A shift of emphasis from cybersecurity product features and complexity to use cases and outcomes is key to unlocking security opportunities, argues Andrew Napier, Head of Cloud and Security Products, PXC.
Cybersecurity is not, in general, given the attention it demands by a large number of resellers and MSPs, believes Napier, mainly because it’s not seen as an enabler, more as an unwelcome additional cost. “Cybersecurity is an insurance type of proposition,” he stated. “However, there are many aspects of modern next generation firewall monitoring, for example, that can inform better business planning. More messaging about the operational benefits of a properly maintained security posture, rather than the ‘what ifs’ implications of not doing so would be good to see.”
Another reason that cybersecurity may be sidelined is the perception that it’s difficult, logistically time consuming, expensive in terms of personnel and perhaps even legally dangerous territory for a traditional telco or ISP to get involved in, pointed out Napier. “These are all areas that can be de-risked with proper outsourcing,” he explained.
Napier also observed that security vendors can be too focused on pushing features that create a perception of complexity which can be off-putting. But the greatest challenge is customer knowledge and awareness of their own security posture, he believes. “Too often we see customers with outdated equipment and no experience or capability to fully understand the risks they face, how to scope out what they need and budget for a remedy,” commented Napier. “The challenge for the reseller or MSP is to deliver a secure environment for the customer in this context without any disruption. It’s a tall order.”
Consultancy
This scenario is made more challenging by the fact that customers with the lowest levels of awareness are also at the highest level of risk, and have the least amount of assigned budget, noted Napier. This means that the most successful customer engagements are those that are front-heavy on consultancy, engagement and tactical assessments to prove the state of risk and therefore get budget. “A reseller needs to understand how an organisation functions in order to deliver a solution that will be secure,” he added.
“Overall, there is a growing awareness among businesses that cybersecurity is a real issue and should be taken seriously. However, there is a wide gulf between a business that understands something needs to be done and a business that understands what needs to be done. Therefore there is growing demand for managed services around regular, appropriate security housekeeping tasks undertaken by a third party that can advise on this increasingly confusing and noisy marketplace.”
Humans are ingenious creatures and the arms race in the cybersecurity area is one of the most fast paced
Napier explained that security risks broadly fall into two categories: Attackers are either after bitcoin directly for ceasing disruptive activity such as DDoS or unlocking files following a ransomware attack. These are both on the rise. Or they are being paid by someone else to lift sensitive data and will want to remain undetected for as long as possible. “In the latter example the breach is more likely to come from a poorly secured firewall or non-hardened web application such as O365,” said Napier. “Humans are ingenious creatures and the arms race in the cybersecurity area is one of the most fast paced.”
But the security trend that most interests him is personal and corporate identity theft. “The vast majority of security incidents are made possible through human error,” he added. “It’s far easier to persuade someone to open the front door rather than smash it in. Examples include badly secured O365 environments that enable hackers to impersonate people inside an organisation and spoofed websites that look genuine and collect payment information.”
Relatable use cases
To effectively combat and contain threats such as these vendors should take a step back from box feature battles and think more about real life use cases that make sense to the average SME and enterprise customer, believes Napier. “More investment emphasis should be put into robust management, orchestration and monitoring platforms to make it easier for end customers and resellers to really deliver the benefits of their technology investments,” he commented. “A good GTM strategy needs to have a holistic ‘secure through and through’ cross-product approach.
“Don’t forget that a customer who doesn’t think they have a security issue probably does, but will be unlikely to respond to a security-first message. It all comes down to perception of value in the supply chain. If a customer’s MSP can make them more operationally agile and improve decision making as a result of the vendor’s investment in making their device easier to manage, then that customer is unlikely to look around for a cheaper deal for any of the services the reseller delivers, security or otherwise.”