IT and Business Insights for SMB Solution Providers

You and What Army?

Knowing which security functions to outsource—and which not to—is an increasingly important skill for channel pros. By Rich Freeman
Reader ROI: 
OFFLOADING SELECTED SECURITY TASKS to third parties is a cost-effective alternative to expensive in-house tools and talent.
SOC SERVICES, compliance support, and penetration testing are all good candidates for outsourcing.
POLICY SETTING, strategic consulting, and other relationship-enhancing functions are typically poor candidates.
ESTABLISHING CLEAR LINES of responsibility and strong communication are essential to working well with a security outsourcer.

SECURITY, THE SAYING GOES, is a team sport. Most channel pros with a winning team get at least some of the skills and resources they need to keep customers safe from beyond their own staff.

“MSPs tend to think that they can do everything, and that’s not really the truth,” says George Monroy, CEO of San Antonio-based Monroy IT Services.

Especially these days, adds Michael Goldstein, president and CEO of LAN Infotech, an MSP and solution provider in Fort Lauderdale, Fla. “I need a fleet of people with all the new vulnerabilities that are out there,” he says, not to mention enormously expensive tools. Partnering with outsiders makes far better financial sense and results in better protection for end users.

More and more of Goldstein’s peers have reached the same conclusion. Given the ever-expanding range of threats SMBs face these days, they agree, the question isn’t whether to outsource a portion of their security services. It’s which ones to outsource, and how best to do it.

The round-the-clock monitoring and analysis provided by a security operations center (SOC) with state-of-the-art SIEM software is usually a good starting point. “Most companies are not going to be able to do that,” Monroy observes. “It’s a huge investment.

Setting up a facility and equipping it with software, moreover, are just part of that investment. Hiring experienced security specialists is a steep yet indispensable expense too.

Rory Sanchez

“There’s a lot of intricacies to the business,” observes Rory Sanchez, CEO of True Digital Security, which provides outsourced security services to corporate IT departments and channel pros from offices in Florida, New York, and Oklahoma. “A lot of MSPs don’t have the in-house expertise to really get into the weeds on security issues, so who do they escalate that to when they really get into a jam?”

On a more day-to-day basis, he adds, third-party SOC providers can help IT generalists spot risks they might otherwise miss, separate real issues from false positives, formulate incident response plans, and assist with post-breach threat hunting. “A lot of MSPs are not really equipped to make sure that the bad guys are out,” Sanchez says.

About the Author

Rich Freeman's picture

Rich Freeman is ChannelPro's Executive Editor

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.