Puzzled by the networking know-how needed to deliver a ‘complete’ security solution these days? MSPs may fill your missing cyber piece.
by Erin Harrington
Cybersecurity and all the challenges that come with it, looms large over the physical electronic security industry.
A different kind of expertise is now needed from security integrators, notes Bill Bozeman, president and CEO of PSA Security Network, who likens today’s cyber influence somewhat to when things went from analog to digital and integrators had to either develop their own new skillset or forge partnerships to meet end users’ needs.
“Our traditional community of integrators are comfortable with due diligence on traditional security products and the vast majority are very IT savvy and so good at what they do,” says Bozeman, whose organization has included cybersecurity annually as a highlight of its TEC event education agenda.
“But many integrators are going to struggle with cybersecurity. It’s not simply deploying a device on a network anymore, and it’s no longer the kind of system they’re so adept at deploying.”
So what is a traditional physical security dealer/integrator to do? “Get savvy,” says Bozeman, who urges integrators to build a general knowledge base of IT services and other cybersecurity offerings to begin rethinking their firm’s business value to existing and prospective customers.
But the nature of today’s risks is constantly evolving, making managing cybersecurity an even tougher task for security integrators getting involved in it. Consequently, we’re seeing a sharp increase in demand for IT managed service providers (MSPs), whose expertise more integrators are turning to in order to deliver comprehensive security solutions to end users.
Read on to learn more about what MSPs can do for you, as well as tap into some handy resources to help improve your own cyber education.
Cyber Awareness, IoT Create Challenges
Headquartered in Austin, Texas, SolarWinds is a value-driven provider of products and tools that solve a broad range of IT management challenges related to networks, servers, applications, storage, virtualization, Cloud, or development operations.
Ian Trump, SolarWinds’ global cybersecurity strategist, notes that demand for MSPs is driven by a few factors, including the threat of data breach and extensive coverage of those breaches, ransomware attacks and cyber fraud coverage in the media, as well as the desire of MSPs themselves to expand services into security and compliance offerings.
“There are many crossover opportunities, from building management systems [BMS] integration, security systems and voice over IP PBX deployments,” Trump says. “This is firmly in the territory of Internet of Things [IoT], and physical security integrators are in desperate need of solid networking skills, which MSPs have. There is a growing awareness of the challenges of moving IoT into business and it requires an advanced security skillset. Firewall rules, networking VLAN or net-mask segmentation are all required to integrate IoT devices as safely as possible.”
To help integrators deliver complete security solutions, MSPs need to do two vital things, according to Trump: build for capacity — not just for current needs, but for future needs; and provide documentation, especially network diagrams.
“It’s super helpful if the security integrator can meet with the MSP first, so any differences in opinion can be hashed out,” he says. “I think the capacity issue is an important consideration — security DVRs, cameras and software will hammer a network if it’s not properly implemented, and a key fob access system which is not protected by a UPS could be problematic during a power outage. MSPs need to be thinking about these challenges and anticipating what their clients may want in the short and longer term.”
It’s taken a while for cyber and physical security to come together under the same umbrella, but many integrators are indeed adding on or acquiring cyber management knowledge, according to Steven Grossman, vice president of strategy and enablement for Bay Dynamics.
The San Francisco-based company provides an enterprise software platform that calculates the value at risk associated with specific threats and vulnerabilities, and measures how much risk can be mitigated by applying certain actions.
“Cyber is a key aspect of physical security technology, and protecting physical security technology and infrastructure has been critical for a long time. Now MSPs and integrators are pulling it together to offer one-stop shopping,” he says. “The MSP angle is a great way to promote that consolidation.”
It’s also a potential angle for providing security integrators an additional revenue source, Grossman suggests. As Grossman points out, in the past integrators would perform the install and say, “Thank you very much. Let me know if you have any problems.”
With the added dimension of cybersecurity, it becomes an ongoing operational relationship vs. an installer relationship.
“Tacking on the services of an MSP to monitor for events and proactively identify vulnerabilities — and provide the remedy and response for integrators — is also giving them an additional revenue source and more comprehensive offering,” he says. “This becomes a subscription, so to speak.”
