Free Newsletters for the Channel
Register for Your Free Newsletter Now
MSSPs and their customers needing to fight unintentional – or not – data loss through employees will want to know more.
November 24, 2020
In 2021, insider threats will make up one-third of the cybersecurity incidents organizations combat, according to Forrester Research. One vendor, Code42, has devised a simple way for managed security service providers to protect their customers – and themselves – from those breaches. And it’s revamping its channel approach to put partners first.
Code42’s Joe Payne
“Insider risk is taking off,” CEO Joe Payne told Channel Futures.
Perhaps that’s what MSSPs need to understand, above all, before looking deeper into Code42 and its Incydr platform.
Starting in just a couple months, the risk of employees leaking data, on purpose or not, will rise from 25% to 33%. That’s what Forrester wrote in its recent report, Predictions 2021. No surprise, that increase stems from the global shift to remote work because of COVID-19. But it won’t just be external bad actors prowling for corporate data who try to put MSSPs and their clients in a bind. More than anything, that problem will come from staff.
Forrester cites three main reasons for the uptick in insider threats. The first, of course, comes from the increase in remote work due to the pandemic. The second results from widespread COVID-19 shutdowns and their subsequent economic fallout. So many jobs are on the line that employees may act out. Third, people can move company data more easily than ever.
“Combined, these will produce an increase of 8 percentage points in insider incidents, from 25% today to 33% in 2021,” Forrester analysts wrote. “The overall number of insider threats will also be pushed higher as firms get better at identifying and attributing incidents to insider activity.”
In fact, this will create a shift within the MSP sector itself. Tech association CompTIA says more MSPs will add security expertise. The MSSP category will get even stronger in 2021 as more MSPs do this, CompTIA says, as they, too, attract the attention of hackers. The essential takeaway, regardless of acronym, is that neither MSPs nor MSSPs can overlook security.
“Cybersecurity, especially during this wave of remote working, is a discipline that is table stakes for all kinds of channel partners,” CompTIA wrote in its Industry Outlook 2021 report. “It’s not a nice-to-have, but a need-to-have. Not having security expertise is a deal breaker for many customers considering whom to work with as a technology provider.”
Employing a zero-trust methodology will prove essential, CompTIA noted.
“Instead of trusting any network behavior or user access that appears to come from a secure location, everything must be verified,” analysts wrote.
Indeed, trusting no one and nothing up front will best protect MSSPs and their customers from insider threats. But doing that without alienating employees, more than anyone else, is tough. The last thing an MSSP or the enterprise’s IT team wants to do is turn workers into malicious insiders, as Forrester noted.
“Considerations for employees’ privacy, company culture and local standards for lawful, fair and acceptable labor practices are key to the success of [an] insider threat program,” the research firm said.
That’s where Code42 comes in. The company believes it has the right solution for both mitigating and addressing insider threats, all through the channel.
On Jan. 1, look for Code42, creator of the SaaS-based Incydr, to sell the platform 100% via partners.
“In security, relationships between CISOs and channel partners are deep. We’ve known all along we wanted to tap into that,” Payne said.
Code42 developed Incydr about two years ago. In the intervening months, the company has reached about …
… 30% in channel sales.
“We needed to build out the product and make sure the market and interest was there, and get all that sorted so the product was ready for the channel,” Payne said. “That means getting a very mature product.”
But achieving widespread sales success through MSSPs and other partners requires more than a solid platform. A vendor needs a proven channel chief. Code42 believes it has found that person in Faraz Siraj.
Code42’s Faraz Siraj
Siraj joined Code42 in October as vice president of channel sales; the company announced his hiring earlier this month. Since 2018, Siraj led his own consulting company, focused on channel transformation and growth. Yet, MSSPs may remember Siraj more from his years at RSA Security, ThreatQuotient, Cisco and Sourcefire. He led channel efforts for each of those companies, just one of the credentials that brought him together with Code42.
“Faraz, in terms of his experience in the security channel in particular, is so deep and his demeanor is a great fit for our culture,” Payne said. “We have a modern culture. He was a good people fit for us and bringing Cisco, RSA and Sourcefire, and experience in the channel … he’s seen it all.”
Siraj continues to nail down Code42’s all-channel strategy so it’s ready to go by Jan. 1.
“He’s signing channel partners right now,” Payne said. “We’re already closing deals through the channel right now and already bringing them deals.”
