Continuum CEO Michael George said managed service providers that fail to go deep into providing security solutions risk losing their customers to the competition.
"The lines between a managed service provider and a managed security service provider are gone, absolutely gone," George said Tuesday during his keynote address at Continuum's Navigate 2017 conference. "Make no mistake about it, your customers believe you are responsible for securing them today."
Solution providers that assume a first-mover position in security will have the opportunity to poach clients when their peers get hit by a security breach, George told 700 attendees at the event, being held at The Cosmopolitan of Las Vegas. And the security services offered by MSPs to their clients must go beyond backup and disaster recovery (BDR) to include comprehensive protection as well as robust remediation, he said.
"Since the attack surface is so large, the volume of attacks are extraordinary," George said. "We are woefully underserved and outflanked by the enemy."
Attempting to build a security operations center (SOC) out in the field would be an exercise in futility for most MSPs since that caliber of worker is highly-paid and in high demand by large enterprise businesses, according to George. Solution providers would likely struggle in trying to compete against larger counterparts and hiring away this talent, George said.
Continuum therefore plans to roll out an around-the-clock security SOC to assist MSPs in remediating security breaches experienced by their end customers.
Cybersecurity today has grown to the size and scope of the industrial revolution in a fraction of the time it took for that transition to evolve, George said. As a result, MSPs that are aware and hyper-informed of the latest threats will be indispensable to their customers, he said.
"This will be the truest annuity business you could ever imagine being in," George said. "Every time you solve the last problem, they are building a new one."
George said the most severe threat facing the industry today is the Equifax hack disclosed last month, during which he said most of America's working population had their financial records, social security numbers, dependents, and W2 information stolen. Personal records are currently being brokered and traded on the black market, George said, and the auction should settle out in the next few months.
"The working population of the United States is going to be under massive attack," George said. "We are right at the eve of this hyperscale attack that is about to take place."
The attacks will last until people go out and recreate an entirely fresh set of new records, according to George.
In addition to their new managed security offering, George said Continuum will provide MSPs with education, training and documentation that they can bring to their end customers. The education piece will focus on blog content, webinars, podcasts, and weekly and monthly newsletters to help get channel partners in front of their customers on a regular basis, George said.
The training component will be oriented around workshops, lunch-and-learns, on-boarding sessions, and mock phishing exercises that MSPs can deploy against their clients, according to George. And the documentation piece will help set expectations and provide communication guidelines, process guidelines and incident response reports, George said.
All told, George said it's imperative that MSPs make their clients and the client's employees part of the defense system.
"Unlike [remote monitoring and management] and BDR, in security, there is a shared responsibility to thwart these attacks," he said.
Ethos Technologies has used security tools from a variety of vendors, but often finds that the support peters away after the initial on-boarding, according to Vice President of Technology Doug Turpin. As a result, the Salem, Va.-based solution provider often gives up on the product, Turpin said.
In addition, the company has had a lot of difficulty finding folks that are highly trained around security, Turpin said. Ethos therefore has engineers that can configure firewalls, but not staff that can think like a hacker, conduct penetration testing, or consider attack vectors, according to Turpin.
"We have a lot of administrators of IT equipment, but not a lot of innovators," Turpin said. "I don't want to be on the hook for every single issue that's elevated."
Turpin is optimistic that Continuum's SOC can provide Ethos with both entry-level and higher-level security support, as well as enablement from a product perspective. This should provide Ethos will additional bandwidth to address their customers' security needs, he said, as well as free up time for Turpin to focus on other aspects of the business.