How Security Platforms Help MSPs Mitigate Threats in a Multi-Cloud World

The cloud has enabled organizations to digitally transform their business. However, with the rate at which innovative technologies, environments, and architectures are adopted to support digital transformation, companies are challenged with securing their investment. Whether it is having the skills on staff to understand how to de-risk those deployments, the technologies necessary to detect security risks, or the budget to support and secure a new architecture, companies are struggling to keep pace in today’s multi-cloud world. They are turning to managed service providers (MSPs) for help at a historic rate. This blog post will detail how MSPs can use security platforms such as Armor Anywhere to launch, scale, and grow their security portfolios to meet the threats facing today’s customers head on, thus allowing them to increase their revenue and stickiness with their customer base.

Digital Transformation Is Changing Our Future…But Is It a Secure One?

Architectural and environmental changes are happening in corporate IT (information technology) environments faster than DevOps and Security teams can keep up with them. We’ve shown examples here to illustrate the constantly changing nature of these IT environments and architectures; we’ll start with two charts showing the changing nature of where companies are hosting their applications and data. Both charts come from Flexera’s 2021 State of the Cloud Report:

Enterprise Cloud Strategy

 

Enterprise Hybrid Cloud Strategies

These two charts taken together tell the story that organizations today are focused on deploying hybrid and multi-cloud strategies, and we see this at Armor as our customers span public clouds such as AWS (Amazon Web Services), Azure, and GCP (Google Cloud Platform); private clouds; and on-premises instances in their own datacenters. This means that most companies are responsible for building and innovating in, but also securing, multiple cloud environments spanning both public and private sectors. This distributed and expansive terrain has significantly expanded the breadth of what a security team must think about securing. Each of these environments will have a different shared responsibility model, different services deployed in it, and different requirements from both an IT management and security management perspective. It becomes not just a question of scale, but of complexity. With new environments come new skill sets needed on both the IT and security side of the house, and these jobs are in record demand.

According to a recent Forbes’ article on the cloud talent drought: “Advanced cloud and security skills are in higher demand than ever before; however, there is a significant lack of qualified, skilled professionals to support this movement towards innovation, especially in non-tech-related industries such as manufacturing, transportation, travel, and education. Recent data shows that 63% of U.S. organizations anticipate the IT skills gap to widen, and 59% expect this talent shortage to continue in the next two years (Ceredian).” This is indicative of the challenges businesses are facing when hiring for security, compliance, DevOps, cloud computing, and architecture, especially if they did not have to traditionally hire for those skill sets.

Architecturally, within each of these environments there are differences based on the services utilized by the customer and the shared responsibility of those services. Depending on the customer’s mix of environments and IaaS (infrastructure-as-a-service), PaaS (platform-as-a-service), and SaaS (software-as-a-service) within those environments, a managed security team can have a complex landscape to manage and protect for the customer.

Shared Responsibility of Cloud Security Management

 

And if the technological and architectural changes are creating complexity and scale in the environments companies are tasked with securing, then the proliferation of threat actors and their tactics is creating the same challenges for security professionals on the detection and response side. You are now left with securing more expansive and diverse IT environments combined with a proliferation of cyberattacks from threat actors who are using advanced, ever-changing tactics. This is made clear by two stats that highlight the intentional and accidental risks facing a business from a security posture standpoint today. Gartner states that through 2023, 99% of cloud security failures will be caused by human error. Simple misconfigurations of a cloud environment will account for 99% of cloud security failures because it will be easier for the threat actors to scrape for information that is accidentally exposed and made public due to an innocent, or sometimes not-so-innocent, employee mistake. This means security teams must focus on both internal and external threats, but also have visibility and insight into all the new environments utilized by the IT teams. Just look at the MITRE ATT&CK framework and its many offshoots based on which cloud you are in or which technologies you are using. You can easily see how the threat actors have a multitude of tactics, techniques, and procedures they can use to get into and cause havoc in your environment.

