White Paper: Managed Security Services Boosting MSP Value
EXECUTIVE SUMMARY
Managed Services Providers become better acquainted with their clients’ IT environment than arguably the client themselves. Managed services are a preventive model that relies on remotely monitoring systems around the clock to keep networks humming with minimal or no downtime. As a result, MSPs acquire an unmatched level of insight about their clients’ environments, and in so doing, they become better positioned than anyone to secure their clients’ networks. MSPs that do not provide security services are turning their backs on profit and squandering the opportunity to tighten their client relationships. With widespread Internet viruses a common occurrence and targeted network attacks rapidly increasing, MSPs should view protecting clients from breaches and data leaks as a priority. Yet, only one-fourth of MSPs deliver managed security services effectively. Others provide only the basics: antivirus and malware protection – while still others use a hodgepodge of tools delivering varied levels of effectiveness based on how well the tools work together. Most troubling, some MSPs approach security in reactive mode, which is counter to the preventive goals of managed services. MSPs, however, have the opportunity to deliver comprehensive managed security service that fully integrates with remote monitoring and management tools by partnering with a vendor that offers a low-cost, nonintrusive, all-in-one security approach. Such an offering includes intrusion detection (SIEM), user credentialing, password management, single sign on (SaaS and web), log archiving, compliance reporting and access control. And, it incorporates engines that correlate and automate the handling of routine management tasks (REACT) such as first-line response and remediation. A managed security offering with all these components generates additional profit (annual/monthly recurring revenue) and opens new opportunities for MSPs to deliver value and strengthen client relationships.
SECURITY BACKGROUND
IT security incidents, unfortunately, are a fact of life. And 91% of organizations polled by Gartner said they experienced at least one from an external source in 2012. Even more troubling is the Ponemon Institute statistic that notes due to complexity, over 70% of organizations still not adequately securing critical systems. Although the most serious breaches tend to grab the headlines, companies of all sizes, designs, and industries experience them to the degree of a median cost of 3.8 million per incident. And breaches affect more than just the company entity. It has significant and long-ranging impact on their partners, suppliers, contractors and, most potentially damaging, the trust bond with customers. Breaches have dire consequences, costing many millions of dollars in remediation and tarnishing a company’s reputation. Sales and profits take a hit, and in some cases, a security breach delivers a blow so devastating that the affected company never recovers and – ultimately – goes out of business. It is imperative, therefore, that organizations take steps to protect private data and prevent intellectual property theft. They must deploy technology and implement policies supported by documentation to prove a sound security strategy is in effect. Proper security requires a comprehensive approach, covering a range of areas that include user access, data encryption, network inviolability, leak prevention, identity and credentialing control and documented policies. User access tools and policies address who has access to what information within a network. Access controls are necessary to identity which employees, partners, and clients can access and modify the data to which they have rights. Data location (encryption) is a primary concern for network and security administrators, especially when data travels in and out of the network.
Keeping track of data at all times while it is in transit, in storage or in use is fundamental to comprehensive security architecture. Network inviolability is an ambitious objective, considering hackers constantly exploit new vulnerabilities to get at private data. Through a combination of firewalls, identity management, access control, encryption, patching, updates and detection software, organizations can endeavor to minimize security risks. Leak prevention measures recognize that not every security threat is external, and that it is necessary to deploy security tools that detect accidental and intentional data leaks. Security policies ensure that security measures are followed. They set parameters for data access and require repeatable processes, which should be documented to create a paper trail proving that an organization has taken proper steps to protect systems and data. This is particularly important in heavily regulated industries such as health care, finance, legal services and retail.
