Why Now Is the Time to Partner With an IT Managed Services Provider
Ramping up the expertise to fit cybersecurity solutions into your business portfolio is becoming more in demand from customers. Partnering with an established MSP can get your company up to speed in a hurry to deliver this missing element.
Cybersecurity is likely one of the most recited words in today’s security industry vernacular. While it’s top of mind to many, it still looms low on the list for some security providers not yet aggressively embracing its challenges — and opportunities.
Failing to recognize how critical the cyber component is in the scheme of today’s security services arsenal will come with its consequences.
Commercial clients are clamoring for physical security providers to deliver managed and comprehensive security solutions, complete with cyber protection.
While a good many traditional security dealers and systems integrators recognize the need, they’re not quite sure how to master the IT security skills to meet those client needs.
But one thing is becoming crystal clear — to stay competitive, they’ll either have to bring the requisite IT know-how in-house, or partner with a reputable IT managed services provider (MSP) that can deliver those goods to their wheelhouse.
For those still unfamiliar with the MSP concept, Joshua Rosales, vice president of business information technology for Kastle Systems, a provider of comprehensive security solutions for more than 10,000 sites across the United States and abroad, provides an easy-to-understand definition of the acronym.
“In the broad context, I think most of the business world would describe a managed service provider as a technology company that remotely manages a customer’s IT infrastructure and/or end-user systems using a subscription model. They provide expert IT support to organizations that don’t consider IT as a core component of their operation, so they effectively outsource that function to external dedicated professionals while they focus on their own enterprise,” he explains. “From our perspective, even though Kastle Systems does not manage IT systems, we have always been an ‘MSP,’ but one that is a technology company remotely managing access control and security systems [as opposed to IT], using a subscription model,” Rosales continues.
“Our customers realize that running their own security requires dedicated expertise that doesn’t align with their competencies and find it’s easier, more effective and overall less expensive to hire the outside authority to operate their security function.”
In a world being increasingly more threatened by cybersecurity breaches, it’s no wonder that the demand for MSPs is increasing and being driven largely by the end-user community.
SSI Industry Hall of Famer Bill Bozeman, president and CEO of the PSA Security Network, the world’s largest systems integrator consortium, ranks among the most passionate proponents pressing cybersecurity.
“It’s going to be the future of our industry. It does represent a whole new dimension and it’s difficult. Most physical security integrators aren’t viewing this as an opportunity yet but as a threat,” he contends. “This is a very big paradigm shift and it’s going to impact every single SI [systems integrator] who wants to stay in business.”
With that gauntlet thrown down, let’s dig deeper into why and how security integrators should work with MSPs to shore up the cyber side of their business.
Partnership Has Its Privileges
Bozeman makes the analogy that integrators don’t build their own VMS or access panel — they team with professionals. “It’s going to be extraordinarily difficult for a traditional SI to become a high level cybersecurity integrator. The intelligent way to do this is to partner with a well-vetted cybersecurity professional,” he says. “Many cyber companies don’t understand the physical security component and aren’t really interested in our channel. But together with systems integrators, they can provide a solution.”
Rosales concurs, noting that the relationship can serve to provide mutual benefits to both the security and IT companies along with their end users.
“While security customers may increasingly seek an integrated solution to address both their physical and cybersecurity systems, these functions still require a high level of subject matter expertise that doesn’t overlap with regards issues like design, hardware functionality, installation, maintenance and operation. To that end, it is a challenge for either an IT-focused firm to jump into the physical security realm and vice versa,” he explains. “If an MSP can partner with a dedicated physical security provider to enhance their offering, the result can be more easily achieved and present a much better solution.”
Gary Hoffner, vice chair of PSA’s Cyber Committee and vice president of Los-Angeles-based PSLA Security Systems, which designs security integration solutions with intrusion alarm systems, access control systems, video surveillance, fire alarm systems, intercom systems and wireless communications, also sees partnership as the prudent cyber play.
“Cybersecurity is an entirely different deal and is so complex. It requires a certain skillset that, generally, most security integration companies don’t yet have in their employ,” he says. “They need to go out and find these people because, just to bring someone in-house is probably a 24-month process. It takes time. The quick tact is to actually partner with an MSP.”
Chris Peterson, principal of Vector Firm, a leading sales management consulting firm focused on the security industry, reports that he’s seeing systems integrators trying to educate themselves and bring cyber services in-house, as well as approach MSPs.
“Some SIs are seeking it out proactively themselves, and not doing a bad job at it. But some are also reaching out to cyber technology providers and saying, ‘We want to sell your services. Will you work with us to provide a unified solution?’”