 

The Challenges Facing Today’s Multi-Cloud Customer and the Turn to Managed Services

Whether it is the skills needed on staff to de-risk those deployments, the technologies necessary to detect security risks, or the budget required to support and secure this new architecture, companies are struggling to keep pace with digital transformation in today’s multi-cloud world. Therefore, they are turning to their MSPs to help meet these needs. The following chart shows the forecasted growth in managed services between now and 2026:

MSP Market Growth

This over $100 billion in revenue growth in the industry can be attributed to acceleration in cloud adoption, focus on digital transformation, and the explosion in remote and hybrid workforces. Added to the rise in cyberattacks, limited personnel, lack of appropriate staffing budgets, and absence of strategic insight into tooling to solve security use cases, the shift has caused 83% of in-house security leaders to think about outsourcing their security to an MSP this year.

This quote from Marketwatch sums it up best: “The Global managed security services market was valued at USD $19.4 billion in 2021 and is expected to reach a value of USD $46.1 billion by at a CAGR (Compound Annual Growth Rate) of 14.9% over the forecast period. Managed security services (MSS) are provided by managed security service providers (MSSPs) to manage and monitor the security aspects of their customers’ IT infrastructure. These services often enable the client organizations to reduce expenditure on either customer-premises equipment (CPE) or in-house security specialists while receiving effective security management. The need for threat-intelligence has been significantly increased in many major sectors…

“Many large organizations running their own security operation centers (SOCs) look at threat-intelligence services offered by experienced MSSPs. As customers are requesting for more proactive security measures to defend against the evolving cyber threats, MSSPs are adopting advanced security analytics platforms to better detect and anticipate potential threats. These new security analytics platforms also feature advanced functionalities, such as forensics, incident response across entire systems from networks, and endpoints in different environments, e.g., on-premises, virtual, or cloud services.”

This last point brings us to the conclusion of this post, where we will explore the security platforms being adopted by MSPs and how they facilitate meeting today’s modern risk challenges while helping MSPs grow profitable security businesses.

How Security Platforms Help MSPs Meet These Challenges and Grow Their Business

MSPs looking to launch a security practice and MSSPs seeking ways to scale their existing security practice are both wanting to capture the market demand around security, but wish to do so in a way that is profitable, scalable, and can generate recurring revenue for their business. As the report mentioned above, they are often turning to platforms to fulfill these needs. Let us look at the ways in which platforms help them.

Considerations for Platforms

Armor advises all its MSPs to think about the above considerations when looking at technology to help them meet their needs. From a risk management perspective, platforms need to help companies monitor accidental risk (e.g., employees accidentally leaving a S3 bucket open to the world) and intentional threats to the environment as outlined in the MITRE framework. This will help the MSP use the platform to truly deliver both security and compliance outcomes to the customer in whatever environment they are in. Platforms also should consolidate visibility for you and give you control to protect your customer anywhere they are. And lastly, platforms must meet the demands of today’s customer buying habits: usage-based billing, software-based deployments, no appliances, multi-tenant views, ability to scale with infrastructure usage, etc. This creates simplicity for the MSP in delivering the service and value as well as flexibility for the customer buying the service. Software-based platforms also allow for security to easily be attached to every instance of a technology deployment and, because it is deployed in minutes with minimal resources, it creates a high-attach rate, high-margin business for MSPs to pursue.

Next, we not only advise our MSPs to see the blockers to growing their security business as operational problems and not technology problems, but demand that any platform they buy approach the security market from this lens. This example architecture of the Armor Anywhere platform and the use cases below help illustrate what we mean:

Security Platform Architecture

When a customer turns to an MSP for security, they are doing so to help solve a particular problem they have related to a specific security threat or risk (ransomware); or to help solve a problem related to a particular technology (public cloud, containers, etc.); or because they do not know how to bring a particular security technology into a broader incident response framework. They are also doing so because they do not have enough time, money, and/or resources to do it themselves, and because they already have a trusted advisor relationship with their MSP for other services. This is a great opportunity to give a partner recurring revenue. But as MSPs go to capture that revenue, they quickly run into several operational headaches.

