Business executives in the wake of the COVID-19 pandemic are now wrestling with some critical decisions that are likely to define their relationships with managed service providers (MSPs) for many years to come.
A survey of over 1,000 business decision makers in the UK, U.S., France, and Germany conducted by Barracuda Networks finds many businesses are trying to strike a balance between properly funding data protection and security and maintaining headcount. The survey finds half of respondents (50 percent) would consider making workforce reductions if it meant company data protection and security could be properly funded. At the same time, 40 percent said they have already cut their cybersecurity budgets as a cost saving measure to help tackle the COVID-19 crisis.
The decision to cut the security budget in many cases was made even though most respondents said they realize risks are greater now that most employees are working from home. Nearly half (49 percent) said they fully expect to see a data breach or cybersecurity incident in the next month due to remote working, while 46 percent said already had at least one cybersecurity scare since shifting to remote work.
Despite those concerns, well over half (56 percent) plan to continue widespread remote working even after the crisis is over. An almost equal number said the COVID-19 crisis had made them accelerate plans for moving all their data to 100 percent cloud-based model as part of an effort to make applications more accessible to those remote workers.
Cloud application challenges
As most MSPs well know, securing cloud applications when compared to on-premises IT environment is completely different undertaking. The so-called shared responsibility model first lulls customers into a false sense of security. Once they start to realize that all the misconfigurations that are routinely made in the cloud are their responsibility, it’s not too long before they go looking for help in the form of an external service provider.
The challenge, of course, is that the number of MSPs that have the expertise required to secure cloud applications is not all that high. Most MSPs have historically focused on securing endpoints and managing network firewalls. Cloud security is built around zero-trust architectures that require everything from platform to micro-segmented applications, to new classes of tools to secure cloud native computing environments built on top of platforms such as Kubernetes. Simply lifting and shifting a cybersecurity service designed for an on-premises IT environment in the cloud isn’t going to cut it.
As a result, the single most important thing most MSPs can do in the weeks ahead is to invest in training. That might appear to be an unwarranted expense at a time when many MSPs, like most businesses, are trying to conserve cash. However, end customers are clearly sending a signal: MSPs that don’t have cloud security expertise are about to become irrelevant. They are also making it clear that ideally they would not like to sacrifice data protection and security for headcount if MSPs can help them figure out how to preserve both.
Savvy MSPs, of course, have been moving down the cloud security path for several years now. The fact is, there’s more money to be made over the life of a cloud application by securing it, than there is to be made deploying it. The challenge and opportunity for MSPs is to figure out how to attain and retain cloud security skillsets that end customers are not likely to have themselves any time soon.
Photo: Elena Schweitzer / Shutterstock