Managed service providers (MSPs) are keeping an eye out for any opportunity to expand the portfolio of services they offer. The challenge is determining what pain point affects a broad enough range of customers to financially sustain a practice. At the start of 2020, the most under-served opportunity might very well be identity management.
If MSPs look back, it becomes abundantly obvious that most major security breaches that have occurred over the past year involved a set of credentials that were compromised. This is not because end users have become careless. Rather, the number of credentials that each end user is trying to manage has increased because more platforms are being adopted by organization.
With each new mobile device or cloud computing platform that is adopted, the number of credentials that need to be managed exponentially increases. The problem is that most organizations still don’t have a centralized approach to managing all the identities associated with them.
In fact, a recent survey of 511 IT security professionals conducted by Dimensional Research on behalf of the Identity Defined Security Alliance (IDSA), a consortium of vendors and solution providers focused on identity management issues, finds that only half (53 percent) of security teams have any level of ownership for identity access management (IAM). A wide range of organizational issues are to blame for this, including lack of alignment of goals (33 percent), reporting structure (30 percent), history of security not being involved (30 percent), and resistance from existing teams (24 percent). Budget ownership issues (40%) is cited as the top reason organization are not spending more on IAM.
Identity security worries IT professionals
Yet, survey respondents said they are worried about a range of potential identity-related security issues, including phishing (83 percent), social engineering (70 percent), and compromised privileged identities (64 percent). Overall, 52 percent said the number of identities that need to be managed has grown more than five-fold in the past 10 years.
As long as human beings are involved in IT, there will always be cybersecurity issues involving compromised credentials. However, MSPs arguably have a greater vested interest in identity management than many might appreciate.
Every time there is a successful phishing attack, for example, it’s usually the MSP that gets tasked with cleaning up the mess. Invariably, all that time and effort cuts into the bottom line of the MSP. The most profitable MSPs throughout the next decade are not going to be the ones that respond best in a crisis, but rather the ones that focus on preventing issues from arising in the first place.
Any MSP today that is already providing managed security services should view IAM as a natural extension. It may take a little effort to get customers to appreciate the fact that IAM issues are one of the root causes of data breaches. However, once they do, most customers will be grateful to the MSP that helps them address this issue.
Photo: Eakrin Rasadonyindee / Shutterstock
