Comms Business Magazine (CBM): The managed services market is estimated to virtually double in the next five years. What’s driven this growth and why would businesses outsource IT security?
Neil Gardner (NG): The over-riding driver has been the changing landscape of technology consumption and application use. The use of tablets, smartphones, apps, wireless connectivity and other technologies designed to support the mobile enterprise has become virtually ubiquitous. With this change of user behaviour has come increased risks to IT security. Employees are increasingly expecting secure access to confidential business data from wherever they are working. The impact of this ever-changing technology and free-moving information means that businesses have to be more agile in responding to new threats and need to implement systematic strategies to secure their endpoint, gateway, mobile devices and data centre.
Meeting these challenges requires an efficient, reliable, and secure IP network. However, maintaining this requires regular, on-going investment in networking infrastructure and IT staff training, which many companies just can’t afford. This is when managed services can bridge the gap by giving companies access to leading network technologies and management expertise, without requiring high initial capital expenditures or on-going investment in technology upgrades, training and accreditation.
CBM: Why should businesses outsource to a managed services provider rather than ‘do it themselves’?
NG: Virtually every day we read about yet another security breach or the latest security threat, despite businesses increasing their investment in IT security. Many companies are struggling to keep up and it’s this constant battle that’s driving many organisations to consider moving their IT security into a managed service or outsourced model to reduce risk and expenditure.
Cost is usually the main argument for outsourcing. The financial burden of hiring, training and keeping security expertise and technology up-to-date is substantial. Monitoring of IT security needs to be constant as attacks can happen at any time. Having an internal rapid response team on standby 24 x 7 x 365 is just not cost-effective for anyone other than the largest of organisations. IT security is a moving target that requires organisations to keep highly-paid information security professionals sharp with constant training. I
CBM: How can traditional comms resellers enter this market if they aren’t security experts?
NG: The key skill that comms resellers possess is an understanding of their clients’ businesses and how technology can solve particular business challenges. Resellers aren’t expected to deliver every element of a solution themselves and IT security is no exception. However, with the rising interest in managed security service delivery, it’s not surprising that many resellers are seriously evaluating the opportunity this market presents to grow their businesses. New market development comes at a price, however, both in terms of direct costs and on-going investment. It also requires commitment of management time. When it comes to building a managed security service offering into a portfolio, however, resellers don’t have to bear the investment costs themselves. Partnering with an established managed security services provider (MSSP) that offers the infrastructure, compliance and technical know-how, either as a white-labelled or a branded service, allows resellers to expand their service portfolios quickly, while benefiting from the additional revenue and margins that these services can deliver.
CBM: Why partner with an MSSP – surely resellers can deliver these services themselves?
NG: IT security is a specialist area requiring a high level of skill and expertise that needs to be constantly refreshed. Even those resellers and solution providers who already include IT security in their portfolio face the same challenges as those that are newcomers to security or managed services. Do their staff and operations comply with industry standards, best practice and accreditations? Can the business provide clear Service Level Agreements (SLA) to ensure it meets customer expectations while not over-serving? Do they have a sufficiently robust, resilient and flexible infrastructure to ensure SLAs are met and changing customer demand can be serviced and managed efficiently?
These are just a few of the requirements of providing managed security services and why partnering with an established MSSP, that has a proven track record of operating exclusively through the channel, could be the best option for many resellers. It also means that resellers can continue to focus on building and maintaining long-term relationships with clients and managing their business, rather than attempting to set up a completely new service line themselves.
CBM: What options do resellers have when it comes to provided managed security services?
NG: If a customer has the resources, technical skills, management time and systems at their disposal they may choose to adopt a traditional infrastructure consisting of an on-premise firewall. In this instance, the reseller may only deal with hardware replacement and telephone support and will play no part in the day-to-day management of the network. This option provides limited opportunities for additional revenue and profit.
The good news is that there is a number of other profitable options to choose from when it comes to delivering managed services. With the first option, the customer continues to own the internal network and all the associated hardware on-site, while outsourcing the management of the network’s security to a reseller who uses services provided by a MSSP partner.
The second option uses equipment provided and owned by the MSSP and the reseller takes full management responsibility for the customer’s network security, in partnership with the MSSP.
Whichever option they choose, by partnering with an established MSSP, comms resellers can profit from this rapidly growing market while staying close to their customers and their business.