Utilize Managed Services Providers to Better Serve Clients’ Cyber Needs
Protecting enterprise clients against cyber risks likely requires systems integrators to step into foreign territory. Managed services providers offer a reassuring hand by delivering IT expertise, lightening the workload and opening RMR streams.
Cyber attacks have become front-page news, and those headlines are cause for concern across all industries. With cybersecurity issues now ranking as a top-of-mind challenge among commercial security clientele, physical security systems integrators are getting the message loud and clear that they need to deliver progressive, comprehensive solutions that will protect their end users from becoming front-page news, too.
Because cyber has morphed into such a critical concern so quickly, it’s left a lot of security integrators at a loss as to how to scale the IT security learning curves they need to in order to well serve clients’ cyber needs.
Fortunately, there are options — they can either bring the IT expertise needed in-house to begin offering the services of an IT managed services provider (MSP) or partner with an outside MSP to harness those skillsets. The latter may prove to be a better option for those integrators that aren’t yet versed in or comfortable with the IT space.
Van Santos, president and CEO of Indarra Cyber Security, a Rowlett, Texas-based specialist in workforce training to address the risks of cyber intrusions, is seeing firsthand the ever-increasing demand for IT MSPs within the security industry.
“Managed services are where [our company’s] going, because IT managed services need to be in the physical security space,” he says.
But while managed services — whether provided directly by an integrator that offers it in-house, or by one using an outside MSP — is clearly the wave of the future, the challenge Santos sees is that some integrators have been slow to embrace cybersecurity.
“Adoption is the issue. Often, it’s because it’s a space they don’t understand or have expertise in, or it’s a hesitation because they don’t want to upset the apple-cart,” Santos says.
Don’t hesitate getting started even if it’s with baby steps into this space. Read on for some strategies on how to address the cyber issue with commercial clients and how MSPs can factor into bolstering your integration company’s knowledge and solutions.
Defining All the Threats
“Integrators have to hire or acquire skillsets to understand what kind of equipment is involved and the types of attacks taking place. It is daunting for a lot of physical security companies to bridge that gap,” notes Lance Holloway, director vertical technology at Stanley Convergent Security Solutions. “I’ve sat in on physical security groups and see that they’re really trying to understand the threats, what needs to be done to manage them for clients and how they can add cybersecurity to the services they offer.”
Indeed, gaining a solid understanding of the cyber threats their clients face is the first key step integrators should take in assisting them. Morgan Harris, senior director of enterprise solutions at ADT, says that lack of proper setup of cybersecurity solutions and ongoing management of those solutions presents the greatest vulnerabilities.
“Weak passwords, a lack of antivirus software and firewalls all contribute to the problem. Even if those steps are implemented, ensuring procedures are in place for changing passwords often, educating employees on potential vectors for cyber attacks and installing and updating patches for antivirus software and firewall can help prevent cyber attacks,” Harris advises.
Implementing a managed detection and response (MDR) solution can help significantly reduce the time between an attack and remediation of that attack, he notes.
“MDR solutions act like video verification in the cyber world — alerting companies when an event is detected and verifying that the event is real and not a false positive alert. This can significantly reduce the time from infection to detection to minutes rather than months helping to reduce risk and loss.”
Santos points out that despite the ever-skyrocketing cyber threats organizations face, they only started addressing them in earnest little more than a decade ago. Still, in many cases the investment needs to be made on more than just technology.
“It’s dumbfounding how many risks there are. The things that take place blow my mind,” he says. “But the greatest vulnerability is actually the human element. Cyber was ignored for a long time. Securing networks and information wasn’t really thought about much until the early 2000s when companies woke up and said, ‘We have a problem. We’re being hacked and losing information.’”
Around 2007, Santos says, organizations starting throwing money at cyber. By 2012, budgets really geared up for it but the majority of the money went to hardware, penetration testing and to network devices, he explains.
“Companies didn’t spend a lot of money on the human element — the training, the security awareness, the getting employees to understand that they’re also part of the security program. It was about a year ago roughly that organizations started to say, ‘Okay, we’ve been throwing money at cyber for years, but we’re still getting hacked. What’s our ROI?’ That’s when the realization hit home for a lot of people that it’s the people in the organization they need to focus on.”
Craig Jarrett, president of San Jose, Calif.-based Netronix Integration, echoes the same concern, noting that systems integrators must be thinking about cyber at every phase of a project.
“Employees who accidentally open a phishing email or web browse and click the wrong link are the greatest threat, mainly because the employee can accidentally allow an intruder into any part of the corporation’s network that they themselves have access to,” he says. “Every device that is put on their own or a customer’s network can be a potential hacker’s path in. It is a must that the integrator is communicating with the customers’ IT department or MSP and following a plan that all agree on.”