REGULATORY COMPLIANCE
One of the key drivers to IT security investment is compliance. Several industries are bound by various mandates that require certain transparencies and security measures. They are designed to mitigate aspects of risk including maintaining the sacrosanctity of customer information, financial data and other proprietary information. From financial businesses, to retail, to healthcare, to public and government organizations, the responsibility to institute specific best practices that identify and remediate online threats and network vulnerabilities has become a growing priority amongst IT professionals and executives. In general, compliance agencies (which include, but are not limited to HIPAA, HITECH, GLBA, Sarbanes-Oxley, FFIEC, NERC, FERPA and CIP have placed strict security requirements that are generally universal in their need to audit and document that certain security provisions are addressed. These typically include user access, identity credentials, system log archiving and reporting and intrusion detection. The SANS Institute recognizes 20 critical controls that generally address most to the compliance audit requirements. They are:
Inventory of Authorized and Unauthorized Devices
Inventory of Authorized and Unauthorized Software
Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Continuous Vulnerability Assessment and Remediation
Malware Defenses
Application Software Security
Wireless Device Control
Data Recovery Capability
Security Skills Assessment and Appropriate Training to Fill Gaps
Secure Configurations for Network Devices (ie: firewalls, routers, switches)
Limitation and Control of Network Ports, Protocols, and Services
Controlled Use of Administrative Privileges
Boundary Defense
Maintenance, Monitoring, and Analysis of Audit Logs
Controlled Access Based on the Need to Know
Account Monitoring and Control
Data Loss Prevention
Incident Response and Management
Secure Network Engineering
Penetration Tests and Red Team Exercises
Achieving compliance with a matrix of state, federal and industry laws is a tall order for any company, especially if they try to do it all themselves. This is where MSPs can make a huge difference for their clients. Because MSPs rely on automation and prevention, they have the skills and experience to simplify the whole security process by delivering it as a managed service that includes remote monitoring and automates various tasks, such as patching, vulnerability scanning analysis and leak prevention.
Since security and compliance are bigger challenges than many companies can handle, the responsibility to keep client data safe naturally falls on the service provider. With the advent of managed services, which have largely transformed IT services from remediation to prevention, MSPs have an opportunity to deliver affordable, scalable and flexible security services that increase the service provider’s value in the eyes of the customer.
Security should become part of the MSP’s SLA (service level agreement) with the client, clearly setting expectations by addressing user access, network inviolability, data location, leak prevention and security policy maintenance. Managed security adds revenue to the MSP business, strengthens the relationship with the customer and allows the service provider to differentiate itself from the pack. MSPs can leverage their intimate knowledge of their clients’ IT environment and industry compliance needs to devise a strategy for protecting clients from breaches, internal sabotage or careless leaks. As such, managed security is an important element in elevating the IT services provider to the much-heralded and desired role of IT trusted advisor. Managed security services, if implemented as a comprehensive, end-to-end approach, may actually provide a higher level of systems and data protection than traditional premise-based security. That’s because managed security is administered centrally, automating updates, patches, scans and analyses of new threats. Security systems deployed on-site often are stitched together with different components, often in separate silos, from multiple vendors that don’t necessarily work well together, thereby failing to address all vulnerabilities. Automation and centralized management reduce errors, simplify admin tasks and reduce costs. And, by removing the burden of network security management and regulatory compliance, MSPs make it easier for clients to focus on core business. This translates to increased productivity for the client and, ultimately, the potential to boost recurring revenue/profit. Your value to your client becomes that of a strategic business facilitator and broker of tactical advantages to allow client focus on core competencies.
