Small business cybersecurity: The case for MSSPs

Small businesses may not have the staff needed to use automated security platforms, which is one reason why opting for a Managed Security Service Provider (MSSP) might be the better option.

encryption.jpg
Image: phototechno, Getty Images/iStockphoto

Smaller-sized businesses, particularly those lacking an IT staff, are targets for digital bad guys. The tech media is debating which is best for small businesses: An automated-security solution or a managed-security solution. Ben Canner, a veteran enterprise-tech writer, in his Solutions Review article Managed Security vs. Automated Security: What Works Better?, offers the following insight into each security solution.

Automated security means using artificial intelligence (AI) and automated tools to handle routine yet essential security tasks. These tasks can include:

  • Analyzing security events;
  • Examining security alerts to determine whether they are false alarms; and
  • Responding to recognized threats through machine learning.

Managed security entails outsourcing cybersecurity to a third-party vendor—typically a Managed Security Service Provider (MSSP)—with acumen in all aspects of cybersecurity, allowing the MSSP to detect and remediate threats on the customer's digital infrastructure.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Automated v. managed security: The decision-making process

According to Canner, the first step in the decision-making process for small-business owners should be assessing existing cybersecurity, in particular:

  • How much time is spent on menial security tasks?
  • Are those responsible overwhelmed by security issues?
  • Can employees focus on their actual work, or is there a need to change gears as cybersecurity events occur?

Why MSSPs might be the better option

Clearly, the industry favors using AI and automated tools, which requires qualified personnel—something small businesses often lack. The good news is most MSSPs enhance their managed approach by using automated-security technology.

This likely gives MSSPs the edge with small-business owners according to Canner. "By hiring a managed security provider, your enterprise could save money in the long term. Not only will you save on the costs of finding, hiring, and training new cybersecurity personnel, your enterprise can also reduce the number of cybersecurity members on staff."

Venkatesh Sundar, founder and CMO at the MSSP Indusface, in this Trak.in article suggests that small businesses with web applications (most nowadays) may especially benefit from MSSPs that employ Managed Web Application Firewalls (MWAFs) as the first line of defense against malicious actors.

"A MWAF ... supports custom and complex rules based on the needs of your business," writes Sundar. "An intelligent, managed WAF gives decision-making power to you or the security analyst to either block, flag or challenge requests."

SEE: Why you should use a Managed Security Service Provider instead of in-house security (TechRepublic)

Brad Taylor, CEO of the MSSP Proficio, puts a finer point on why the human component is vital. In an email, he wrote, "Security tools can absolutely help identify threats, but it's easy to get mired down in alerts with no process or capacity for addressing them. Rather than building their own in-house team of security experts, many organizations look to MSSPs to fill the gaps in their security operations."

Canner, Sundar, and Taylor all point out that MSSPs are the only viable way of overcoming the current talent shortage. "Our customers solve this problem by working with our team of security analysts to manage their security operations," explains Taylor.

The battle against cybercrime

When small-business owners talk about cybercrime, their frustration is palpable. One owner compared cybersecurity to newer cars. It was not that long ago when he could look under the hood of his car and conceivably fix something—now, it makes little sense to even raise the hood. The same line of thought applies to cybersecurity. Again, not that long ago, it was possible to set up what was needed to protect the company's digital assets, and that is not the case today.

According to Proficio's Taylor, that required sophistication is why more than one-fourth of Proficio's employees have served in the military. "We've found veterans to be a tremendous source of talent," mentions Taylor. "Their mindset, approach to problem-solving, and training are all very aligned with our goal of maintaining secure environments."

For an independent take on MSSPs, Gartner published the report: How to Work With an MSSP to Improve Security. Report analysts Anton Chuvakin, Augusto Barros, and Mike Wonham write:

"Managed security services are an increasingly popular way to improve information security, yet many engagements struggle to succeed. This guidance helps technical professionals shape the MSSP relationship, refine their expectations and co-develop successful security architectures."

Also see