Security as a Service – Where do I start?
A discussion with David Barton, CISO at Stellar Cyber
Every managed service provider seems to be focusing on security these days. For an MSP adding security services, or an MSSP looking to target a new market segment, here are the common questions I frequently get when I meet with service providers.
Is it too late to launch security offerings?
No. In particular, SMBs and mid-market companies are having a hard time hiring and keeping qualified security professionals on staff. And over the last 10 years there has been a boom in companies investing in security tools, but they have only increased their alert volume and false positives. Customers are overwhelmed with alert fatigue and are spending time writing scripts rather than being strategic. Many mid-market and small-medium businesses are looking to leverage managed security services as a means to hire the expertise they can’t afford to scale on their own. You can address their pain with security solutions they now buy as a service.
How should I decide on a target segment?
The answer depends in part on your service region. You can either think vertically and become tied to a specific industry such as Healthcare (offering HIPPA protection and consulting, for example), or Financial Services (with a strong portfolio of governance and compliance packages). Alternatively, you can think of the company scale. For larger providers, you can have a deeper set of offerings and the potential to be the expert in security services in your region. For SMB customers, think in terms of simple ‘good enough’ offerings that solve 80 percent of these businesses’ pain 80 percent of the time.
What can I do to ensure high margins?
Focus is key to ensure you are the best in your region. Customers will be attracted to you because you sell solutions that map to their concerns and will learn to trust you since they see you know more than they do, are responsive, and reinforce their decision to outsource key security functions to you. Additionally, as an MSP adding security services or an MSSP looking to target a new market segment, leveraging automation technology such as machine learning and artificial intelligence will help your security operations team scale cost-effectively.
Although you might feel there is a lot of hype around ML and AI, the idea of ‘autonomous infrastructure’ is a long-term trend that will be a strategic advantage for your business. Investing now in platforms that help your team learn will also help you offer high-margin services that differentiate – such as advanced threat detection, response and eventually threat hunting services.
David Barton
CISO at Stellar Cyber