Managed services platform provider XeneX offers an all-in-one managed security service that removes much of the complicated integration and implementation work typically involved in setting up a security infrastructure. We call this REACT (Realtime Event and Access Correlation Technology) In today’s complex, multi-networked and interlaced business environment, cyber-security concerns like breaches are becoming increasingly and alarmingly common; internal sabotage, user carelessness, or hackers--in all these cases sensitive data is at risk. Experts agree it’s when, not if a network’s assets will be attacked. However, the elements needed to properly combat theft, leakage and other intrusive and persistent threats are typically resource heavy and cost prohibitive. In many cases, only larger enterprises can afford to deploy a security initiative that sufficiently addresses the many silos, endpoints and vulnerabilities across an entire integrated IT landscape. Addressing the issue from the cloud solves several pressing issues while providing the necessary heft to create the visibility to govern credentialing policies, remediate threats and satisfy compliance requirements across any sized enterprise. Yet the key to a successful security initiative is not that an organization employs one or many solutions, but rather they leverage one another’s capabilities and provide real time correlation and situational context 24/7/365. Like the old proverb, the whole is stronger than the sum of its parts. And that’s where XeneX’s REACT platform creates unique value. REACT (Realtime Event and Access Correlation Technology) is a unified, cloud-based security platform that leverages the cooperative functionality of its key deployed solutions. It creates a holistic approach to security management and asset protection by broadening
the reach and scope of enterprise monitoring, strengthening access authentication and centralizing control. It is the only cloud-managed offering that incorporates all these key security capabilities from a multi-tenant, DevOps cloud. As a comprehensive forensic analytic, REACT is not a collection of individual solutions, but an interpolation process of all the data across the enterprise to gain a truly holistic security vantage point.
REACT unifies 4 cloud-deployed elements:
SIEM
Enterprise Access Control (Access Mgmt, Gateway, SSO)
Identity Management (Provisioning/Password Management)
Log Management
Each, independently, addresses certain security and/or compliance functions. When centralized, working together, and monitored in real time, companies enhance their ability to "react", improve the granular visibility across independent silos and provide stronger enterprise protection. This allows for a higher, more responsive degree of proactivity through security administration and faster reactivity to any actionable event. Unification is about better visibility. And, REACT is a tightly collaborative system where everything is correlated in real time in order to provide an accurate and up-to-the-moment view of online and network resources.
Simply stated, an organization always knows:
WHO is logging in?
WHAT assets are they viewing/accessing/modifying?
WHERE is the affecting device?
HOW is the user/visitor credentialed/authorized?
WHAT is the level of IMPACT to the vulnerability/threat landscape?
Complimenting the advantage of the integrated cloud-based deployment, REACT offers live security-as-a-service analysts to continuously monitor and administer the IT security landscape. This provides the necessary resources to support proactive defense planning, focus on business needs, and empower an organization to make better decisions faster; especially considering Big Data and BYOD.
SUMMARY OF CLIENT NEED
Lack of enterprise security visibility, monitoring, and management
Limited IT budgets and resources
Satisfaction of regulatory compliance issues
Existing solutions too expensive and difficult to implement
Lack of operational control & efficiency
Lack of internal security expertise
Speed to full-scale (enterprise) deployment
Centralization, integration with other security investments/ initiatives
SUMMARY OF CLIENT BENEFITS
No hardware, software purchase
Pay-as-you-go and scalable
Zero-day start
Low cost, easy, centralized management
Meet compliance and regulatory audit requirements
PCI, HIPPAA, SOX
Automated processes provide ease of uses, greater visibility
24/7 Monitoring and Management by security experts
Unified solutions or individual components based on need
Low friction on-boarding/provisioning
MSP BENEFITS
The next generation of enterprise security solutions is developed deployed and managed from the cloud. And XeneX is one of the elite few companies that provide a comprehensive and integrated suite of cloud-based solutions that can transform how your customers protect their assets. MSPs benefit from XeneXs’ managed security offering in multiple ways, primarily by gaining a new source of revenue and stronger customer relationships. Higher profitability – Adding security to managed services produce a new revenue source. Cost effectiveness – The integration of industry-leading technology and services, as opposed to negotiating separate contracts with multiple vendors to build a comparable solution, lowers TCO and related expenses. Centralized management – Management is simplified through a dashboard that incorporates all the key tools, information, activity and reporting requirements…the entire security landscape in one place.
The XeneX MSP Program helps consultants and managed service providers increase sales in the white hot cloud security market.
We offer:
Generous margins and volume discounts
Referral opportunities to generate additional revenue
Sales, marketing, and training support
Pre- and post sales technical support
Gratis installation, configuration of XeneX solutions for your network