Cybersecurity trends: IT shops set to offload work to MSPs

New research on 2021 cybersecurity trends points to opportunities for managed service providers that are equipped with the right tools and skills; more IT channel news.

IT departments appear ready to outsource cybersecurity work to MSPs this year as they battle staffing shortages and the increasing complexity of cloud computing.

Recent reports from IT service providers and consultancies provide an early glimpse into cybersecurity trends for 2021. Accelerating cloud adoption has highlighted security issues such as third-party risk management. The rise in remote work, meanwhile, has extended the attack surface. Enterprises also cited a lack of capabilities to detect threats across multiple clouds.

MSPs appear to have an opportunity to offer guidance in the current climate, even among customers who have cybersecurity personnel on hand. Eighty-three percent of the IT leaders with in-house security teams said they are considering outsourcing security tasks to an MSP in 2021, according to a report published this week by Syntax, a managed cloud provider based in Montreal.

A spike in cyberattacks paired with a reduction in IT staff have spurred organizations to pursue external help, Syntax found. Syntax's "IT Trends Report," based on a survey of 500 U.S. IT decision-makers, said that 77% of respondents reported an uptick in the frequency of cyberattacks in 2020, while 79% were compelled to reduce headcount due to the economic downturn stemming from the COVID-19 pandemic.

In addition, 45% of the IT leaders that have in-house security groups cited a lack of "strategic counsel" from their security tools. Those respondents said they are considering partnering with an MSP.

Opportunities for MSPs as strategic advisors seem there for the taking, but service providers face a number of challenges in doing so. "In order to take on the increased demand for their services due to remote work, MSPs will need scalable products and the ability to train additional staff quickly," said Matthew Rogers, CISO at Syntax. "With this in mind, finding quality security staff is a major challenge for MSPs because technical competence is the hardest skill to find and is taught over time."

Rogers pointed to the need for foundation knowledge -- programming, systems administration and network skills -- as the basis for building security awareness skills.

A degree of legal acumen is also important.

"Foundational understanding of civil and tort law are required to understand exposure to laws and standards," he added.

MSPs pursuing security business this year should expect to deal with the demands of cloud security. Security and data protection ranked as the No. 1 barrier to cloud transformation for 38% of senior IT decision-makers, according to Aptum, a hybrid multi-cloud MSP based in Toronto. Aptum's report, titled 'The Security and Compliance Barricade,' the second installment in the company's four-part global Cloud Impact Study, polled 400 people in the United Kingdom, U.S. and Canada.

The report suggests IT teams are struggling to manage complex environments that feature multiple cloud providers and deployment models from public clouds to hosted private clouds.

Against that backdrop, 85% of the Aptum survey's respondents pointed to a "lack of a clear mechanism to detect and respond to threats across all cloud environments" as a security, governance and compliance barrier. And 82% of respondents cited access management to multiple cloud environments as a security obstacle.

"The expansion of cloud capabilities … introduces new security concerns, and, as you adopt more and more cloud technologies, then obviously that complexity further increases," said Aptum director of pre-sales engineering Grant Duxbury. "Also, there are more and newer threats as well and more sophisticated ways of targeting cloud-based technologies."

Duxbury cited the lack of a concerted effort just a few years ago to stage attacks around the polices and privileges associated with AWS S3 buckets. However, "as people adopt cloud more, there's a greater focus on exploiting those potential vulnerabilities," he said.

Additional details about 2021 cybersecurity trends come from Deloitte's Cyber practice, which polled more than 1,300 professionals from organizations already in the cloud or planning to adopt cloud computing in the next year. The respondents rated third-party risk management as their biggest cybersecurity challenge in the path of their cloud strategies. Thirty percent of in-cloud respondents and 41% of those moving to the cloud cited that issue. Respondents also listed remote work, insider threats and data privacy as cloud security risks.

Gartner: IT services pending to grow 6% in 2021

Worldwide spending on IT services is expected to grow 6% in 2021, following a 2.7% decline in 2020, according to Gartner's latest projections.

The numbers are more optimistic than Gartner's October 2020 forecast, which called for 4.1% growth for the IT services sector. Gartner said IT services spending will hit $1.07 trillion in 2021. The growth trend will continue into 2021, when Gartner forecasts the market to reach $1.14 trillion on 6.3% growth.

IT services providers can expect to see continued customer activity regarding digital business plans. "Through 2024, businesses will be forced to accelerate digital business transformation plans by at least five years to survive in a post-COVID-19 world that involves permanently higher adoption of remote work and digital touchpoints," Gartner noted.

