IBM Puts Heft Behind New MSSP Program

IBM THINK — Increasing complexity in IT security, the steady headline grabbers about business data breaches, and the wide spectrum of compliance and regulatory requirements are setting off alarms at businesses of all sizes. And, to top it off, there’s a shortage of expertise to design, implement and manage a top-notch security strategy.

That’s why IBM on Tuesday launched a global managed security service provider (MSSP) program, at its PartnerWorld at Think 2019 event in San Francisco.

Partners have been key players driving IBM’s security business for years, with about half of the company’s business coming from the channel. This latest opportunity seizes on an industry trend for managed security services, estimated to be worth about $40 billion.

IBM’s Johan Arts

“The estimated labor shortage in this business is about 3 million people by 2020 [according to industry research]. In our view, managed security services is the fastest-growing partner segment within the overall security business,” Johan Arts, vice president, worldwide channels and routes to market, IBM security, told Channel Futures.

IBM is doing more than simply opening its doors to MSSPs. It has put several programs in place to help partners build a MSSP practice, recruit existing MSSPs, and help expand business opportunities.

Arts said that IBM already works with approximately 100 pure-play MSSPs, globally, and is in talks with reseller and MSP partners interested in building a MSSP practice. The company has been working on building the program for the past year.

There’s a road map for the different types of partners interested in IBM’s MSSP program, which falls under the IBM Partner Program umbrella.

For a partner aspiring to become an MSSP, IBM helps them understand the heavy upfront investment required to build an MSSP practice.

“For a partner like this, the first thing we do is engage them on the business planning cycle,” said Arts.

For example, partners need to invest in people and training. They need to be willing to take on the liability of a security practice and the commitment to respond to specific SLAs.

“This is not for the faint of heart. Successful partners understand this,” Arts said.

IBM training for MSSPs covers both security product training – much of which has been in place – and an additional layer of training on MSSP business practices. There’s also a job-shadowing opportunity with IBM experts developed on a one-on-one basis

Here’s a closer look at the product and services focus for MSSPs.

Joshua Stegall, global managed services provider lead, IBM security at IBM, said the company is focused on taking its portfolio to market through MSSPs to help them solve critical security use cases. “Our initial focus is on threat management (through QRadar), incident response (through Resilient), data security (through Guardium) and identity management. “The majority of our MSSP partners leverage QRadar for threat management and managed SIEM services, so our MSSP focused enablement is initially focused on QRadar,” he said.

On the security services side, IBM is focused on managed SIEM and threat management incident response, data security (including data discovery, classification and compliance scanning) and identity management. “MSSPs can also partner with IBM for our service offerings across security intelligence and operations, X-Force Red Offensive Security (penetration testing), X-Force Incident Response and Intelligence, identity and access management, data and application security, infrastructure and endpoint security,” Stegall added.

If partners are unable to make the transition to become an MSSP, IBM has a program to put them in touch with IBM MSSPs for their services.

“That hybrid model is where we’re seeing a lot of our successes,” said Arts.

IBM MSSP partner Reliaquest, based in Florida, does just that, offering its cybersecurity expertise to other partners.

IBM will leverage its new Business Partner Connect program, announced this week, to facilitate partner-to-partner collaboration. Anurag Agrawal, Techaisle CEO and analyst, said that business challenges and technology complexity are creating business friction.

“Businesses are looking to cloud, analytics, security, AI and open-source solutions, and channel partners cannot address all technology capabilities,” he said, referring to a recent Techaisle study.

Channel partners are faced with balancing investment in depth and breadth, so they are …