Sachin Bhardwaj, the Director of Marketing and Business Development at eHosting DataFort, speaks to Arabian Reseller about how partners can move towards coming an MSSP
What sort of opportunities are present for MSSPs in the region?
Added to the increasing use of Cloud services not just in the Middle East but globally, there is a growing demand and focus on the security aspects of IT infrastructure. As we understand, the threat landscape has been extremely volatile and sophisticated over the last few years with increasing cybersecurity attacks. Simultaneously, security solutions have also been witnessing quick advancements where most organizations are unable to cope with the speed to stay updated. This has given rise to the growth of Managed Security Service Providers (MSSPs).
In saying so, there is also a trend to contract the services of providers who have a more holistic approach to security. MSSPs are moving and approaching their customer needs more strategically, while having a clear vision of the future business needs. Gartner has forecasted that 40 percent of all Managed Security Services (MSS) contracts will be bundled with other security services and broader IT outsourcing (ITO) projects by 2020. That’s double today’s figure of 20 percent.
The Middle East has been working towards building smart cities and has been integrating the Internet of Things into their agendas to ensure that citizens and residents are provided with better and quicker services. The government initiatives are testimony to this trend with more and more services being provided online. From utilities to healthcare, education to transportation, etc., we hear of an increasing number of services now being made available at the click of a button. Parallel to this is the enormous amount of data which needs to be secured. This has provided a tremendous boost to the growth of MSSPs in the region.
What, according to you, does becoming an MSSP entail?
While some companies may opt to be niche players in the Managed Security market, others choose to add the practice to an already existing Managed Services business model. For example, eHosting DataFort has been in the Cloud Hosting and Managed Infrastructure market for a long time and we have seen the huge demand for Managed Security Services over the last few years. In our case it was a natural progression towards building an MSS practice to offer our current customers, and to tap into the growing potential customer base.
Also, given that security is a highly sensitive area of business, to build a good MSS practice, organizations primarily must strengthen trust within existing and potential customers. Especially important, as the customer is placing their critical data with the provider. Having a Security Operations Centre or a Cyber Defense Centre is a must for a MSSP as this is a dedicated site where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended.
Managed Services are in general built around Service Level Agreements (SLA) and therefore it is important that deputed IT personnel are aware of these terms. This calls for an effective balance between getting the job done and remaining within the billable hours to guarantee ROI.
How can MSPs make the transition to becoming an MSSP?
As a start to possible investments in providing Managed Security Services, organizations must be able to assess and analyse the opportunities to ensure greater business success. There are several sectors that are dependent on high level of security needs including government, finance, retail, etc. A service provider will need to have a clear strategy wherein the offerings must meet the particular requirements of each business vertical. On another note, hardware and software investments and upgrades, security skills need and enhancements, involves heavy cost implications. Therefore, the financial investments can play a large role in defining the MSS business.
The main issue today is to utilize the existing investments made by the customer rather than replacing it and add additional security solutions which may be offered as multitenant shared services which would otherwise add to the cost for the customer. So, trying to cover all angles namely technology, people, processes and striking a balance is one of the important things to be considered.
Does your company run an MSSP Program? Please share details.
eHDF is a pioneer in delivering Cloud Infrastructure, Managed Hosting and Security Services in the region. Managed Security Services (MSS) has been part of the company’s portfolio since the start of delivering Hosting Services in 2001 and ever since, has expanded the MSS portfolio to cope with the growing trends in the region. The services and solutions include, Real Time Threat Monitoring, Remote Managed Security Services, PCI Security Services, Advanced Threat Protection, Vulnerability Management, Incident Response, etc.
eHDF has also recently launched a Cyber Defense Centre (CDC)/ Security Operations Center (SOC) in the UAE. It offers customers a portfolio of Managed Security Services along with Remote Managed SIEM Services. These services can be delivered either within eHDF’s Data Centre, on premise at the Customers site or on the Cloud. Some of the key features include enhanced threat intelligence, custom business and technical use case development, industry vertical intelligence, regional and global threat awareness, low TCO, guaranteed SLAs and 24/7 monitoring and support.
What challenges can MSSPs face on the market today?
Cyber security is now, to an extent, being governed by regulations and this calls for several compliance issues which need to be tackled to maintain industry standards. Achieving compliance certifications is a long-drawn process but nevertheless a necessity. MSSPs must be consistent in their efforts in working towards these certifications. They must have the necessary procedures and people in place to ensure that they are up to date with these requirements.
Managing security requires a serious amount of time and dedication, therefore for the business to be profitable, there must be a significant amount of automation which can ease the day-to-day navigation processes. With IT skills becoming more crucial and quite often in limited numbers as well as quality, MSSPs must be able to utilize them more efficiently.
Maintaining a wide range of customers across varied sectors is a challenge. However, a diverse technology footprint across different customers is a must. It becomes essential as a service provider to have expertise across these technologies. This also happens to be a strength, wherein the service provider comes across similar technologies in different environments and hence, helps to understand and serve the customer better.
eHDF has been providing Managed Services and MSS since 2001 and we have always strived to enhance our services portfolio to tackle needs of our existing as well as future customers. We recently launched a dedicated Cyber Defense Centre to take care of the more pressing needs of the day. Additionally, we have put in our best efforts to attain certifications that in turn are helpful for our customer base too. These include, PCI- DSS, CREST Certificate for our Cyber Defense Centre and a host of other certifications.
What are the drivers that generate demand for services and solutions offered by MSSPs?
Organizations are spending a lot more to ensure competitiveness as well as build on their future growth strategies. Aspects such as Cloud, data management and storage have been gaining traction and along with this, there is now an added focus on security. The advancement and sophistication of cyberattacks make it difficult for most organizations to keep pace. It is one of the key reasons for partnering with Managed Security Service Providers (MSSPs).
To tighten the IT security of any organization, corresponding budgets have only been rising. Costs for both hardware and software as well as ongoing updates and upgrades to ensure up-to-date security solutions are something that can be circumvented by shifting away from the CAPEX model to the OPEX model that is ensured by MSSPs.
Increasingly, across business sectors such as healthcare, finance, government, manufacturing, transportation, etc., there is a greater demand for security, and as we understand, there is a massive skills gap. In fact, the ISACA, a non-profit information security advocacy group, predicts that there will be a global shortage of two million cyber security professionals by 2019. This has given a strong push towards the adoption of MSS.
