Content, Channel partners, MSP, Networking, Channel technologies

MSP Security Operations Centers: Build, Buy or Partner for Cybersecurity SOCs?

Credit: Getty Images

Within the high risk/high reward cybersecurity market, MSPs have reached another business inflection point: Should  they build, buy or partner their way into the security operations center (SOC) market?

Before you answer consider the variables.

  • Medium Risk: It's one thing for an MSP to offer endpoint security and basic ransomware recovery capabilities like backup and restore services.
  • Higher Risk: It's quite another thing for an MSP to build out a full-blown, fully-staffed SOC. Building a full-blown SOC involves time, money, technical expertise -- and a strong stomach for risk. Indeed, many MSPs are watching recent high-profile breaches involving Deloitte and Equifax and wondering about the risks and costs associated with full-blown managed security services. Mismanage the SOC and your associated customer base, and you could face a permanent business outage...

With those variables in mind, MSP-centric SOC conversations will be front-and-center at two upcoming conferences:

ChannelE2E will be on-hand for both gatherings and the associated SOC conversations.

Continuum's Security Operations Center for MSPs: Open for Business?

New VeriShip CEO Michael George
Continuum CEO Michael George

At Continuum Navigate, it's safe to expect CEO Michael George to discuss a new Security Operations Center launch that was purpose built for MSPs. Continuum already offers RMM (remote monitoring and management), BDR (backup and disaster recovery), help desk and NOC (network operations center) services to MSPs, particularly in the SMB sector.

Continuum has already made a strong business case that explains why MSPs should outsource to the company. And George has has hinted for about a year that the next MSP-to-Continuum outsourcing opportunity will be a SOC.

Extending into the SOC sector sounds like a natural move -- especially since Continuum's core rivals (Autotask, ConnectWise, Kaseya and SolarWinds MSP) don't offer a SOC to MSPs. Still, I'll be curious to see exactly what type of horsepower and automation Continuum brings to the SOC sector.

Meanwhile, at the SolarWinds MSP conference I'll be moderating a panel about the journey from MSP to MSSP. I'll share more details about the panel experts sometime in October. In the meantime, I concede: Most MSPs will never transform into full-blown MSSPs. Instead, I expect most MSPs to significantly expand their security businesses by introducing virtual Chief Information Security Officer(vCISO) services -- while partnering with larger MSSP players to more aggressively safeguard customer data.

Can You Really Afford to Build A SOC?

Related: The Top 100 MSSPs for 2017
MKACyber CEO Mischel Kwon

Here again, it's important to mention the investments that a full-blown SOC requires. Consider the situation at MKACyber, a Top 100 MSSP for 2017 that recently raised $4.1 million in funding. CEO Mischel Kwon recently told me that 30 of her 50 employees are analysts focused on the SOC. Frankly, the vast majority of MSPs supporting SMB customers can't afford to recruit and retain that type of talent -- if they could even find that type of talent.

Still not sure about the build vs. partner debate? Here's some basic math that explains why most MSPs can't afford to build their own SOCs. And that's why MSPs have a growing list of potential SOC partner options.

Am I wrong? Drop me an email to explain why: [email protected].

Oh, and a teaser alert: The managed security conversation will also surface at two conferences in November 2017: Cisco Partner Summit and ConnectWise IT Nation. Hush, hush for now.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.