Guest Column | September 2, 2021

Transitioning To Managed Security Through Partnerships

By Jason Bystrak, D&H Distributing

iStock-1204743098 Partnership of business concept

In today’s marketplace, businesses have been tasked with securing a workforce composed of employees in various locations, creating hybrid, distributed environments with a combination of off-site and on-premises workstations. Hackers are great opportunists, and they’ve taken advantage of this phenomenon, targeting remote infrastructures and work-from-home networks as businesses (and the MSPs that served them) worked hard to deploy these new environments as quickly as possible during the pandemic. Many companies are now taking the time to reassess and upgrade the remote technologies they were compelled to quickly install in the face of unexpected shutdowns.

We now live in an environment where one compromised password can hamper one of the nation’s largest suppliers of fuel, Colonial Pipeline. Managed services providers are realizing they may not thrive if they’re just offering a single security solution—they need to become well-versed in a roster of solutions covering several security sub-categories. D&H has long been advocating a layered approach to security, which means deploying solutions that address both internal and external security, malware, threat detection, encryption, data loss prevention, firewalls, and antivirus. And in truth, the list goes on—there are thousands of variations of security solutions.

It’s not hard to see why the layered approach is necessary. Consider the July 2021 Kaseya ransomware attack, where hackers demanded $70 million from the company, and impacted anywhere from 800 to 1,500 users, according to Reuters. The SolarWinds malware attack from March of 2021 dominated headlines for months. And the aforementioned Colonial Pipeline breach wreaked havoc, causing gas shortages—not to mention costing the company more than $4M in ransom. The largest cyberattack on an oil infrastructure target in U.S. history, it was allegedly generated by a single user password breach.

As cybersecurity issues become more urgent, especially in hybrid work environments, the types of layered solutions that managed services providers need to deliver are becoming far more complicated. Not all channel partners have the resources to develop or maintain that extensive a range of cybersecurity expertise.

This is especially the case for VARs and MSPs who are serving the SMB and the mid-market segments, many of which have limited in-house staff and are therefore restricted in their ability to specialize in a long list of security sub-genres. We want these partners positioned to grow, accommodate larger-scale opportunities, and expand their revenue. An inability to offer and manage comprehensive security could hinder that trajectory.

When it comes to protecting a network from threats and infiltration, the “weakest link” rule applies. Sometimes all hackers need is a single point of entry on a network to begin gathering sensitive information like passwords, financial data, personal identifying information, or customer/patient records. And most businesses have a multitude of endpoints attached to their networks. Multiply this across several end-customers per MSP, and you see the scope of the dilemma for channel solutions providers.

The best bet for those MSPs is to evolve into the next generation of security provider and address their clientele’s needs through security management. MSPs will need to make the transition to being an “MSSP,” or Managed Security Service Provider, delivering a range of services across an assortment of business customers simultaneously.

The key to developing an effective MSSP service for many of these solutions providers will be to leverage partnerships. Automation and self-service are crucial to delivering security management across multiple clients. MSPs need a partner that can serve as an aggregator of these services, providing an intuitive and easy-to-use transactional structure that bundles cloud and on-premises security products with management services into a single monthly subscription. To scale, these management services require additional technical staff, and an ideal partner will supplement the MSP’s team with security experts to operate in a shared service delivery model. A consolidated platform will ideally allow them to seamlessly apply a menu of security services to their individual clientele, in addition to accommodating the ability to sell and bill their own white-labeled services, all through the same platform.

Online tools also can help partners better market and sell these services, providing instant access to multiple packaging, pricing, and financing options to meet modern technology consumption demands from their customers. For example, in addition to its Cloud Marketplace transactional self-service portal, D&H just launched a “XaaS Configuration Tool” that allows MSPs to bundle and price a combination of hardware, software, and services through a self-service online tool. Security is one of the practices this tool is designed to support for MSPs and VARs. In addition, the “Success Path to Security” webinar series helps educate partners about this market opportunity and provides best practice methodology to build a profitable security practice.

As providers in the channel, we have to face the fact that cybersecurity needs will always be a moving target. Hackers continue to develop more devious ways to breach even partially-protected networks, compromise data, and “phish” unsuspecting workers. Partners who want to evolve their skillsets and utilize security management don’t have to wait until they can afford additional in-house staff to move forward on these initiatives. They need to depend on the right partner relationships, ones that will help MSPs sustain their business models while securing their customer environments, setting the stage for them to grow and succeed.

About The Author

Jason Bystrak is vice president of cloud and services at D&H Distributing. Partners can visit dandh.com/security.