We’re nearing the end of October, and the end of another Cybersecurity Awareness Month. Cybersecurity is important year-round, but with a heightened focus the last four weeks, we should maximize the opportunity to shine a light on cybersecurity-related topics. Call it opportunistic, but as security professionals, we need all the leverage we can get.
There are two concepts I think MSPs and MSSPs may want to consider focusing on as the world of security and technology evolves. The best quote I can think of to encapsulate the winds of change – and more specifically, how we should be thinking about what to do about it – is from hockey legend Wayne Gretzky:
(Actually, some sources attribute this quote to Wayne’s father. Let’s assume it was a family motto.)
The shift to the cloud is not a new concept. As early as the 1960s, some of the work DARPA was doing around networking and conceptual visions of the internet were essentially the “cloud” as we know it today. What’s important is that all things technology continue to shift to a third-party infrastructure – a cloud service provider of some sort – and not an individual company with a closet full of servers and networking gear.
Consider combining NOC and SOC functionality
Let’s call it a SNOC – a Security and Network Operations Center.
Traditional functionality like server management and patching are being done by the CSP or SaaS provider, and depending on the size of the organization, network engineers responsible for infrastructure are managing security anyway. What’s to gain by keeping these functions separate?
If you poke around job descriptions on LinkedIn or other job sites, you will see this transformation happening now as companies look for infrastructure and security leaders and doers. We’ve started down this path at Collabrance and GreatAmerica, in fact, and have already combined security and infrastructure functionality. Combining these operations allows us to think through how engineers doing traditional on-premises server work now will transition in the future.
It’s difficult to approach different environments in a holistic manner these days. Are you using SaaS, IaaS, Paas, on-premises servers? More than likely the answer is yes, and you are using all of them. But providing and protecting go hand in hand, and a company’s structure and a MSSP’s offering should reflect that notion. Get on the SNOC train unless you have a compelling reason not to.
Related: SOC as-a-service and Why It’s Critical for SMBs
Stay on top of hybrid cyber environments
The shift from on-premises to the cloud highlights the need for services (or bundles of services) that are not well defined currently. MSSPs that provide services to monitor, alert, and respond to incidents have traditionally done that for on-premises OR in the cloud – but the typical modern-day environment is hybrid in nature. Security practitioners do not want to have a log aggregation and correlation service for both on-premises and the cloud. They want one that works for both use-cases.
We should think of our environment as one hybrid environment. I cannot think of a company that is all on-premises or all cloud, and while I’m sure they exist, it is certainly not the norm. Rapidly shifting products, services, and strategies throughout the security realm make it important for all of us to think about where we anticipate the puck is going to be. While in recent years the shift has been towards the cloud, I can see that shift slowing and even heading back the other direction. Costs and security concerns may make it difficult to end up entirely in the cloud.
As you think about future products and services, consider providing an offering that can operate efficiently in a hybrid environment. While many products and solutions aren’t there yet, it’s where the puck is traveling. Will you be in position to take the shot, or are you in the wrong place on the ice?
Collabrance enables MSPs to provide the managed security services their customers need. To learn more about our security products and services, visit our website.