Google Cloud Takes on Rivals AWS, Azure in Broader Pursuit of MSSPs

As cloud and security grow ever more inseparable, the major public cloud providers are bringing more managed security service providers (MSSPs) into their partner folds. Google Cloud amped up its approach this week, with the launch of the Chronicle MSSP Program.

The new invitation to team up with Google Cloud comes as the company integrates the $500 million Siemplify acquisition, and as it puts the finishing touches on the $5.4 billion Mandiant purchase.

It also comes as rivals Amazon Web Services and Microsoft Azure, through its Microsoft Intelligent Security Association, better target MSSPs, too. Google Cloud, though, got a little bit ahead of its competitors last summer when it launched a volley of security tools for cloud partners. Now, the Chronicle MSSP Program crystalizes the provider’s take on cloud security.

Google Cloud’s Sharat Ganesh

To that end, Chronicle MSSP “will offer MSSPs around the world the ability to provide scalable, differentiated and effective detection and response capabilities with our cloud-native SIEM product, Chronicle,” Sharat Ganesh, head of Google Chronicle product marketing, wrote in an April 4 blog. “In a highly competitive environment where customers have little to differentiate between various MSSP providers, we are helping to turbocharge our MSSP partners with specialized services offerings, enabling branded portals and advanced threat detection, investigation and response capabilities.”

Initial partners include Cyderes, Netenrich, Novacoast, Herjavec Group and Fishtech Group.

Herjavec Group’s Robert Herjavec

“As a major partner and a distributor/MSSP, we are excited to leverage this new program, helping our customers and delivering security outcomes,” said Robert Herjavec, CEO of Herjavec Group and Fishtech Group.

Aspects of the Chronicle MSSP Program

Ganesh said several aspects of Chronicle MSSP make the program attractive to partners. He noted that internal Google Cloud teams will help sell MSSP solutions, which will “help unlock greenfield accounts and expand into new territories quickly.”

What was not immediately clear is how that will mesh with Mandiant’s direct-sales tactics. Google Cloud often emphasizes its partner-led strategy, so executives will need to tread carefully.

Ganesh further said Chronicle MSSP gives members more control over margins. That’s through a “modern licensing model.” What this means, exactly, was also not immediately clear.

Meanwhile, through Chronicle MSSP, partners can add their own intellectual property and technology on Chronicle, Ganesh said. They can brand reporting, services and advanced threat intelligence accordingly. All this makes solutions both unique and easier to sell, he said.

Speaking of Chronicle itself, MSSPs will be able to streamline and automate customer-management workflows due to multitenant, API-enabled environments. Chronicle takes data from any cloud, any data set, Ganesh said, to “enable security data to exist in one place, and perhaps more importantly, aliased and correlated into a timeline of events. This capability can enable SOCs to begin to operationalize their data into meaningful signals.”

In terms of Chronicle’s capabilities, the platform (not the partner program) provides threat prioritization and context-aware detection, Ganesh said. In other words, “the supporting information from authoritative sources (e.g. CMDB, IAM, and DLP) including telemetry, context, relationships and vulnerabilities are available as a ‘single’ detection event,” he wrote. “Our partners can use this capability to write context-driven detections, prioritize existing alerts and drive fast investigation.”

Overall, Google Cloud expects to help MSSPs reduce response time. That “can lead to greater customer and cost benefits,” Ganesh said.

Why Chronicle MSSP Now?

The introduction of Google Cloud’s Chronicle MSSP Program comes, again, as the Big Three recognize the cloud-security convergence. AWS has its nascent Level 1 Competency, which certifies partners to deliver security and monitoring as a managed service. Microsoft has the MISA, which brings together MSSPs, independent software vendors and Azure Sentinel for security information and event management. Furthermore, Chronicle MSSP enters the market as threats and breaches remain at all-time highs, and as bad actors take aim at emerging areas of weakness. Cloud became one of those amid COVID-19’s rushed deployments, and many organizations continue to try to clean up the messes. They remain in a rush against time as hackers exploit gaps.