Scaling Your SOC
For growth-minded MSPs
The world of IT services is rapidly evolving, and nowhere is the front line of this evolution more evident than in what you, the trusted MSP, face on a daily basis.
From the “break/fix” model of the early '90s to the recurring revenue managed services model of today, MSPs now face a rapidly growing market fraught with challenges, and opportunities.
In fact, the global managed services market is expected to grow from $180.5 billion (USD) in 2018 to $282.0 billion by 2023, at a CAGR of 9.3% during the forecast period.
The increase in spending on IT coincides with the global rise in work being done online. Estimates cite that 80 billion devices will be connected to the internet by 2025, and, as work shifts online, so does data. At the current global rate, 2.5 quintillion bytes of data are being created every day, and one staggering statistic from IDC predicts that the collective sum of the world’s data will grow to 175 zettabytes by 2025, representing a compounded annual growth rate of 61%.
The bad news is, data breaches are also becoming the norm. Consider JPMorgan Chase’s 2014 data breach that impacted 7 million small businesses (the company subsequently doubled its cybersecurity budget to $500M) or the 2006 TJX data breach that cost $200M.
In fact, as more and more people go online, not only do more and more crimes shift online but so does the financial impact and occurrence of those crimes. The annual cost of cybercrime is expected to increase to $6T by 2021, up from $3T in 2015, and, ransomware attacks that happened every 40 seconds in 2016 are expected to happen every 11 seconds by 2021.
And as expected, regulation is following at a rapid pace. Europe’s General Data Protection Regulation (GDPR), Singapore’s Personal Data Protection Act (PDPA), and the Philippines Data Privacy Act (DPA) are just a few far-reaching examples of data protection laws being established across both the developed and developing world.
This confluence of factors has put MSPs in the hot seat. As a trusted IT provider, YOU are the natural choice for your customers to turn to for all IT needs - security included.
This eBook is the first step in exploring how you can successfully scale your security offerings, and compete in the ever-evolving world of cybersecurity.
Amidst this mounting threat and growing dependence on the cloud, one thing is clear: the cybersecurity talent shortage is only becoming more prevalent.
Data and privacy are highlighted by CEOs as one of their top challenges in 2019, and businesses are struggling to recruit the skilled staff or partners required to defend their data against any imminent security breach. In an already talent-scarce environment, the gap between supply and demand is only expected to increase, with the global cybersecurity talent gap predicted to climb to 3.5 million job openings by 2021.
Following the database breaches of large corporations such as LinkedIn and Sony, and high-profile government email hacking scandals, many executives and senior managers now recognize the importance of a cybersecurity risk management program and are turning to MSPs for their security needs.
MSPs are struggling to find the right talent to help scale their SOC, and to retain them in the long run. MSPs are also competing in the recruitment process with other MSPs and large organizations who have more budget to invest in hiring dedicated professionals.
Cybersecurity is a 24/7/365 business and many MSPs can’t afford the staff they need for nights, weekends, and holidays - particularly as many businesses expect this as part of the security offer service.
With over 478 threats every minute, cybersecurity analysts are suffering from notification fatigue and struggling to keep up with the growing volume and complexity of today’s cyber-threats.
From hardware to software, running a security operations center requires a myriad of infrastructure, systems, and processes.
|Building your own SOC||Outsourcing your SOC||A hybrid approach|
Studies have shown that the outsourced model works better for many MSPs looking to scale, and can lead to significant cost and risk reduction, as well as faster threat detection.
Considered as one of the security operations center best practices, outsourcing your SOC can significantly reduce costs, especially when considering the investment an MSP needs for salary and recruitment, technology, and process updates.
Is your business ready to scale?
Your security operations center framework needs to be based on a predictive model, with proven ROI and a replicable process over time and with an increase in volume.
Although MSP revenues have increased by 42%, profits have decreased by 30%. You need to be able to predict and control expenses, know how much time and money you are spending to earn your revenue, and see if this is sustainable in the long run.
This isn’t necessarily your management team - it is the team of long-term employees that you can count on who currently work in across your existing SOC and NOC teams. Scaling is rarely a smooth road, and these will be the experts to rely on when the business needs it.
Growing your team means on-boarding new employees or business partners to help you realize your vision. This team needs to believe in your company’s mission and your unique selling proposition, in order to attract customers and deliver outstanding service.
Data can be used in the cybersecurity field to analyze risk and make decisions accordingly. However, currently, SOCs have to deal with an overwhelming amount of data, leaving many analysts struggling to make sense of the magnitude of information available and how to use this to improve business operations.
MSPs will need to shift their SOC focus from reaction mode to analysis mode, and place priority on data that informs business intelligence. Security and business data need to be merged and access to this information centralized into a data lake to help guide analysts in their decision-making process.
Cybersecurity and data protection no longer deals in hypotheticals. Businesses are preparing themselves for an imminent security breach, which means that MSPs and their business partners need to have the right organization and tools in place to react swiftly when a breach happens.
Security operations will be integral to business operations, and more companies will either have CISO roles or integrate security and data protection into the role of the CTO or CIO. For MSPs, the key stakeholders in the business will likely evolve to include different departments, all of whom will have different expectations, priorities, and KPIs.
Historically, SOCs would respond to attacks by analyzing the threat and the impact, then react accordingly. However, malware and ransomware can modify themselves every few seconds, leaving humans in a constant state of catch-up.
If attacks are happening at machine speed, SOCs need to respond at machine speed – and this can only be done through automation. Automated decision-making is the only way SOCs can continue to protect companies from the increased frequency and adaptability of cybersecurity threats, with the orchestration and automation of machine learning and artificial intelligence (AI) becoming a necessity for security operations in the future.
By the end of 2019, the global cybersecurity talent shortfall is predicted to be approximately 1.5 million unfilled positions. The talent a SOC needs to succeed will either not be available, be available but quickly leave in pursuit of a better offer, or cost a hefty amount to retain.
With this context, SOCs will need to shift their mindset from hiring for skills to hiring for opportunity and behavior. Although a certain degree of hands-on skills will help, MSPs should focus on finding creative, resourceful, agile, and ethical employees who can be trained to become analysts, rather than the other way around.
Using security operations center best practices and a talented team of fully trained analysts, SOC Managers, MSP SIEM content authors, and engineers, Bolton Labs can help you provide your customers with always-on monitoring against the latest security threats – all with predictable pricing that protects your bottom line.