The MSPMentor blog had a post following up on Gray Hall’s post about MSSP fading as Cloud Providers expand. John Moore who wrote the piece for MSPMentor (which is a great resource by the way), actually interviewed Gray to further clarify what he was saying in his original post. Moore than gave a chance for one of the traditional MSSPs, SecureWorks to respond. Their response was sadly typical and shows that not only do many traditional MSSPs not realize the game is changing, they don’t understand the new rules and players that Cloud Computing is ushering in.
SecureWorks while acknowledging that up to 80% of their business is still traditional on premises engagements (I wonder what the consulting services percentage is to the whole versus reoccurring revenue) responded with two data points:
1. SecureWorks already delivers such offerings as vulnerability scanning, Web application scanning, and Security Information Management as on-demand services. Allen Vance, senior product manager at SecureWorks, said “more on-demand services are on the way in the data security and application security fields.”
2. SecureWorks views cloud providers as a channel for its security services; partnering announcements are forthcoming.
If this wasn’t so pathetic I would laugh. Obviously the SecureWorks team has equated on demand with SaaS services. However, lets be clear they are not the same! On demand services just means that a customer can “self-order” in some automated fashion to have a service (in this case basic scanning) performed via a web interface. It does not talk to the infrastructure, architecture or scalability that cloud based services require and that Service Providers of tomorrow will demand. Integration with these Cloud Providers billing and deployment systems, security of the multi-tenant environments (they don’t even mention if their service is multi-tenant), APIs for integration are all sadly missing from SecureWorks lexicon here. They think putting up a service via the web that someone can order and have a scan performed is cloud based SaaS. Having a security service based in the cloud is not the same as having a cloud security solution. If no one else will, let me be the first to tell them. Guys you have it all wrong! Go back to the drawing board and come back when you have a real SaaS solution.
Secondly the “cloud providers are a channel, announcements are forthcoming” had me envisioning cloud providers as cattle at the slaughterhouse lined up waiting to be butchered. You can almost see the SecureWorks executives and sales people frothing at the mouth ready to devour this new meal on the hoof. Guys, Cloud Providers are partners not lunch. If you think you are going to re-package your existing on prem services and try to “fatten up” cloud providers, so that you can develop a new source of revenue, you are sadly mistaken.
MSSPs should be looking at how they can change and adapt to work with cloud providers. There is much they can learn about how customers will be engaged, billed and serviced. You are not going to shove the round peg in this square hole and be successful. Understand what IaaS and PaaS is and how it works. How true SaaS and not “on demand” plays into that world. Otherwise you are doomed to failure.
The bottom line is that if SecureWorks comments in this article are representative of most MSSPs, they really are in for a rough ride in a Cloudy World.
Related articles by Zemanta
- Service Provider of Tomorrow, Part 10: as MSSP and SIEM wither, will SaaS vendors define a new category for Cloud Security solutions? (securecloudreview.com)
- Will the Cloud Rain on the MSSP Parade? (ashimmy.com)
- Top 5 Reasons Why Traditional Managed Security Services Will Fail in the Cloud (securecloudreview.com)
