Setting the scene
The global Managed Security Services (MSSPs) market is projected to grow from US$31.6 billion in 2020 to US$46.4 billion by 2025.
In a time where cybersecurity threats are ever-increasing – and the number of skilled security professionals is ever depleting -more and more businesses are looking to MSPs and MSSPs for support with securing their data and keeping security risks at bay.
While there is a great opportunity for MSPs and MSSPs to capture new streams of revenue and drive business growth, securing the modern enterprise is becoming a more complex undertaking.
Although security has always been complex and required expertise, the pace of change within the security solutions market means many MSPs and MSSPs feel overwhelmed – unsure of which solutions are right for their customers.
In the world of security, uncertainty simply won’t do. To deliver on their promises to customers, MSPs and MSSPs need to feel certain that they are doing everything they can to keep sensitive business data secure – and that they’re using the right tools to do it.
This article will help MSPs and MSSPs improve their confidence about securing the cloud-driven business landscape. We’ll discuss:
- How IT infrastructure has evolved rapidly over the last couple of years due to the proliferation of the cloud
- The security solutions you need to invest in (and those to avoid!)
- The importance of extending security into SaaS applications
- How Polymer can help you secure enterprise data in traditionally ‘hard to secure’ applications like Slack, Teams and Google Workspace
Security and the cloud evolution
Cast your memory back to life in 2019. Back then, offering advice and support to enterprises was a little more straightforward for MSPs and MSSPs. Already, MSPs were starting to integrate security offerings into their portfolios and MSSPs were diversifying their cloud security solutions.
However, there was a sense of predictability and steadiness to the pace of change. Enterprises were gradually migrating to the cloud and slowly but surely enabling hybrid working. Digital transformation was a long-term, gradual goal.
Fast forward to early 2020 and everything changed. Enterprises no longer had the luxury of a piecemeal approach to digitalization. They needed to evolve – fast – in order to survive. Suddenly, companies that operated in an office environment were enabling complete remote work. As Microsoft’s CEO aptly put it: we saw two years of digital transformation in two months.
For MSPs and MSSPs, the start of the pandemic represented a real pressure point. Demand for security support soared at an unprecedented rate. Business leaders put a lot of reliance on their IT and security providers to secure the new remote, cloud-based and mobile world of work urgently.
Even today, the reverberations of the pandemic can be acutely felt by enterprises, MSPs and MSSPs alike. The pandemic accelerated enterprise dependence on the cloud.
Now, there is no turning back. Enterprises want to continue their digital transformation initiatives – many with the aim of moving all of their workloads to the cloud. Hybrid work is also here to stay. It’s predicted that, by 2025, at least 40% of employees around the world will work from home full-time.
MSPs and MSSPs are under more pressure than ever to deliver what their customers are looking for: data security all the time, on any device, from any location. This is a highly complex undertaking; one that continues to challenge many MSPs and MSSPs. Indeed, research shows that just a third (34%) of MSPs offer services that fill the security gaps created during pandemic cloud adoption.
The complexity of securing the hybrid world of work
The issue facing MSPs and MSSPs can be boiled down to this:
How can these organizations ensure customer data is secured across devices (managed and unmanaged), applications (known and unknown) and locations (anywhere access) at all times?
The answer appears simple at first: to control access and authentication to data, no matter where it resides. However, putting this theoretical solution into practice is proving more difficult.
For one, there’s employee productivity to consider. Any security solution that is too restrictive will hamper efficiency – undoubtedly leading to dissatisfied customers. Moreover, with the risks of ‘credentials compromise’ at an all-time high, one-off authentication is not enough. MSPs and MSSPs need a solution that can dynamically verify users as they interact with different resources.
This is where the principle of Zero Trust comes in – a security philosophy that is underpinning the creation of a new generation of security solutions. However, Zero Trust has one major pitfall at the moment: it’s not a single solution. It’s a mindset.
