Security as a Service Accelerates at RSA Conference
As the RSA Conference kicks off today in San Francisco, much of the buzz involves security as a service. But here’s the challenge: Nearly 80 percent of top managed services providers already offer some form of managed security to their customers, according to our third-annual MSPmentor 100 results. So where can MSPs go next with managed security? Here are some clues.
Sure, entrenched players like Symantec, McAfee and Trend Micro have a range of SaaS and hosted options that frequently involve channel partners. But upstarts like Kaspersky Lab and Sophos are preparing more recurring revenue opportunities for MSPs. During a recent partner conference in the Dominican Republic, Kaspersky Lab’s Nancy Reynolds offered some clues about the recurring revenue efforts. Plus, there was growing chatter about Kaspersky Lab potentially launching a small business SaaS or hosted security service later this year.
Meanwhile, Sophos starts its next fiscal year in April 2010. At that point, I think it’s safe to expect Channel Chief Chris Doggett to pull back the curtain on the security company’s plans for MSPs.
Also of note: Identity management services seem to be shifting to the cloud. It’s safe to expect the Novell Cloud Security Service, still in beta mode, to grab some of the RSA Conference spotlight. And watch for partner moves involving Websense and Juniper Networks.
One other key trend I’ll be exploring: Two-factor authentication. A few weeks ago, I questioned whether VARs and MSPs could set up their own two-factor authentication services (and recurring revenue) for small businesses. Since that time, a few readers have sent over examples of success. I plan to blog about them — and other RSA Conference trends — in the days ahead.
Security as a service is interesting especially when compared to the standard MSSP stuffs: managed IDS/Firewall. At least based on personal experiences, there’s a lot of room for improvement in the security space in general. I think that if managed service providers would step away from embracing technology as the solution and focus more on process, everyone will benefit.
Part of the problem, I believe, it that will all the security infrastructure and overlays, management visibility becomes out-of-focus. Too much emphasis is placed on the controls and people simply stop examining how the technology functions and is being used. In the name of security, people don’t actually understand whether the network is serving the business or is just an expensive distraction for getting real work accomplished.
Having cut my teeth in the IT Sec space for the better part of 15 years, I know better than most the distinction between a silo and umbrella management process. Most SaaS offerings, in my humble opinion, are just more of the same silo solutions in a service wrapper. Sure, they may appear to be cost-effective at the outset, but true costs only manifest based on what the infrastructure contributes to the bottom line. Whether someone takes on the IT management responsibility directly or oversees a outsourced arrangement, at the end of the day someone has to bear responsibility for the bottom line.
I believe security as a service has merit. It can be someone sitting just sitting in a SOC watching traffic whiz by and reacting to events. There’s are a lot of moving parts to managing on-line operations that transcend event thresholds and signature-based threats. By presenting a customer with a clear picture of how their operations are working, showing where resources are being burned and how the technology is being used, a service provider can move beyond the silly dashboard management mentality and offer a higher value technology balance sheet of sorts. By enabling an executive to review their network assets and liabilities all in one place, you’re both distinguishing yourself from the pack plus offering actionable intelligence giving the executive team powers they’ve lacked in the past: to direct technology operations towards yielding a desired company objective. That’s a service I can buy into.