Along with additional RMR potential, partnering with MSPs also strengthens a security integrator’s capabilities while allowing them to focus on their core competencies — and perhaps stay cost efficient from a personnel standpoint as they give their solutions portfolio an instant boost.
“MSPs are specialists in the maintenance of the various networks in use in the business environment and they save the company the cost of an IT department. It’d be advantageous for an integrator to work with an MSP as a business partner to provide their expertise on things like network organization and cybersecurity protection protocols,” says Joe Holland, vice president of engineering for LifeSafety Power, a Mundelein, Ill.-based provider of power supplies for intelligent networking devices.
“Even though integrators are certainly very capable in their own areas, an MSP can add that cybersecurity capability component immediately to the pedigree of an integrator.” Chris Salazar-Mangrum, senior IT project manager for PSA Security Network, echoes that MSPs can enhance integrators’ value to customers by expanding the solutions portfolio and simplifying the cyber world.
Leveraging MSPs can address needs such as data backup, disaster recovery, device encryption, vulnerability assessments, network monitoring, cyber policy creation and enforcement, to name a few, he says. (See sidebar for more on PSA’s resources.)
The coming together of traditional physical security integrators and IT MSPs also marks a merger of asset management and risk management savvy appreciated by end users.
“What keeps them up at night is having an event that lands them on the front page,” Bay Dynamics’ Grossman points out. “I think we’re seeing a transition from tactical defense, in-depth implementations to a risk management mode of operation.”
In this regard, he contends that the physical side is ahead of the cyber side, as they’ve known all along the critical parts of their buildings and infrastructures, including where people and access systems are based, and have been taking a risk-based approach for a long time.
“But the cyber guys, because of the nature of cyber, have been running with their hair on fire up and down the hallways trying to patch all your vulnerabilities across all your machines, learn what and where your assets are and what’s most important, which is difficult in the IT world,” Grossman says.
“Even the most sophisticated companies are challenged when it comes to asset management, as it means they’re now managing your threats, compromised accounts, third-party access — pretty much the same things the physical security guys have been tasked with. All those things are getting greater attention on the cyber side these days within the frame-work of risk management,” he adds.
How to Adopt the MSP Approach
Security integrator A3 Communications, headquartered in Columbia, S.C., recognized the value of that convergence a decade ago, when security became more IP based.
“We’re a true systems integrator and we not only provide IT managed services but also network infrastructure and virtualization services,” says Brian Thomas, president.
“Coming from a foundation of networking, we were early adopters and we’ve taken that knowledge and leveraged it on security side which has given us an advantage. Our belief was that if we own the network, we should own everything attached to the network.”
To that end, A3 has a managed IT services practices division, a fully manned help desk, and provides remote management and monitoring of customer’s devices, servers, phones … anything IT based.
Thomas is finding that instead of end users’ facility directors his company is usually dealing with IT directors nowadays.
“A lot of this stuff can be Cloud-based and not a big investment on the front end to add cyber. It’s a value-add for an integrator, and if they pass that off to an MSP they lose that revenue,” he says.
For integrators, becoming familiar with all the possibilities to provide an end user is particularly pertinent given that MSPs have multiple levels of offerings from help desk support to managing your IT infrastructure and network purchases, Cloud-management, vulnerability scans, and more.
“Look for references and example documentation from the MSP,” says SolarWinds’ Trump. “As a security integrator, you need to know the various products features and requirements, you need to know what the best practices are. The MSP and integrator meetings have to present a united and professional front to the customer.”
PSA’s Salazar-Mangrum also cautions that a strong leadership team is a must to have your back.
“If you cannot trust the MSP’s leadership team and vision, move on to the next. Do your due diligence and don’t rush it,” he says.
“Create a smart sourcing plan, hire a 1099 sourcing professional if needed, understand your business needs and decide if you want your MSP to help with only your IT needs or your end-user needs, as well.” As Trump says, “The IoT market has greater market potential than security for both integrators and MSPs. They must work together to ensure the customer is safe from cyber threats — this makes the Internet better for everyone.”
Read the original article at SecuritySales.com