grandeduc - Fotolia
The way Paul Cissel sees it, reselling security as a service amounts to a chicken- and-egg scenario: Do managed service providers step up their offerings proactively or is what's happening to their customers prompting them to step up their game?
"I'm finding as we're now $10 million in sales and have over 50 employees, [when] we were less mature than we are now, our customers' needs drove our [desire to look] for [security] products," said Cissel, CEO of Internet & Telephone (I&T), a provider of IT managed services that started out as a hosted VoIP provider. Intent on offering his clients cloud-based IT security, Cissel began working with IT management software provider Kaseya in 2005 for its core IT security service offerings.
"Now we have the ability … to focus on the vision of the company and not be in the day-to-day routine of supporting customers," he said. "So we can go out and look at various products and talk to customers and see where trends in the industry are going."
Cissel was onto something early. Today, nine out of 10 IT professionals say security is of greater importance today to their companies than it was two years ago, according to CompTIA. While some improvements in security have been made, there is still a significant number of companies that could do more to protect themselves, along with those that may be overestimating their readiness to ward off cyberattacks, the organization believes.
As a result, the IT channel has seen a rise in managed IT security service providers, where the entire portfolio of products and services is built around security, the CompTIA report, Practices of Security Professionals found. "Of course, working with such a firm adds to the list of partners a company must employ, but the complexity of security and of IT overall is making a jack‐of-all-trades partner a difficult proposition," CompTIA noted.
Cissel sees I&T as specialists. "Since we are larger than most MSPs, we have divisions focused on the individual practice areas so that we do not have people trying to be everything to everyone."
The firm's standard IT managed support offering is used to provide customers with a detailed network assessment that identifies key issues surrounding hardware, security, efficiency and finances, he said. Then, "we give customers a remediation report that includes what we want to do to enhance their security," he said.
Once the assessment is completed, I&T begins 24/7 remote networking monitoring for customers, 80% of which are small and medium-sized businesses. In terms of IT security service offerings, partnering with Kaseya has given the firm the ability to offer patching and policy management and the remote monitoring capability as well as some other nonsecurity, IT-related functions.
IT security: Service providers need multiple products
One vendor is not going to be able to address all of an MSP's security needs, from preventing breaches to remediating them once they happen, Cissel emphasized. "So our goal is to find the best-of-breed products."
Paul CisselCEO, Internet & Telephone
Another security offering the firm uses is a product from ZixCorp that encrypts email, "but you have to put in the processes to deploy it and the ongoing aspect of monitoring it," he added. I&T also uses Kaspersky and Webroot for antivirus protection. All can be deployed and managed from the Kaseya console, he said.
"We want to be able to use the single pane of glass Kaseya offers for remote monitoring and management and multifactor authentication, because this way my technicians don't have to go into multiple systems to support [customers] and any updates that need to be done are done by Kaseya," he explained.
As the company name suggests, I&T also manages customers' phone systems as well as their PCs, firewalls and cloud-based servers.
"We are truly one throat to choke," Cissel said. "We're able to do this because at the core of our offering is … Kaseya." The system also allows I&T to look at event logs for potential breaches and alarms, as well as lock down mass storage devices. One way for hackers to get into systems is when an employee finds and plugs a USB thumb drive into his computer. "And all of a sudden, someone has a Trojan sitting on their system," he noted.
Another security product Cissel recently began using from Kaseya is multifactor authentication. Kaseya just came out with a "more sophisticated cloud-based authentication" offering called AuthAnvil, Cissel said. Now, instead of users having to log in to their systems with a token, they can have their cell phone set up as an authentication device, and the system will send users a PIN code that they use to log in.
I&T is focused on building the security part of its business because it has become such a big issue for customers, Cissel said. "There's lot more bad guys out there that are doing a lot of damage to small [and] medium-sized businesses by coming up with new and more sophisticated ways to get into a business -- from ransomware to Trojans -- so as our business has grown, so has the need for more sophisticated, security-based products."
One product Kaseya has "on the drawing board" that Cissel is interested in is a mobile device security offering.
Traditional IT security service lines not enough
It's no longer enough to rely upon the security offerings I&T provided five or even three years ago, Cissel emphasized. "Our business is moving from what I would call a traditional MSP to an MSP that has a heavy focus on enhanced security and compliance."
There are 80,000 new exploits a day, he said, and no antivirus product is going to stop all of them. "People have to understand they're not 100% protected. We're no longer in an era where we can stop a breach; we're in an era where we have to know how we can minimize the breaches that occur through products, services and education and … where we have to know immediately how we're going to remediate that breach."
Read an overview of how channel partners are working with cloud-based security offerings.
Learn about Kaseya management's take on MSPs and small and medium-sized businesses.
Find out about the security products integrated into remote monitoring and management software.