OF ALL THE CHALLENGES we face in our MSP practices, managing security vendor sprawl might be the hardest. We want to offer the best possible response to every threat, of course, but who wants to manage a dozen or more different vendor relationships and consoles, dashboards, and as many “single” panes of glass? After all, too much sprawl will bring your operations to a crawl.
How do we balance the concerns of product and vendor management, along with the challenges of managing industry change, integrating information, and more? It starts with operational maturity. Are you just getting started, or are you well down the growth path of a larger firm? And how much tolerance for single-provider risk can you muster? The answers to these questions will help you form your strategy.
Let’s start with the “easy” stuff, the vendors.
The first hurdle to clear is establishing and maintaining the various relationships you’ll need to develop and nurture with different vendors. We can stipulate that nearly all of us will need a wide variety of security providers, including firewall, EDR/MDR, MFA, SOC/SIEM, and the suite of protection and backup for M365 “endpoints.”
No matter how well you manage all of this, juggling these relationships adds complexity, and reduces your leverage with any given vendor. Complexity will also limit your scalability, weaken your vendor relationships, and ultimately constrain your profitability. And with too many different vendor data “silos” at play, you’ll miss out on potential synergies that a limited vendor stack provides.
If you are managing thousands of seats, you will surely have the breadth of staff and skill sets to manage multiple providers for each of these offerings, and more. And we all know that a varied provider ecosystem can help protect against a single vendor outage or compromise taking you or your sites down, or worse. And with that much scale, you can afford to “share the love” across multiple providers of any given solution and still develop solid relationships with many vendors.
But what about those of us with hundreds, not thousands, of seats? How do we develop strong vendor relationships, keep it simple, and still manage to grow and scale while remaining profitable? The simple answer is to keep the answer simple.
As I’ve built out my stack at Net Sciences, I have kept in mind that managing vendors is quite a bit like managing staff, and that realistically, about half a dozen variables are the most I can effectively handle. That means one firewall vendor, one EDR/MDR vendor, and so on. Where this starts to fray for my practice is bringing together the various MDR, firewall, and M365 log response vendors out there.
This means that changing out one part of my security stack requires careful attention to all the other layers and overlaps. I’ve tried to limit myself to vendors that can offer three or more solutions, and rarely (but not never) select “point” solution vendors. Players such as Solutions Granted that provide EDR/MDR, M365 alerting, and more stand out for me right now. And as I continue to further refine my security stack, I always look for ways to reduce the number of vendors. That makes players like SOCSoter and others that can offer very broad security portfolios even more interesting.