A company can have firewalls and antiviruses in place, but if they’re not updating that information or apprising employees of the dangers of clicking on a suspicious link or downloading a program that’s newer than the antivirus they have installed, it can wreak havoc.
“Even someone who isn’t acting maliciously still has ability to introduce risk,” Santos adds. “It’s critical for integrators to stay on top of needed updates for their clients after the equipment is installed.” As Holloway affirms, “If people can make sure they’re keeping products updated as far as patches and firmware updates, it will go a long way to clean up things.”
Managing the MSPs, MSSPs and MDRs
What’s in a name? Morgan Harris, ADT’s senior director of enterprise solutions, explains what MSPs, MSSPs, and MDRs are and what they can do for security integrators and their end users. Respectively, managed services providers, managed security services providers, and managed detection and response solution providers all play a role in helping to secure businesses’ networks and data. An MSP typically manages devices such as switches, an MSSP focuses more on firewalls and antivirus software and an MDR, through a combination of technology and human analysis, investigates and validates alerts typically generated by an MSSP application to help identify potential breaches in near real-time to facilitate remediation.
“While ADT has partnered with these types of companies, we have also taken significant steps through internal development and acquisitions to build out these capabilities in our own company to serve our customers’ cybersecurity needs,” he adds. “In fact, we recently announced the formation of our ADT Cybersecurity division created as a result of our acquisition of DataShield, a leading MDR solutions provider.”
ADT Cybersecurity solutions include network monitoring, active hunting and deep forensic analysis using cyber threat intelligence and real-time threat detection. In its acquisition announcement, ADT cited research showing mid-market and enterprise organizations are increasingly finding the need for managed and monitored cyber solutions to help detect and respond to cyber attacks. It is estimated that by 2020, approximately 20% of mid-market and enterprise organizations will deploy MDR services, up from less than 1% in 2016, ADT notes.
Looking for the Right Partner?
Cleaning things up by offering cybersecurity opens up a huge opportunity for integrators to make more RMR while also strengthening relationship with clients.
Ideally, cyber should be a monthly checkpoint with a client. Don’t let it slip away. For integrators looking for partnerships to do this, vetting a good MSP is a smart step (see sidebar on MSP, MSSP and MDR roles).
Brian Berger, executive vice president of Aliso Viejo, Calif.-based Cytellix, which offers a team of cybersecurity experts and has an impressive track record for delivering innovative cybersecurity managed services, recommends that integrators seek a partner that has the experience to be doing the work.
They should ask, he adds, if that potential MSP partner has a forward-looking model of how the cyber experience should be. One issue in the industry, Berger says, is that there is a lot of documentation about findings but, while that is pertinent, what’s more valuable is telling the end user, “Here is what we found. Here’s how we fix it and here is how we should monitor the future structure of your company.”
He recommends integrators provide clients with a skillset that elevates their worth for more of a systems lifecycle rather than a “one-and-done” project. MSPs can play a key role in that respect and earn their keep as part of the integrator’s ongoing services.
“Bluntly put, MSPs for integrators mean someone else is doing the job and not putting any load on the integrator,” Santos says. “From a cybersecurity perspective, an MSP — either a robust one or a niche managed service provider — adds a whole new revenue stream to that organization and provides the end user with services that they either need today because it’s been lacking for a long time or need for future growth.”
The MSP essentially allows the integrator to offer those services and potential revenue streams with minimal impact on its own organization, Santos says. The integrator learns to talk the cyber language and have some knowledge to bring it to the table but if they’ve partnered with a good MSP, all they really need to do is open the door to the subject with client than work with the MSP to sell that solution, he explains.
“A good MSP will be with the integrator at every step of the process, and that’s even more true when it comes to cybersecurity. When it comes to finding a trusted MSP, it really is about trust, and referrals.”
Future-Thinking Cyber Fighters
We’re all moving forward into a cyber-thinking world, and together, integrators and MSPs can help get the security industry and their customers there more safely.
“I think cybersecurity is something every person and every company should invest lots of time and money towards. Having a trusted partner to assist in vulnerability testing, keeping up with all software patches, ensuring that company policies are well thought out and followed is huge,” says Netronix Integration’s Jarrett. “Continual investment in new firewalls and other essential network equipment is very important to everyone’s business.”
Investment in technology is one of the most important aspects of beefing up IT security, echoes ADT’s Harris, adding that “Steps to securing a business range from enacting policies and procedures to strengthen common workplace practices such as creating strong passwords and employee training to developing disaster recovery plans.”
Santos sums it up well when he underscores how a well-armed security provider stands to capitalize by bringing an MSP to the table. “Any integrator who can create the relationships and walk into an organization and say they understand the cyber risk and are watching your spending, but here’s how we can address your specific needs — they will dominate.”
Erin Harrington has 20+ years of editorial, marketing and PR experience within the security industry. Contact her at firstname.lastname@example.org.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!