Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News & Articles

March 23, 2021 |

You and What Army?

Knowing which security functions to outsource—and which not to—is an increasingly important skill for channel pros.

SECURITY, THE SAYING GOES, is a team sport. Most channel pros with a winning team get at least some of the skills and resources they need to keep customers safe from beyond their own staff.

“”MSPs tend to think that they can do everything, and that’s not really the truth,”” says George Monroy, CEO of San Antonio-based Monroy IT Services.

Especially these days, adds Michael Goldstein, president and CEO of LAN Infotech, an MSP and solution provider in Fort Lauderdale, Fla. “”I need a fleet of people with all the new vulnerabilities that are out there,”” he says, not to mention enormously expensive tools. Partnering with outsiders makes far better financial sense and results in better protection for end users.

More and more of Goldstein’s peers have reached the same conclusion. Given the ever-expanding range of threats SMBs face these days, they agree, the question isn’t whether to outsource a portion of their security services. It’s which ones to outsource, and how best to do it.

The round-the-clock monitoring and analysis provided by a security operations center (SOC) with state-of-the-art SIEM software is usually a good starting point. “”Most companies are not going to be able to do that,”” Monroy observes. “”It’s a huge investment.

Setting up a facility and equipping it with software, moreover, are just part of that investment. Hiring experienced security specialists is a steep yet indispensable expense too.

Rory Sanchez

“”There’s a lot of intricacies to the business,”” observes Rory Sanchez, CEO of True Digital Security, which provides outsourced security services to corporate IT departments and channel pros from offices in Florida, New York, and Oklahoma. “”A lot of MSPs don’t have the in-house expertise to really get into the weeds on security issues, so who do they escalate that to when they really get into a jam?””

On a more day-to-day basis, he adds, third-party SOC providers can help IT generalists spot risks they might otherwise miss, separate real issues from false positives, formulate incident response plans, and assist with post-breach threat hunting. “”A lot of MSPs are not really equipped to make sure that the bad guys are out,”” Sanchez says.

Fresh Set of Eyes

Leaning on outsiders with deep knowledge of HIPAA, GDPR, and other complex regulations is a wise choice for most channel pros as well. “”It’s a highly specialized area,”” observes Monroy, who recently partnered with an outside firm to help a newly signed client comply with the Cybersecurity Maturity Model Certification (CMMC), a federally mandated set of security standards for companies that design, produce, and maintain weapon systems.

Sanchez advises IT providers to bring in third parties for audits and penetration tests too, noting that almost everyone benefits from having a fresh set of eyes double-check their work. “”We’re all about outside validation,”” he says.

Of course, offloading everything you do in security could leave customers wondering what they’re paying you for, so setting limits on outsourcing is important. Monroy, for instance, performs hands-on, relationship-enhancing tasks like policy setting and strategic consulting himself. Goldstein generally draws the line at endpoint protection and other basics performed behind the firewall.

“”Anything inside the network, I want to handle ourselves,”” he says. “”Anything coming into the network, I would probably want to outsource.””

George Monroy

Working Well Together

Given the potential consequences of a security lapse (91% of SMBs would consider switching IT providers to get better cybersecurity services, according to a research study commissioned last year by managed services vendor ConnectWise), choosing the right outside security partner is critical.

“”You have to interview them almost like they’re going to be your employee, because really they’re going to be an extension of your business,”” says Monroy, who grills prospective outsourcers about their SLAs in areas like response time and service hours.

“”Are they available 24/7?”” he asks. See if they provide access to live security analysts or rely solely on artificial intelligence, he adds. Goldstein, for his part, confirms that security partners won’t contact his clients without permission and don’t sell direct.

Once you’ve found a partner you like, clarify your division of labor with them to ensure important tasks don’t fall through the cracks. “”You want some clearly drawn lines on what are you responsible for and what are we responsible for,”” Sanchez says.

Building a strong working relationship is equally vital. “”You have to make sure that there’s good communication there,”” Monroy says.

That communication should be with specific individuals you can count on to take your calls when it counts, Goldstein adds. “”I don’t want to be at the mercy of support for something simple,”” he says. “”I need to be able to get to someone.””

Goldstein also recommends speaking regularly with contacts on an outsourcer’s sales team to keep informed about services and capabilities on the roadmap. “”We want to know what’s coming up the pike,”” he says.

Getting to know an outsourcer takes time, Monroy notes, so avoid switching companies any more than necessary. “”MSPs like to jump around from vendor to vendor often because they think something’s better somewhere else,”” he says. “”You need to just find one and stick with them.””

Or maybe a few, but sharing security duties with someone other than yourself is increasingly a must.

“”I’m seeing MSPs all over the place, trying to piecemeal something together,”” Monroy says of security. “”An MSP should really look to outsource it or partner with somebody from day one.””

Image: iStock

Related News & Articles

Growing the MSP

Editor’s Choice


Explore ChannelPro

Events

Reach Our Audience