Hoffner, a seasoned security industry veteran, is excited by the prospects cybersecurity can bring to an SI’s portfolio. “I’ve been working in the security space since 1980 and am more fired up about this than anything else. SIs are now being called upon for information and cybersecurity, not just physical security solutions. There will come a point in time when you’re not going to get the business if you can’t check off all the boxes.”
Pinpointing the Potential Vulnerabilities
Hoffner took a Harvard Cybersecurity Assessment class that, he says, gave him some good clarity on what needs to be done. “It didn’t necessarily show me how to do it, but it covered a lot of points, such as investigation, remediation and recovery. This allowed me to consider all the risks — operational, financial, legal and reputational — those four things are extremely important,” he emphasizes. “When you’re laying out a program to a customer for cybersecurity, you need to talk with them about all those risks and how you propose to support and prepare for them.”
According to Doron Davidson, co-founder and vice president of SecBI, a disruptive player in cyber threat detection, assessing a customer’s system is the first step.
“You need a security expert to map out your needs, it depends on how much data you have going through your network. Test the level of vulnerability — you’ve got to start with a consultation to see what direction to go in.”
Although cyber risks can be complex in nature and devastating in consequence, often the human element is to blame, though sometimes innocently. Integrators must raise more awareness for end users in this segment.
“The vulnerability is always going to be people,” Hoffner says. “The biggest and quickest impact is to educate people who touch the network on what not to do. When you learn about the tactics these criminals take to get on the network, their phishing campaigns and then spear phishing — which is targeting a certain executive in a company by planting a flash drive for them to pick up and log into — it’s crazy, but so important to educate employees on.”
Davidson advises, “Between ransomware and cyber threats, not only externally but even from people stealing data internally, it’s very important to do the initial audit.”
And key to that audit is including senior management and/or the owner of the company. “Someone at a very top level needs to accept the responsibility for the company’s cybersecurity,” says Bozeman. “This issue should not be delegated to middle management because this is something the CEO or president of a company needs to put at the top of their list. They need to protect themselves they’re in the line of fire of liability, so the absolute worst thing that anyone can do is do nothing.”
Integrators Can Take the Reins
With so much overlap between physical security and the network, it might seem like only a matter of time before the keys to the kingdom are handed over to IT folks, but security integrators can stake their claim by figuring out their cyber approach now.
Vector Firm’s Peterson suggests there’s good reason for security systems integrators to take the lead, whether their managed services solution comes from in-house or elsewhere.
“For years, people have been saying now that video is on the network and that IT will take over security, but that hasn’t happened because it’s still a security issue. Cyber is up for grabs by both industries because maybe video and access started jumping onto the network but it is still stuff we’ve been doing forever. But, we haven’t been doing cyber forever — it’s out there waiting for an industry to capture it. If we’re smart, we’ll go after it and it will become a big part of our business or the IT people will take it over.”
For SIs looking to stay competitive in business as cyber dominates more of the conversation, PSA’s Bozeman offers this: “It’s hard and it’s not fun but it’s necessary and integrators are busy. But, I do believe those integrators who choose not to embrace cyber or get up to speed will be at a competitive disadvantage.”
A strong game plan for intrepid security pros will serve to produce solid results. As Hoffner succinctly explains, “If you can get good at this cybersecurity thing and are already an established security provider, you’re going to be in for a fine ride!”
MSSP Program Launches to Assist Integrators’ Cyber Plans
The recently introduced PSA Managed Security Service Provider (MSSP) Program is designed to help security systems integrators diversify their service offerings and realize the full potential and benefits of a managed services business model.
By leveraging partnerships with some of the industry’s best cybersecurity providers and Cloud-based security solutions, integrators will be able to tap into additional revenue opportunities and accelerate business growth, according to PSA.
“The security industry is on the edge of its next great evolution in terms of systems integrators becoming managed security service providers,” says Bill Bozeman, president and CEO of PSA. “Our program is poised to help those progressive integrators who are already at the leading edge of this market evolve their own businesses in a way that leverages the technology advances in the market so they can tap into additional revenue opportunities and accelerate their business growth.”
PSA is teaming with leading solutions providers to bring Cloud-based cybersecurity services, video management, remote video monitoring and access control solutions to systems integrators as part of this program to help them implement a new cyber business model into their existing business constructs. For more information, go to psasecurity.com.
Erin Harrington has 20+ years of editorial, marketing and PR experience within the security industry. Contact her at email@example.com.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!
That is a good point that a security expert is needed to map out needs. Maybe it would be good to get a managed security system for a company. That is something I would want to have if I were a company owner.