MSSPs Can Be Critical For Midmarket's Security Needs, Gartner Analyst Says

(NOTE: This story was originally posted to CRN.com Sept. 20.)

Managed security service providers can be key in helping resource-limited midmarket companies secure their data, a Gartner analyst told a group of corporate information technology leaders this week.

Brian Reed, research director of data security for Gartner, said Tuesday that midmarket firms should consider managed security service providers to handle some of their security functions.

"The biggest issue [midmarket companies have] is they're trying to tackle everything at once, and they're not taking a prioritized approach to what they're doing," Reed said following a 30-minute-long breakout session at Midsize Enterprise Summit West, a conference hosted by IT Best of Breed's parent, The Channel Company, in Austin, Texas. "They're focusing a lot on the basic stuff, the blocking and tackling, but they're not using full-time employees to dig deeper."

[RELATED: Analyst: Midmarket Firms Want More IT, But Face Budget Limits]

Proficio, an MSSP based in Carlsbad, Calif., has benefited from that, according to Kyle Thompson, a solutions engineer at the company. Midmarket-based business for his company is up about 150 percent over the last year, he told CRN.

"We're an extension of the [security] team for them, essentially," said Thompson, who was also at Midsize Enterprise West.

Reed also advised the midmarket IT directors in the room to step up security awareness training as a way to decrease the possibility of successful attacks through users who are not security savvy enough to recognize, say, a phishing attack.

A variety of companies have been victims of phishing attacks lately, sometimes in the form of people who are "impersonating … high-value targets in your organization, such as C-level executives," Reed said. "These attacks are very well orchestrated." They're articulate and don’t contain grammar mistakes to help make them appear authentic, he added.

And in some cases, they're familiar with such functions as "how you move money," and "targeting those business processes," Reed said.

Reed outlined a list of "must-do" tactics for midsize businesses to better protect their data. For instance, they need to encrypt outbound email and network access, he said, and Reed recommended the use of a cloud access security broker to extend their on-premise security policies into whatever cloud technology they use. Also on his list: privileged access management, identity access management and identity access-as-a-service.

In a study released last month on technology in the midmarket, services giant Deloitte cited security as a top priority, with phishing and employee-induced risk topping a list of concerns, cited by 49 percent and 47 percent, respectively, of businesses surveyed.

MSSPs have a variety of capabilities to help midmarket organizations, such as augmenting staff, Reed said. But there are special functions as well, such as security incident and event management (SIEM), he added.