With MSPs across the board having to prove their security worth these days, having an in-house SOC can make a significant difference, according to Eric Schlissel, CEO at Los Angeles, CA-based MSP GeekTek IT Services.
In an interview with CPI, Schlissel (pictured) said that having a SOC helps the MSP earn the trust of customers who have been let down by their current or previous MSP and are looking to work with a new partner.
"We end up getting called after incidents have happened, because when an MSP tells their client that they're being secured, typically there's a trust built up, but when that trust is violated is usually when we get the call," he said. "We then have a challenge with that client saying ‘how do we trust you? The other guys said the same thing'. We are having those conversations fairly frequently, and our ability to show our SoC console to our clients is one of the things that sets us apart."
Schlissel said this is something that every MSP "should have in hand". But, with the outsourcing of network and security operations being quite commonplace, many players "don't have a handle on it".
"We find that even mid-size MSPs are sourcing out a lot of their network operations and security operations, so they don't necessarily have a handle on it. They're making their circle of trust even wider so there's more surface area for it to break. And the client is many steps away from the people who are actually caring for their security," he pointed out. "That creates a problem both in responsibility and accountability."
He added that this impacts an MSP's ability to actually care about the client as it takes the responsibility too far away from the partner's operations.
Schlissel's comments directly contradict those made by Michael George, the CEO of MSP tools vendor Continuum. He recently sent a frank message to channel partners that chose to keep core functions in-house.
"The ones that think they have to touch every knob and turn every dial will lose; plain and simple. Why would you think you have to employ people to deliver services in order to be a service provider? It's foolish! It's antiquated, it's a dinosaur, it's dead," he said.
George's remarks follow a similar logic to those from the CEO of Service Leadership, Paul Dippell, who found that MSPs who use Continuum have gross margins that are eight per cent higher than their peers.
Also of concern when it comes to the changing face of the MSP security landscape is when an MSP calls itself an MSSP, despite simply being a reseller of vendor security products.
"There are so many MSPs that call themselves managed security service providers just by simply reselling somebody else's security tools as opposed to having in-house knowledge and the engineering staff that understands how security actually works… If you're not managing the objects on the network and understanding what kind of traffic they're generating, then how can you really call your network secure?"
The risk here, said Schlissel, is that smaller MSPs in particular could lose credibility in security, which could push customers into securing themselves either via a large national player or, given its dominance in the cloud space, Microsoft.
The vendor's SIEM, Azure Sentinel, means that Microsoft can provide a lot of the services for which customers traditionally come to MSPs and MSSPs.
"There's definitely a few ways that this could play out. In one way, Microsoft already completely dominates the market with its fully cloud-based service offering and Azure Sentinel, which means they can act as your security services provider; they're protecting their own software. So in that scenario, Microsoft dominates and they are simply protecting everything in their cloud and then MSPs have no real value-add," he said.
MSPs can tackle this by working towards a third scenario, which sees those players who are selling security but without the relevant expertise taking a step back and realizing that security management is an entirely different beast from systems and network management.
"It's getting more complicated, more layered and it's also becoming increasingly challenging to inform clients," Schlissel said. "For example, we had a client whose email was spoofed and we explained that email spoofing is a common tactic, but there has to be some self-awareness involved. We can protect a lot but there has to be some awareness of what the risks are. And that's a whole other area that MSPs don't typically look at - the education of their client base. That can become a value-added proposition."
As to what the future holds, Schlissel is - like everybody - unsure. The increasing number of breaches, both large and small, is an obvious concern, but it's the MSP with a lack of relevant expertise that should be the most alarming aspect of security's future, Schlissel said.
"The worst thing is when an MSP doesn't claim to be a security expert and the client doesn't know that they need one, and then they get compromised and there's this person who doesn't have any comprehension of how to mitigate an attack in charge of doing the cleanup. We've seen companies come to us after they've been attacked two or three times, and it's been the same attack over and over again that the original provider was unable to protect them against."
Some say performance, others say money but it may be systems and processes that carry the day
Japanese vendor sells product development, manufacturing and logistics base in Bavaria to S&T subsidiary, Kontron
'MSPs are all scared to death. They don't want end users asking, what am I paying you for?' - Datto CEO
Tim Weller tells CPI that he sees MSPs struggling to update how they package and deliver security, and opens up on what he makes of MSPs trying to rebrand as MSSPs
In its Q4 results, Microsoft reveals its cloud unit is now its biggest business segment