Managed Security Services

July 9, 2020

As the coronavirus pandemic restrictions lift, businesses are re-evaluating their security operating models. For MSSPs, many of the past barriers to the adoption of their services have ebbed away, auguring in a new era of security outsourcing.

Changes to in-house security services

Two big contextual changes have occurred for  organisations managing their own security services:

An increased reliance on technology

This has been most evident in the retail sector as large numbers of businesses have found their only route to market is online.  If they didn’t have a web sales capability, they have had to develop one – fast.

The use of video conferencing in lieu of face to face meetings has also meant changes in sales and other processes in B2B industries too – different approaches to security auditing have had to be adopted.  Of course, all conferences and contact-based events have become webinars or virtual conference sessions.

A massive shift to home working

This has predominantly affected administrative and management teams, but it has meant a rapid shift to providing remote access to systems, data and applications. IT Security teams have had  to rethink the workstation strategy and remote access facilities, as there is an increased risk of data leakage through it being stored on private and/or shared storage facilities.

Security teams management of  changing cyber risks

The increase in risk from these changes happened suddenly.  Against the urgency of the virus, businesses and security audit teams were more focused on business survival and contingency planning than sound systems of internal controls.  The process of building assurance around the new ways of working will happen, it just needs to catch up.  And this will happen as temporary approaches, work-arounds and solutions become more operational in use and can be superseded by more enterprise ready, corporate and trustworthy equivalents to the short-term fixes of earlier months.

However, security teams still face challenges, especially in terms of their ongoing routine operational obligation.

Insourced to outsourced security services – the balance shifts

Before the virus pandemic, companies would make a choice about adopting MSSP services.  It had advantages, like the ability to rely on a focused service provider with systems, processes and expertise.  MSSPs can spread costs across a number of clients so are able to be more cost effective than in-house operations.  Aside from the cost, there is the efficiency perspective – why would any organisation want to pay for a dedicated team of people to sit there solely focused on their own systems 24 hours a day 7 days a week waiting for something to happen?

Of course, this approach also has some challenges – managed security services are delivered remotely, the analysts aren’t able to access in-house systems as easily either because they are remote or they fall outside of the service scope and so organisations are reliant on escalations or monthly service reports to know what is going on.  In a service provider model, rather than an in-house team, you can’t just walk past and ask “how are things going?”.  An MSSP is a third party, and everyone in cyber security knows that third-party assurance and visibility can be something that needs work to get right.

However, post-virus, in the more remote working, socially distanced, home-based world that organisations find themselves operating in, the internal security operations team may well also find itself operating under similar constraints;  more remote, more reliant on home-based workers, more difficult to oversee and gain assurance in.  Where security functions are not located on the same sites as users, or workstations or servers they may also find their ability to respond or investigate is also hampered, as in the case of an MSSP.

The opportunity for MSSPs

For MSSPs, many of the barriers to their adoption have ebbed away.  Yes, their team is remote and might not have free access to internal systems, but in the new “work-from-home” era the in-house team has the same issues.

Conversely, many of the things that in-house functions struggle with are things that MSSPs have overcome and got well established, such as:

  • Appropriate multi tenancy SIEM technology platforms for collection and management of data
  • Well organised and structured teams
  • Support systems like collaboration platforms, ticketing systems, knowledge-bases and data mining solutions
  • Defined processes and service levels
  • A better cost model for technology with multi-tenancy and resources resulting from shared service operations

As such, MSSPs can now point to their services as being no less difficult to onboard and manage than an in-house function – only better and cheaper; where security operations were once in the same building as the servers and the users, now most likely they aren’t.

If security functions are partly remote anyway, at least some of the time, MSSPs can offer better services at more cost-effective prices, with all the saved effort of outsourcing a specialist function.

The benefits for customers of MSSPs and for MSSPs sales teams are clear.  This has to be an opportunity for MSSPs to expand and grow their businesses as much as it is an opportunity for their customers to rationalise and improve their cyber security threat detection capability and cyber-attack readiness.

MSSPs offer better services at cheaper prices

In a cost-conscious world, where businesses are having to focus on core services and products, there is scope to offer support services that help meet cyber security and regulatory obligations in an effective way.

If MSSPs (or other IT service providers moving into security) can leverage scalable, multi-tenant SIEM technology platforms to use as a basis for delivering services, they have a real advantage in providing the kinds of threat detection services customers want, at a highly competitive price point that is sustainable.

We can foresee a growth in demand for MSSP services in companies of all sizes and at varying levels of sophistication from basic monitoring, right up to full managed threat detection and response capabilities.

The opportunity for customers

For organisations coming out of lockdown, there has never been a more pressing need to review the cost and effectiveness of services.  This can only have an accelerator effect on the predicted increase in the adoption of MSSP services.

What functions can be outsourced?  What will the changing workplace balance mean?  How can systems that are critical be more effectively supported – in short, they don’t have to be held back by “that’s just the way things have always been done”.  Aspects of outsourced security operations are more comparable to in-house capabilities than ever before.

MSP Guide to Building Cyber Security Services


Related Cybersecurity Content


Read by directors, executives, and security professionals globally, operating in the most complex of security environments.