Three secrets to success for the MSSP

The managed security services provider (MSSP) market is burgeoning as organizations look to outsource their cybersecurity, and this is due to a number of factors.The economic downturn has hit security budgets hard and many have had to make cutbacks as a result, with an ISC2 report revealing that 47% have laid off staff, slashed budgets, and/or frozen recruitment drives and promotions.

Threats continue to escalate, making cyber insurance a must, and premiums frequently require that certain conditions are met, driving organizations to seek external assistance in the form of managed detection and response (MDR). These challenges are all compounded by an unprecedented skills shortage, with a workforce gap of approximately 4 million worldwide and growing at a rate of 13% per year, according to the same ISC2 report, forcing organizations to plug holes in their teams with external resources.

Some of these same issues are also making it very difficult for MSSPs to exploit this demand for outsourcing, however, and are even putting them at risk. The MSP Perspectives 2024 survey found the top three challenges experienced by channel providers were keeping pace with innovation in cybersecurity, securing analysts due to the skills shortages, and keeping up with emerging threats. 

In addition, many have a bloated security stack and are struggling to meet demand due to unwieldy systems that make provisioning and management complex. Costs are also rocketing across the board from licensing through to salaries but the MSSP can’t pass those costs onto their customer base. Absorbing them then curtails their ability to invest and expand.

Not surprisingly, MSSPs are therefore under tremendous pressure to provide round-the-clock support with diminishing human resources. The survey notes that around a third of MSPs offering MDR have an inhouse SOC manned by between 15 – 30 analysts, depending on the size of the customer base, which means there’s the risk of the MSSP becoming short-staffed, jeopardizing operations. It’s becoming increasingly apparent that they will need to make some substantial changes over the course of the next few years if they are to navigate their way through these tough times and emerge intact. So, what should these providers be doing? 

Supply and demand

To start with, it’s worth considering how demand for managed services is likely to manifest itself during that time frame. In addition to the drivers above, we can also add regulation to the mix, with a raft of new legislation set to come into force such as NIS2 across the EU (which will also likely be adopted in some form or fashion in the UK) from October and DORA in the financial sector in January. 

Both will compel organizations to be more proactive in how they assess and address risk and introduce much greater accountability, which means many will seek assistance in meeting those requirements. MSSPs that have positioned themselves to be able to offer that level of support in the form of MDR or have systems specifically attuned to those compliance demands will then be best placed to capitalize on this demand.

Yet, with analysts in short supply, scaling operations could prove challenging, forcing the MSSP to either miss out or compromise on the quality of delivery. The key here is making the business model more efficient so that it becomes easier to service multiple tenants. 

So, the MSSP should continue to look at how they can consolidate their cybersecurity stack and reduce the number of vendors they deal with. But they also need to think more creatively about how they provision those services. Having a cyber defense platform in place that can perform numerous functions can significantly reduce complexity in this regard, one example being a security and incident event management (SIEM) platform with additional complementary add-ons such as automation, case management and behavior analytics.

A single pane of glass

To make provisioning easier, those services then need to be overlaid with an MSSP-specific interface. This allows customers to be onboarded and managed collectively while still enabling the analyst to drill down into and customize an individual organization’s requirements or carry out an investigation. Using a single interface also makes it possible to enact changes or respond to threats more efficiently by rolling out new rulesets to the entire customer base at the same time. 

Instead of focusing on provisioning the distributed SIEM, the MSSP is then free to monitor incidents, analyze log data and add valuable insights. As a result, valuable human resources are being used as productively as possible and time is not being wasted on so-called ‘swivel chair’ operations which sees the analyst log in and out of systems. It’s important to look at the architecture of any such offering, however, to ensure partitioning is in place that keeps each customer’s data secure, particularly given that the MSP Perspectives 2024 survey notes that stolen access data and credentials are the number one risk keeping MSSPs awake at night.

It may also be worth going back to the market to look at alternative licensing models. Data throughput pricing models will see costs rise over time as the customer grows and data consumption increases, so being able to keep those costs nailed down can enable the MSSP to shield its customer from any price increases. For this reason, predictable pricing models based on nodes rather than data are gaining in popularity. 

Those MSSPs that address these issues today by streamlining their operations will be well placed to exploit demand and also to adapt to changing market conditions as these materialize. Essentially there are three secrets to success. Provided they can manage their own costs and protect their customers from any shock increases, rationalize the stack, and achieve economies of scale, there’s no reason why MSSPs can’t turn the current challenges they’re experiencing into tomorrow’s opportunities.