All MSPs and MSSPs will be familiar with advertisements and brochures from vendors promising Zero Trust security. But Zero Trust has become as much a marketing term as it is a valid approach to security.
This leads to the last issue we need to consider: the overwhelming amount of security solutions out there that promise to solve the cloud security challenge – but only add to the complexity. At present, there is no one vendor that offers complete data protection end-to-end in any environment, at any time.
While some vendors say they do, MSPs and MSSPs need to be cautious of anything that sounds too good to be true.
A crowded market of solutions that do the same thing?!
With Zero Trust and data security stuck on the front page of every marketing brochure out there, how can MSPs and MSSPs truly find the right security solutions that will protect their customers – at the right price?
These days, a few security solutions have emerged as the most promising answers. Picking one or two, though, is proving difficult. Many of these security technologies seem to have overlapping functions – such as cloud access security brokers (CASB) and cloud-based data loss prevention (DLP).
There are also emerging solutions like secure access service edge (SASE) and extended detection and response (XDR), which promise a lot but deliver little.
To round off this section, we’ll give you an overview of each of these solutions.
- SASE: A convergence of WAN with already existing next-generation security solutions like Cloud Access Security Brokers, Firewalls as a Service, Secure Web Gateways and the Zero Trust Model. When combined, these solutions form SASE; a streamlined, cloud-delivered security service that protects data at the edge, while delivering high-speed functionality that improves the end-user experience.
- XDR: A holistic security solution for detection and response. It breaks down the silos between different security layers – such as endpoints, email, the cloud and the network – to provide comprehensive monitoring and detection capabilities across the entire attack surface.
- CASB: An on-premises, or cloud-based security policy enforcement point, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed.
- Cloud-based DLP (next-gen CASB): A solution that integrates with application programming interfaces (APIs), providing security and monitoring by maintaining a dialogue with other known APIs. Not only can it scan SaaS apps for sensitive data, but it can also detect instances of malware and analyze user behavior to prevent insider threats.
The illusion of SASE and XDR
For MSPs, MSSPs and their customers, there’s great appeal in an end-to-end security solution. Consolidation makes a lot of sense from both a cost and management perspective. However, we can’t stress enough how wary of SASE and XDR organizations need to be.
Both SASE and XDR are still in their infancy stages. Most vendors who offer SASE and XDR deployments are missing pieces of the puzzle – despite what their marketing materials might promise!
For example, with SASE, the complexity of deployment and integration challenges mean that most solutions currently fall short. SASE will only be worthwhile if it can provide wide-ranging availability and security at the edge. However, currently, there simply isn’t the infrastructure to enable it, meaning SASE could create shadow IT problems while also being expensive.
Similarly, while XDR looks appealing, no vendor out there has put together the complete package yet. Some provide effective endpoint and cloud capabilities, while others will have strong endpoint and email capabilities – but no one vendor has it all. Going with one vendor for an incomplete XDR solution means you may have to double up later, which will be a cost drain and could likely lead to integration issues.
So, what’s the next step to take?
Looking back at our rundown of the top security solutions out there to solve the cloud security challenge, we can see that XDR and SASE need to be crossed off the list for now and reviewed at a later date.
That leaves CASBs and cloud-based DLP. Cloud-based DLP is an evolution of the traditional CASB, which uses proxies. Proxies are infamous for issues to do with missing users and data. On the other hand, API-based cloud DLP can secure cloud apps accessed by unmanaged devices and endpoints. The protection offered by these solutions is expansive and borderless, reaching beyond the firewall to secure, check and analyze any and all incoming traffic to your cloud applications.
As more organizations rely on applications like Slack, Teams and Google Workspace, working with a cloud-based DLP vendor is one of the smartest moves MSPs and MSSPs can take to secure enterprise data in the cloud.
Solutions like our cloud-based data loss prevention (SaaS DLP) help you to secure data as it travels through collaboration tools and cloud applications. Polymer ensures that only authenticated, trusted users can access sensitive data, keeping it safe no matter where employees are.