3.28.23 – SSI – Roy Dagan
The rise of networked security systems coupled with the allure of recurring revenue streams is inspiring some integrators to take on a managed security services provider role.
Managed service providers (MSPs) have played a key role in IT for decades. They empower businesses by offering comprehensive management and support for a wide range of technology solutions and services. IT groups use MSPs for everything from full network administration, data backup, communications between business stakeholders and departments, and full 24/7 IT support. MSPs enable many businesses to offload day-to-day management of their IT infrastructure so IT can focus on more strategic endeavors. The benefits also typically include lower costs and reduced system downtime.
Managed security service providers (MSSPs) offer similar services for security teams but focus on the systems and protocols that keep networks and data safe from cyber threats. MSSPs can offer a spectrum of security solutions like extended detection and response (XDR), security information and event management (SIEM), network firewall security platforms, and more. Depending on the scope, they can offer a full security operations center (SOC) of cybersecurity specialists who monitor networks for potential threats, analyzing and prioritizing alerts, and responding to security incidents.
Physical security, by comparison, relies on their trusted security integrators (SIs) to seamlessly install, link and maintain their various security systems. But how might physical security departments benefit from working with MSPs?
IT & Physical Security Gap
Physical security (encompassing electronic, hardware and guarding security) has historically been siloed from IT and cybersecurity. While this has changed over the years, there is still residual misalignment. This is all due to the complex nature and history of physical security.
Not too long ago, physical security systems were largely analog and not connected to a network, while IT and cybersecurity departments were well into their journey into the Cloud. The landscape has evolved, however, with physical security groups adopting Cloud-based security-as-a-service (SaaS) models that are deployed in IT environments.
To add to the complexity, there has been an explosion in Internet of Things (IoT) and physical security devices during the past decade. Manufacturers have innovated and delivered generations of smarter devices — all of which need maintenance, and can be targeted by cyber attackers.
Today, physical security departments are responsible for a dizzying array of surveillance cameras, access control systems, perimeter security solutions and more that use sophisticated features like facial recognition, motion detection, and intelligent analytics. They have all this technology but may not always have the full-time technical experts that IT often has onboard, nor the managed services IT uses to handle its operations.
Why the Need Exists
Organizations that lack a comprehensive in-house physical security department often look to outsource management and maintenance of their security cameras and other devices. One reason: tracking, diagnostics, and regular updates of passwords and firmware have become more complex. Each device manufacturer may have its own set of maintenance requirements and software, and the scale has increased dramatically.
For a company with many cameras that include different makes and models, manual upgrades to firmware are extremely difficult to carry out correctly. Without comprehensive oversight and automation, these tasks are difficult to fulfill. A managed service that consistently completes such updates remotely and automatically (and correctly!) is a welcome, practical solution for physical security groups.
Who Will Own the Shift?
Organizations that already outsource cybersecurity services would likely jump at the chance to leverage MSPs for their physical security needs, but for now there are two key obstacles. First, physical security — including systems such as surveillance cameras — remains a black box to MSPs and MSSPs. This is because they traditionally focus on cybersecurity for IT and the IoT devices that IT oversees. Second, IT-centric MSPs generally lack relationships with the physical security personnel.
What about physical security systems integrators? Some have already moved early on to become MSPs for physical security departments. Conventional logic dictates SIs would be preferred for end users’ managed physical security services over traditional IT-focused MSPs. Integrators can develop managed services on their own, essentially by combining their expertise with automation, using a purpose-built platform.
To be sure, it is not an appropriate model for all SIs. It is more feasible for those with more advanced technology and management capabilities to add managed services, in some cases with relative ease. Others will have to overcome additional hurdles and might find it more effective to partner with MSPs that help them get up and running with service offerings.
The MSPs that are entrenched with IT, for their part, may elect to build domain knowledge for physical security over time, or acquire it by partnering with or purchasing an SI. In doing so, they could tap into their existing relationships with CIOs and IT directors and become one-stop shops serving both IT and physical security groups. To a large extent, it remains to be seen how this scenario will play out.
Many SIs can add revenue streams by moving into the role of a specialized MSP. In most cases, to begin offering such services an integrator needs at least two types of platforms: one to carry out the tracking and management of their customers’ device fleets; the second to handle customer signups, subscriptions and billing.
Regardless of whether the MSPs now serving IT groups or security integrators take the lead in providing these more specialized services, physical security departments will benefit from reduced costs, uptime stability and greater confidence in their own cybersecurity profile.
Roy Dagan is CEO of SecuriThings.