Anthony (Tony) Sabaj is currently the Director of Channel Security Engineering for North America at Check Point, with over 25 years of experience in the Cyber/Information/Network security. Tony has been at Check Point since 2002 in a variety of sales and technical roles. Prior to joining Check Point, Tony was a Senior Product Manager at Telenisus, a startup MSSP/VAR in Chicago. In 2001 the MSSP business of Telenisus was sold to Verisign to start their MSSP business and the VAR business was sold to Forsythe to start their Security Practice. Tony joined Forsythe shortly after that acquisition as a Security Consultant and Certified Check Point trainer. Tony started his career with Arthur Andersen/Andersen Consulting, building their worldwide IP network, designing the security controls for the firm and helping build their external Security Consulting Practice.
In this two part interview series, Tony Sabaj discusses the adoption of Managed Security Service Providers (MSSPs). From considerations in choosing an MSSP provider to the opportunities and challenges that come with relying on MSSPs, this interview provides premium cyber security insights.
In the context of the pandemic, what types of organizations are newly seeking out managed security service providers (MSSPs)?
As a result of the pandemic and the rapid shift to work from home/anywhere, organizations have increased their capacity to allow for a remote workforce. This includes not just remote access for employees and contractors, but a rapid adoption of cloud services in the areas of infrastructure, AWS, Azure, GCP, and SaaS services, Office 365, and Conferencing Applications just to name a few. Many organizations hastily implemented these solutions and now need expertise in management of the security controls in and around these newly deployed technologies.
Broadly speaking, what should organizations look for in MSSP offerings?
The first thing organizations should look for is to make sure they are working with an MSSP and not an MSP (Managed Service Provider). The basic difference is that an MSP will manage devices or applications for uptime, health, and directed move/add/changes. Whereas an MSSP is providing the security expertise as a service, creating security policy, security monitoring and response to security incidents. Secondly, organizations should look for expertise in their specific field/vertical. There are security controls that are universal for almost all organizations, but especially when it comes to compliance and governance, the security controls differ based on industry. Make sure that an MSSP is taking into account regulations or frameworks that an organization needs to adhere to, including ISO 27001, HIPAA, PCI, GDPR, and NERC, just to name a few.
Where can MSSPs assist organizations in saving on security costs?
MSSPs have the ability to be more efficient with the utilization of resources; human resources, technology resources and processes are delivered and utilized with efficiency that is unmatched by most organizations. Because an MSSP delivers as a service, there are fewer upfront costs for an organization, freeing up capital to be invested in other areas of the organization.
How can managed security relieve the strain on IT resources?
Seventy-six percent of organizations report a cyber-security skills gap. Obviously, there is a shortage of qualified cyber security professionals. MSSPs can bridge that gap by providing an in-demand skill set at an economy of scale that is difficult for most organizations to match. Utilizing the right MSSP can allow an organization to focus their resources on the products and services of that particular organization. Outside of the day-to-day responsibilities of an MSSP, they are more prepared to respond and handle security incidents. Most security incidents require quick and agile response, even if you ignore the skills gap facing most organizations. An MSSP will have the capacity on hand to adequately respond with a group of experts that most businesses cannot afford to have on staff.
Is working with an MSSP always a magic bullet type of solution?
It is never a magic bullet for any organization, utilizing an MSSP has many advantages but also comes with challenges.
Opportunities?
Besides previously mentioned benefits, an MSSP will have broader knowledge of the cyber security space, access to the latest security tools, and will understand unknown security concerns, at least in relation to the client. Working with an MSSP allows an organization to pivot or migrate to other solutions faster than they would be able to in-house. Organizations that purchased, implemented, and trained staff with particular controls that no longer suit their needs would be required to start over, maintain multiple systems and incur the upfront costs of a newer solution. By utilizing an MSSP, the organization can chose different solution offerings from the MSSP or even switch MSSPs more quickly and more cost-efficiently.
Challenges?
In most cases, utilizing an MSSP does not transfer liability. The organization still needs to be vigilant and abreast of the cyber security posture of their organization. Ultimately, the organization is responsible for ensuring adequate protections are in place. Organizations need to inspect and ensure that the MSSP offers clear reporting and metrics in relation to the services that they are providing.
Did you find this interview informative? Check back for part two next week!