continues to develop at a rapid pace,” he predicts.
The shared service model is also driving the cost of adoption down by allowing customers to avail of the most advanced tools, such as cyber security analysis, while sharing the cost with other customers and the MSSP.
“As the MSSP makes the initial investment, and services are provided on a subscription basis, the cost of adoption is much lower than if customers had to invest in the infrastructure themselves,” O’Dowd notes. “For this reason, managed security services represent a significant value add for organisations, and are a worthwhile investment.”
Eamon Moore, Emit
Eamonn Moore
Managing director, Emit
For partners experienced in providing managed services of any kind “the leap into becoming a managed security serviceprovider might not be as challenging as it would be for newer players”, he says. Moore expects an increasing trend of IT companies partnering with security companies to white label their offerings. “This makes more sense for these types of companies as it allows them to provide an essential and value-added service to customers while minimising the investment required to launch as an MSSP,” he says. The Master MSP concept, whereby channel companies contract an established MSP to provide outsourced managed IT services to their clients, is likely to re-emerge.
He believes it “is important for IT partners to set the boundaries of the MSS that they provide. Often the correct approach is to recommend a company that is dedicated to providing managed security services rather than trying to provide a service that is beyond its capabilities. Down the line, this scenario will spell trouble for all concerned”.
Moore accepts 24/7 support and monitoring will be an obstacle for many channel partners because the investment needed to provide it from the outset of launching as an MSSP “will be cost prohibitive”. Partnering with an established security company to white label their offering can work well. “Emit’s firewall as a service solution was built with the full support of SonicWall, which provides a range of services to complement our managed security offering,” he reveals.
As to whether MSS will suit every customer, Moore thinks it depends on the level of skills in-house. “In the same way that most channel partners don’t have the staff, financing and technical know-how to support their own MSSP practices, customers will face the same challenges,” he says. “So it might just be down to the type of MSSP they engage with. In a world more driven by IT as a service, I think it makes good business sense to continue with this model for the vast majority of customers to protect their organisations.”
He highlights “an increasing trend of vendors relying more and more on distributors to assist partners with delivering security services. This includes flexible billing models, training and providing first level support, as well as having their own security experts on staff”.
Michael Conway, Renaissance
Michael Conway
Director, Renaissance
“Managed Service Partners are looking to embed services that will help the customer in more effective ways and add value,” Conway says. “They’re bringing technologies which allow them to do things in a more effective way, possibly even by white labelling. They still own the brand but they’re not necessarily embedding the technology, they’re promoting a service to deliver, supported by our technology.”
He thinks there will be a “huge drive to white label solutions” by distributors such as Renaissance, where they will deliver a security solution and the management platform, all on a pay as you go basis. “More and more technologies are becoming available for us to deliver to them, really good core technologies, really good product sets, global brands, that we can deliver in a white label MSS solution,” Conway claims.
He says most users can’t keep up with the problem and they can’t get the skills set they need: “They can’t do it themselves. If they want to be compliant and secure, they’re going to have to pay somebody to do it.” Traditional anti-virus “was pretty straightforward but security now is going right back into the organisation.” MSPs are starting to embed themselves in with their customers because they can provide “better service and support than companies can get internally and they’re doing it proactively”.
“In the past, when something was outsourced, it was no different to what customers had internally, it was just done by someone different,” Conway observes. “Now, MSPs are adding something different to what customers had before and good MSPs are going to start moving up the food chain.”
Distributors like Renaissance are looking to bring capabilities and technologies to MSPs so they can start building out a managed security practice in “a sensible way without investment”. With a pay as you go model, customers can also afford better security by sharing the resource with a lot of other people. “It’s like being your own insurer, there’s a big cost to do it yourself, but if you share with others, it’s always there when you need it.”
He cites the example of a partner that might need to support several different solutions at a customer. It might not be in a position to do so but a distributor such as Renaissance could “handle outsourcing all those capabilities with one of our partners to provide a managed service for all firewalls for eight or nine different brands. This means MSPs can bid for business they haven’t been able to bid for before and they don’t have to add staff. And if they lose the business after 12 months, they can turn it off and they haven’t had to pay for more people”.
Conway thinks this is going to become more prevalent in the next 24 months because “security products are complex and it’s virtually impossible to be really good on everything. Accreditations are key in terms of what resellers want to achieve, they’re going to be a competitive advantage, and it’s down to us to provide that for them. We can deliver to resellers and for them.”
Subscribers 0
Fans 0
Followers 0
Followers