One size DOES NOT fit all.
Let’s consider the ‘build, buy, partner’ framework for security services, which offers three very different approaches you could take. There is no absolute right or wrong way, only what is best for your business. Explore the pros and cons of each so you can determine the right way for you.
Utilizing this approach means you create/develop the solution with the resources you own, control, or contract to.
Strategy of Things gives us deeper insight into what is required to pull this off.
When to consider this approach:
- You have the requisite skill sets and resources to do it
- You can offer security faster, cheaper, and at lower risk
- This is a strategic competence you own or want to own
- There is strategic knowledge or critical intellectual property to protect
- You are fully committed throughout the company
- Most product control
- Most profit opportunity
- Longest time to market
- High development cost
The Challenge: Hiring security resources to monitor 24/7 (emphasis on 24/7)
According to PayScale, the average salary for a cybersecurity analyst is $75,924. How much revenue would you need to earn to bring on just one analyst? Security talent is a hot commodity. Even if you can hire them, keeping them on will be a challenge when you’re fighting bigger businesses or one that specializes in cybersecurity who will pay more and offer more benefits.
This approach could also be referred to as ‘acquiring’ where you are seeking to acquire another company that specializes in a particular area (for example cybersecurity or physical security) to get the missing skill set you’re looking for under your umbrella.
Let’s take a look at the requirements needed for this approach courtesy of Strategy of Things.
When to consider this approach:
- You don’t have the skills or resources to build, maintain, and support security
- There is some or all of a solution in the marketplace and no need to reinvent the wheel
- Someone can do it faster, better, and cheaper
- You want to focus limited resources in other areas that make more sense
- Time is critical, and you want to get to market faster
- There is a solution in the marketplace that gives you mostly what you want
- Shortened time to market
- Acquiring skill sets
- Can be costly to acquire
- Integration takes time
The Challenge: The MSP M&A market is hot, AND it’s a seller’s market
Jim Schleckser, CEO, Inc. CEO Project and author of Great CEOs Are Lazy states in an article on Inc.com, “Many acquisitions fail to live up to their financial or performance expectations because the acquiring company hasn’t done its proper homework.” Take the time to do some serious research on how to take advantage of a seller’s market and find the expertise you need for M&A success. We have a couple of webinars to help you get started:
- Merger & Acquisition Essentials
- Getting Mergers & Acquisitions Right: The Project and the Process
- M&A: Getting Post-Acquisition Integration Right
Bonus for ConnectWise partners: We’re fully invested in helping you throughout the M&A process every step of the way, including technical assistance post-acquisition from our M&A specialist.
Partnering for Security
Strategy of Things gives us insight into this approach. Cybersecurity is a specialized field that many vendors cannot address on their own and must buy or license for their solution.
The company allies itself with a complementary solution or service provider to integrate and offer a joint solution. This option enables both companies to enter a market neither can alone, access to specialized knowledge neither has, and a faster time to market.
Companies consider this approach when neither party has the full offering to get to market on their own.
- Shortest time to market
- Each party brings specialized knowledge or capabilities, including technology, market access, and credibility
- It lowers the cost, time, and risk to pursue new opportunities
- Conserves resources
- Opportunity to learn the skill set before building something of your own
- Least control
- Integration cost
- Shared gross margins
Many vendors today offer a lot more flexibility today to make partnering an easy choice. A great example is Perch Security threat detection and response.
No matter where you are in your security journey, Perch enables you to choose your level of involvement:
- Fully managed by Perch SOC
If you’re more of a ‘hands-off, I trust you to do your thing’ type of person/company, then you have the freedom to sit back and relax while the Perch team does their thing. They’ll only involve you when absolutely necessary and equip you with the tools to look good in front of the customer while they do all the heavy lifting.
- Mostly managed by Perch SOC, your team reviewing or jumping in on specific issues
If you want to be aware on a high level of what’s going on in the world of threat detection but not to the level of fully geeking out, then this level of involvement is right up your alley and 100% possible with the Perch team. Get updates on the things you care about without being inundated with the things you don’t.
- Fully manage alerts yourself
If you want to geek out on threat reports side by side with the Perch flock, you’re more than welcome to. If you have a person on your team that’s interested in security but not able to dedicate 100% of their time to it, feel free to carve out a portion of their daily responsibilities to working hand-in-hand with the Perch team. Should things change along the way, and you need more or less involvement, you’re free to leverage the Perch team as needed.
Security isn’t solved by one single tool. It’s an ongoing journey that requires continuous assessment and refinement. Everyone has to start somewhere, but keep in mind that the starting line for you might look different than the starting line for someone else, and that’s okay. Carefully review the options at your disposal and determine which path is best for you.
“The journey of a thousand miles begins with a single step.” Lao Tzu
This article was provided by our service partner Connectwise