Guest Column | April 7, 2016

4 Habits Of Successful Managed Security Service Providers

Norman Currie, Global Director, MSSP Partner Presales and Enablement, Intel Security

By Norman Currie, Global Director, MSSP Partner Presales and Enablement, Intel Security

Appropriate and effective security mechanisms continue to be a challenge for organizations of all sizes, leading many to look to Managed Security Service Providers (MSSPs) for a solution. The growth in demand for consistent and measurable security solutions is straining the resources of many MSSPs, who have been hampered by a focus on product features instead of customer outcomes. Compounding this is the significant, and growing, shortage of qualified cyber-security professionals. When I look at MSSPs who are successfully dealing with this scenario, they have four habits that help them rise above the rest: developing talent, integrating products and collaborating with vendors, offering a range of hybrid solutions, and delivering a high-level of transparency about their operations.

Talent

The shortage of security personnel is almost reaching crisis proportions in enterprise security, with no signs of slowing. MSSPs provide a potential solution to this problem, alleviating the need for the enterprise to staff internally for 24x7 coverage, but only if they focus on all aspects of talent development. Aggressive efforts to hire quality resources are a starting point, but fighting over available personnel is a net-zero game. Successful MSSPs also concentrate on developing their people, with clear plans for retention, training, and career progression.

This training needs to cover not just the security technologies, but also the analytic skills needed to find data patterns and correlation to uncover potential threats, and the soft skills for relationship development. Training needs to include not only the “what,” but also the “where, how, and why” of cyber-attacks.

Integration And Collaboration

An excessive focus on product features and the latest security gadgets has resulted in fragmented offerings whose integration is becoming unsustainable. Many MSSPs are reducing their operating risk of multiple product integrations by consolidating vendors. Scaling integrations between many vendors is an n-squared network problem, where one vendor who releases updates can “break” a platform.

Successful MSSPs have moved towards a partnership model with security vendors, to help design scalable infrastructure and service platforms that address the needs of the market. Collaboration and integration between products and vendors is an essential part of this approach, requiring a combination of technical savvy and relationship management between the chosen vendors. The benefit is a platform approach that allows them to design services and outcomes suited to their customers, which is an important decision criterion for this market.

Hybrid Solutions

Today’s enterprises are using a varied combination of on-premise and cloud-based services across an increasing set of devices and locations. Hybrid offerings that can span this entire set are essential to successfully meeting the needs and operating models of different customers, and allow a level of flexibility to address the needs of different markets. The shift to clouds is happening very quickly, with many enterprise IT departments predicting that a majority of their budgets will be directed towards cloud services within then next one to two years. More sensitive markets are employing hybrid cloud models to address data integrity and compliance requirements. As cloud security offerings evolve, the most successful providers will integrate security into their application and software offerings.

Transparency

The fourth habit of successful MSSPs is perhaps the most important. Managed security services are really joint security services between the MSSP and the enterprise, and providers who conduct themselves in the most transparent manner to their customers have a clear advantage. This means explicit and consistent communication of roles, responsibilities, and capabilities. Advanced analytics, shared threat intelligence, and incident reporting are used by leading MSSPs not only to showcase their capabilities, but also to drive security awareness to their customers. This enables customers to build trust in their security partner and make informed, outcome-based decisions, and elevates the MSSP to the level of trusted advisor. The market is quickly demanding greater levels of transparency and accountability, and successful MSSP are working with their security vendor partners to stay ahead of this trend. High levels of collaboration with customers will separate the strategic players from the purely tactical service offerings.

These four habits in the MSSP market are enabling solutions that can address the entire Threat Defense Lifecycle. Today’s complex security market and relentless attacks demand protection and detection for the inevitable incidents, and effective correction to contain and mitigate potential damage. This holistic model builds confidence in the security expertise of the MSSP, enabling enterprise customers to focus on their core business.

For information on managed security services go to www.mcafee.com/msp.