During the last 20 years in cyber security, there has been mixed opinion on whether security operations should be centralised or decentralised. Each organisation generally choose one of two different directions on how Cybersecurity should be implemented. Some choose to keep Cybersecurity operations close to the business to have a better view and control over it, whereas others, especially after the first regulations and standards were introduced, treat it as something necessary but view it as making business more difficult and try to keep away from standard operations. Which direction each organisation has chosen was mostly dependent on its profile, risks, size and other factors. 

Today, even though almost every organisation understands the importance of Cybersecurity, we can still see the artefacts of the direction a particular organisation has chosen before. It is typically visible in how processes and related services are managed and operated. Whether centralised under one platform or spread across many, providers or related services, each direction has its benefits and disbenefits attached.

What is recommended?

Understandably, it is tricky to always find the right balance. When looking into these two directions, we look at what advantages each one has and what risks and disadvantages we will face. Even with big players like Microsoft, Google, Acronis, Barracuda and others, we may get very close to the centralised solution, but that will come with a relatively high cost or technical debt that is difficult to overcome. On the other hand, managing decentralised security operations, even if it requires less challenging technology, may come with an even higher cost than centralised ones and difficult choices, especially if organisations cannot understand their risks fully.

Fortunately, there is a third option.

Gartner, in their report “Top Trends in Cybersecurity 2022”, points out two interesting trends:

  • Vendor consolidation – Many providers convert security products into one platform and try to make the licensing much simpler than before. It reduces complexity but, at the same time, increases the risks of a single point of failure or being dependent on one provider. Even so, as this reduces organisation costs, it is still not easy to navigate through those – many different MSSPs provide different levels of services for different components. It is not a secret that MSSP will look for those components that bring in the biggest profit or are their speciality – sometimes forcing customers to use a particular technology or vendor.
  • Cybersecurity mesh – This has more voice than before the COVID period, as organisations were required to change the security architecture whilst joining both concepts of security on-premise and on the cloud. Still, even though it is the main trend right now, many organisations are struggling to put it into one security architecture, providing the same level of service and security in both situations.

Looking into the future.

What if, instead of trying to use one vendor who combines multiple security operations in one location, we use a platform that combines vendors rather than security operations? What if we had the option to change providers for a single security task, such as vulnerability management? Thus allowing customers to choose vendors with the ideal mix of costs and associated risks.

Let’s name it Consolidated Managed Security Service Provider (CMSSP).

It is important to mention that we are not talking about “Security Service re-sellers” – where the service is sold through their portal, and their involvement is limited only to managing licenses or subscriptions. We are looking at organisations that use vendors as their tools to provide Security Services with a variety of vendors under their portfolio. These vendors also provide the level of integrations that selects the proper data and reports to clients with their cyber and IT security expertise.

Moreover, it is no secret that vendors only have access to information about business and its risks through the services they provide to clients. Yet, in some niche markets, a seller will merely consider if the information is likely to be profitable. In this instance, we must consider data privacy, intellectual property, and secrecy.

But an organisation that provides Security Services in all areas and is not tied to one vendor will know enough to provide the right Security Provider to customers. They will also be able to make a proper balance between centralisation and decentralisation of Security Operations whatever the choice of a particular vendor will be on the customer or CMSSP side.

CMSSP is becoming an aggregator and normalised for security operations with the Platform built on top of it, which can select the data precisely to create a real organisation’s Cyber Security Posture profile without needing to depend only on one source of information or tool.

What is the next step?

It is worth noticing that many MSSPs are trying this approach by offering other suppliers under their portfolio and through their portals. METCLOUD is one of the leading ones.

If you want to know more about our CMSSP Portal, contact METCLOUD for more information.

Martin Zbozien

CISM, CGEIT, CDPSE, Information Security Officer at METCLOUD.

Martin is an experienced professional starting his carrier as IT Technician, Ethical Hacker, and Full-stack Developer going through several roles as a Systems Architect, Network Specialist, Lead Developer up to Head of IT, IT Director, and CIO in the Financial and Real Estate industry.