By Tristan Hinsley, Cybersecurity Expert, TDI Security
Given the remote nature of most Managed Security Service Providers’ (MSSPs) business operations, most would imagine they would be well-positioned to deal with a near-nationwide work-from-home workplace transition, and for the most part that’s true. However, while some say that their transition for their own employees to remote work was quick and effective, MSSPs have also had to shift their existing security services to better protect their customers’ more geographically distributed workforce. This comes with its own challenges depending on the scale of the changes needed to accommodate remote work, but for MSSPs who have large clients with demanding IT security needs it could be a monumental task.
The Impact of Remote Work on MSSPs
Due to the nature of the business operations of most MSSPs, remote work comes naturally as most of their services are provided remotely even in pre-pandemic times. This places MSSPs in a particularly advantageous position compared to other segments of the market during challenging times, because it allows for faster response to rapid shifts in the industry. But this doesn’t mean that MSSPs are completely immune to the shift; because they are responsible for securing their client’s infrastructure, many MSSPs are struggling with establishing secure remote work protocols for their clients in a timely manner. This aspect is particularly troublesome when you consider that an IBM survey of over two thousand respondents found that 52% of remote employees are using personal laptops to conduct work activities. Securing non-organizationally owned endpoints is particularly difficult, and insecure personal devices operating on an insecure personal network handling organizational data is never a good place to be for a security team.
Market Uncertainty for MSSPs
The other looming issue for MSSPs is the economic impact of the pandemic. While the full economic damage from the nationwide lockdown is still relatively unknown, many organizations are being cautious with their short-term projections. With so much market uncertainty, many organizations are hoping for the best but planning for the worst. Gartner has predicted that global IT spending will decline by around 8% overall in 2020, and that security spending specifically will drop from the initially projected 8.7% increase in spending down to a 2.4% increase. Other industry voices such as CxO Advisor for Cyber Strategy John Hellickson opines that “We’re a bit early to see an industrywide trend on cybersecurity budgets due to COVID-19, but at this time, many security teams have had their allocated budgets put on hold or reduced altogether, as businesses adjust to revenue shortfalls.” If businesses are limiting spending in anticipation of reduced revenue, MSSPs may find reduced demand for their products moving forward. Small and medium-sized businesses may be most impacted by the economic fallout, as organizations cut back on cybersecurity spending while large cybersecurity firms already have existing contracts and brand recognition.
While security consulting firms are largely placed in a better position to weather the storm than other industries, many will still feel the impact in one way or another. Whether it be by reduced security spending and revenues, the hurdles of securing a remote workforce, or increased risk as cybercriminals ramp up efforts to compromise key remote employees; security firms and MSSPs, in particular, may be in for a rough ride in coming months. Market uncertainty is always a stressful time because even in the best of times it can be hard to tell whether a given decision is the right one. Making the right decisions as an MSSP requires maximizing market knowledge, organizational visibility, and a complete understanding of their clients’ needs. Make sure you have the right knowledge and tools to provide the best results for your clients.
About the Author
Tristan Hinsley is a Cybersecurity expert at TDI Security and Undergraduate Student at George Mason University studying Information Security. In his time at TDI, Tristan has gained experience in NIST 800-171 Compliance and Auditing, as well as a number of tangentially related areas.