Story image

McAfee: Channel opportunities in cybersecurity-as-a-service

22 Jul 2019

Cybersecurity threats are on the rise, but the capability and personnel needed to combat these threats remain in serious shortage.

As such, organisations are outsourcing their cybersecurity needs, resulting in the growth of cybersecurity-as-a-service.

Techday spoke to McAfee MVision Cloud Asia Pacific regional director Joel Camissar about the drivers and the effects of this trend.

1.    What are the factors driving increased demand for as-a-service delivery of cybersecurity? 

Cybercrime has soared, evolved and matured over the years. In fact, recent research reveals that on average, IT pros have dealt with six breaches over the course of their professional lives, while nearly three-quarters (73%) of all breaches have required public disclosure or have affected financial results – putting brand reputation and business viability at risk.  

There is a degree of cyber resilience required from organisations to overcome this. They must identify and address system vulnerabilities, gain control over high-risk accounts, and put in place incident detection and response capabilities. 

But activities associated with these are both time and resource-intensive – often stretching already constrained internal security and operations teams.   

This is where cybersecurity-as-a-service (CSaaS) comes in, which involves an organisation outsourcing the management of its security measures. 

By implementing these, organisations regain visibility and control of their data in the cloud and can leverage the cloud to accelerate their business and improve the security of their data. 

2.    What is the current adoption rate of CSaaS models and how is it expected to change?

Cybersecurity-as-a-service (CSaaS) is expected to represent the largest technology category as organisations look to the channel for increased protection.

According to IDC findings, businesses across the world will spend more than US$21 billion on managed security services during the next 12 months.

For many organisations, cybersecurity is not core to their business and so it makes sense for them to look for specialist organisations to provide a range of services from security monitoring to even virtual CISO as a service. 

IDC sees this as the fastest area of investment for organisations at 14.2%.

Given the rapid pace of transformation to the cloud, organisations are struggling to keep pace with the changing threat landscape to evolve traditional security controls to the cloud.

For example, in McAfee’s Cloud Adoption and Risk Report (June 2019), only 36% of organisations have controls in place to protect Data in Cloud Services.

As a result, there is a tremendous opportunity for the channel to provide cloud security services to protect sensitive customer and corporate data in what is the fastest growing area of the security market right now (IDC sees the Cloud Access Security Broker market growing at 46% CAGR). 

3.    Why is this trend both an opportunity and a threat for channel partners? 

Increasingly, organisations are choosing to outsource their cybersecurity and utilise Cybersecurity-as-a service (CSaaS) to prioritise the security of their data as they roll out different technology services. 

There is a huge opportunity for channel partners to ensure they have vendors within their network that have capable defences to service their customers, and at the same time, become a trusted and strategic partner in offering new revenue streams.  

Organisations turning away from cloud-first strategies due to the ongoing IT skills shortage poses a threat for channel partners.

According to new research, over half (53%) of those organisations surveyed claim this skills gap has slowed adoption rates.

This is significantly higher compared to some international counterparts, where only 30% of IT leaders in the UK and 41% in the US have indicated the skills shortage is a barrier to greater cloud adoption.  

The skills gap continues to present cybersecurity challenges for both vendors and channel partners.

Organisations need to think of their security strategy in terms of risk, governance (those responsible for compliance), people, processes and technology.  

4.    How can channel organisations adapt to take advantage of the demand for cybersecurity-as-a-service options? 

Organisations continuing to understand the impact of cyber threats to their business is creating opportunities for channel partners to expand their capabilities to provide more end-to-end cybersecurity offerings. 

It is therefore important for channel partners to regularly communicate with their vendors to explore value-added opportunities and to participate in regular training and education programs.  

As the skills gap continues to present cybersecurity challenges, and the threat landscape grows by the day, it has become clear that the only way to adequately protect a business is by making cybersecurity an organisational habit.

Organisations need to think of their security strategy in terms of governance (those responsible for compliance), people, processes and technology.