Gartner projects worldwide 2021 IT spending, across all segments, to reach $3.9 trillion, a 6.2% boost compared with 2020 levels. All IT segments are expected to grow, with enterprise software leading the way with 8.8% growth, according to Gartner.

Other news

  • Machine intelligence is seeing wide adoption among companies with the highest level of business operations maturity, an Accenture study has found. Seventy-one percent of what Accenture refers to as "future-ready" organizations have fully adopted AI and data science capabilities, a nearly 18x increase from 4% three years ago, according to Accenture's survey of 1,100 senior-level executives. The company defines "future-ready" organizations as those that emphasize digital transformation and have retooled operating models, pursuing "wholesale reinvention" versus incremental improvements. In addition, the Accenture study said 38% of the future-ready respondents now scale AI practices. Accenture in 2019 identified failure to scale AI projects as a critical problem for the C-suite.
  • In other Accenture news, the company is working with Salesforce with the aim of helping customers meet their sustainability objectives. The initiative, an expansion of the companies' alliance, brings together Accenture's Sustainability Services, Salesforce Sustainability Cloud and Salesforce Customer 360. The sustainability partnership will let customers track sustainability programs such as carbon usage reporting, the companies said.
  • Softchoice, a technology solutions provider and MSP based in Toronto, rebranded with a new logo and brand positioning: "Success. Fully realized." A number of MSPs have rebranded in recent months.
  • InterVision, an IT service provider and AWS Premier Consulting Partner, rolled out a Cloud Cost Optimization Service, geared to midsize and enterprise organizations. The service comes with a guarantee that the company will identify savings of at least 30% for clients with $20,000 or more in monthly AWS spend, InterVision said. Research has identified higher than expected cloud costs as a challenge in organizations' cloud adoption journeys.
  • Trustwave, a managed security services provider (MSSP) based in Chicago, unveiled a Referral Partner Program. The tiered program includes resources such as the Trustwave PartnerOne portal.
  • Pythian Services Inc., a data, analytics and cloud services company based in Ottawa, said it has become an MSP in the Google Cloud Partner Advantage program. Google Cloud's growth is fueling partner opportunities.
  • Insight Enterprises, an integrator based in Tempe, Ariz., launched Tech Hub, which the company said offers virtual self-service to employees with common technology issues. Tech Hub is part of Insight's managed workplace services suite.
  • Thrive, a technology managed services provider based in Foxboro, Mass., completed a majority recapitalization with Court Square Capital Partners. Court Square joins earlier financial backer M/C Partners and Thrive's senior management, which also owns a substantial ownership stake in the company. The combined funding will accelerate Thrive's investment in technologies such as ServiceNow, automation and AI. The company also aims to expand geographically through organic growth and acquisition.
  • Assured Data Protection, an MSP providing cloud data protection offerings, unveiled ProtectView, a centralized platform that manages Rubrik's data management products. Assured Data Protection initially used ProtectView to support its customers and is now making it available as a standalone offering for the wider Rubrik community, which includes MSPs, resellers and distributors.
  • Cyberpion, a cybersecurity company that discovers and protects online ecosystems, launched a new partner program. The company appointed Tracy Hickox, formerly of Cisco Systems, HP Networking and Check Point Software Technologies, to lead Cyberpion's channel initiative.
  • Tenable, a cybersecurity company based in Columbia, Md., updated its portal for MSSPs. The portal now lets service providers self-provision and self-service their instances, up to 1,000 assets. The company said MSSPs can use the portal to build and launch cloud-based vulnerability management services in a matter of minutes.
  • Nerdio, a Chicago-based company that provides Microsoft Azure deployment and management offerings for MSPs, launched Nerdio Manager for MSP, which the company said automates and optimizes Windows Virtual Desktop environments in Azure.
  • SaaS Alerts, a SaaS application monitoring platform based in Wilmington, N.C., appointed Jim Lippie as CEO. SaaS Alerts sells to MSPs, which use the platform to protect customers' Office 365, Google Workspace, Salesforce and Box applications, among other products. Lippie was previously general manager and senior vice president at Kaseya.

Market Share is a news roundup published every Friday.

Next Steps

Tips for MSPs to bridge the cybersecurity talent gap

Cyber-risk rating firm Black Kite ups channel focus

Dig Deeper on MSP technology services

Cloud Computing
Data Management
Business Analytics