In terms of structure, MSSPs can expect a standard three-tier program. Percentages will differ depending on whether the channel refers to Code42 or Code42 refers to a partner. In the highest level, MSSPs can gain discounts up to 35%.
“There’s a lot of room for them to make great margins on our product,” Payne said.
Plus, Code42 will pay partners for renewals.
“Not all software companies do that,” Payne said.
The lowest tier acts like many others within the channel — a partner simply needs to understand Incydr and how it works. The second and third tiers require more participation, including certification and training. After that, the focus turns to sales.
“In the security space in particular, buyers are used to buying most of their products from the channel,” Payne said. “There are deep, long-trusted relationships with security channel partners among CISOs. And we’ve known that for a long time. Tapping into those trusted relationships is super important.”
To heighten the appeal of Incydr, Code42 not only will go 100% channel, it also has cemented a variety of integration partnerships. This makes deployment, which already is pretty simple, even more appealing for MSSPs, the company hopes. To that point, Code42 teams with SIMs, SOARs and identity providers, as well as some human resource tools. Brands include Box, Exabeam, Palo Alto Networks’ Cortex XSOAR, Google Drive, IBM Security, Microsoft Azure, Ping Identify and Office365, among others.
Perhaps the biggest issue with trying to push back against inside data loss boils down to how employees feel. If workers believe their company assumes bad intent and sees the worst in them, they are more likely to …
… act accordingly — a “guilty until proven innocent” take, if you will. Code42 sees that as all wrong. The key is to find the balance between productivity and protection, without villainizing staff.
The problem is, most security solutions function on more of an all-or-nothing basis.
Slack, Teams, Google Drive, OneDrive — these comprise important, necessary resources for employee productivity, Payne said.
“But they’re also good at spreading data out to people, which make it easy for people to exfiltrate data,” he said.
At the same time, too many organizations use old solutions that block sharing and collaboration, inhibiting progress.
Instead of letting data leak out uninhibited, or barring teamwork altogether, Code42 offers a different suggestion.
“We’re saying, let’s wrap some security around that. It’s like a video camera approach. You can watch all users and all data, wherever it sits, and build a profile of every user. Then if there are indicators that someone is doing something they shouldn’t, we flag it,” Payne said. “We don’t try to block collaboration or exfiltration. We prevent data loss by creating accountability and consequences.”
But, Payne added, “just like a video camera on the front door, it doesn’t prevent [theft].”
Incydr does its work from the cloud. Like other SaaS platforms, it features a simple-to-use interface, provides real-time alerts, lets users build their own rules and deploys with just a little configuration on the part of the MSSP.
“It is so easy to understand that people look at it and say, ‘I get it,’” Payne said. “It’s all cloud-native, so you click through and quickly identify who needs to be investigated. … It’s so easy that I do a lot of the demos. And I’m not technical.”
MSSPs training people to use Incydr, then, will likely find that an appealing point.
All in all, Code42 sees the need for Incydr growing. Heading into a new year, the COVID-19 pandemic continues unabated. People still are working from home. Economic uncertainty abounds, which means more potential for job losses. That’s all a recipe for a rise in insider threats.
Keep up with resources for supporting partners and customers during the COVID-19 crisis.
“People are only staying at their jobs for three to four years at the most,” Payne said. “It turns out that No. 1 indicator that someone might take data and shouldn’t, is when they [leave].”
Yet, rather than hindering communication and innovation, Code42 saw a different way — let people do what they need to do until or unless they present an inside threat.
“We want people to share data, collaborate and work together,” Payne said.
Incydr lets them do that.
Contributing Editor, Channel Futures
Kelly Teal has more than 20 years’ experience as a journalist, editor and analyst, with longtime expertise in the indirect channel. She worked on the Channel Partners magazine staff for 11 years. Kelly now is principal of Kreativ Energy LLC.
You May Also Like
Cloud Computing News: AWS Loses Another Key Exec to Azure; Canalys, Vega Cloud, Hyve NewsFeb 23, 2024
Channel Futures Reveals 2024 Circle of Excellence InducteesFeb 23, 2024
Canalys Channel Leadership Matrix Names AWS, Cisco, HP Among 'Champions'Feb 22, 2024
CrowdStrike, SonicWall Cyber Threat Reports Highlight Attacks, Popular TacticsFeb 21, 2024