For each use case they want to solve, there is often a technology necessary to help perform the threat detection and response. Protecting a client’s infrastructure (cloud workload protection), a client’s end users (EDR), and an environment from misconfiguration (CSPM, Cloud Security Posture Management) all require different technologies. Not only is it complicated and expensive to buy a recent technology whenever a new use case arises (contract management, non-scalable pricing models, capex vs opex decisions, etc.), but it also is hard to ensure you get that technology to market in a quick way and can operationalize the data within your broader risk management and security program. For example, for each new use case an MSP needs to manage, they will have to go through the same steps each time:

1) Technology procurement from multiple vendors.

2) Technology installation across diverse and complex environments.

3) Technology tuning to ensure detections work for that environment.

4) Rule-building, playbook writing, and correlation writing to ensure that a SOC (security operations center) can appropriately respond to incidents related to that new use case.

5) Providing visibility of the incident and automating response to ensure quick time to respond and low dwell time for threat actors within the environment.

At any point in this journey, complications, cost, and resourcing issues can arise. And once an MSP must think about putting multiple use cases in their portfolio, forget about it. It becomes too unscalable or unprofitable for them to do business in the industry. Platforms present a couple of solutions to these problems, and it is easy to see why MSPs are turning to them to capture security revenue.

First, platforms offer a variety of use cases and look at the issue from the perspective of an entire security and risk management program. This approach eliminates, or at least combats, tool fatigue and offers MSPs the opportunity to consolidate the more than 75 security tools in their stack into a single pane of glass. Also, as new use cases come up that the MSP needs to solve for the customer, a security platform can evolve with them. That way, it’s added as a feature set instead of forcing them into buying another tool to solve the security threats associated with an ever-changing and -evolving digital landscape. And when viewed from the perspective of incident response and risk management, each new use case can be approached through the lens of security telemetry that needs to be plugged into the existing security core architecture of SIEM/SOAR/SOC response.

Second, platforms focus on the operational challenges with security that often get overlooked when just thinking about tooling. Questions such as “How do I deploy the security protections across a hybrid or multi-cloud environment?” and “How do I update rulesets across my security tooling?” become much different from the perspective of a platform than a point tool. Platforms focus on standardizing deployments, installations, configurations, and management of security services, where individual point products will still need to be managed by a central DevOps team. You will need a bunch of out-of-the-box configuration to make that tooling work with your data lake, your SIEM (security information event manager), your SOC’s playbooks, and workflows. All of this is assuming you can get the tool laid down and deployed across your environment. Platforms, on the other hand, can help you deploy across a variety of environments and bring that telemetry into the broader context of your security program. This helps eliminate false positives, ensures proper correlation is happening between events, and makes that data immediately actionable and accessible for your teams.

Lastly, platforms are extensible, which means that they can act as a complement rather than a complete replacement to your existing tools, processes, and overall security stack. At Armor, we run into MSPs that have already made significant investments in tools, processes, and people to build out a security portfolio. Platforms can take advantage of, and make the most of, those investments by integrating with your existing ecosystem for additional telemetry. But they can process that telemetry in a way that increases the detections an MSP is able to perform against an environment according to frameworks such as MITRE ATT&CK, while also helping an MSP accelerate time to implementation and time to value for these technologies. Lastly, platforms can use telemetry from existing technology to gain better visibility into the environment and get a total picture of the IOCs (indicators of compromise) associated with an attack or threat vector by correlating the data, eliminating false positives, and helping MSPs focus on the incidents through the noise within an environment.

This article has demonstrated that despite the demands of today’s multi-cloud, complex, and constantly digitally evolving world, there are still pathways for customers to achieve security against threats. The one they will often turn to for help is their trusted advisor in the market—their MSP. If MSPs want to win more customers, grow their existing customer base, and grow a profitable business to address these security challenges, they will need to seek out cybersecurity platforms to remain competitive. Whether it is the evolving security threats, the new landscapes needing protection, or the speed and cost by which any of these issues can be addressed, platforms will help MSPs gain the competitive edge they need to meet these challenges head on.

Reach out to Armor if you are interested in learning more about how to partner with Armor for a more secure future. Comment or discuss the topics of this article with us on social media, or reach out to schedule a demo of our platform and learn how it can help your managed service provider business grow and scale a security portfolio!

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals