Why Businesses Keep Losing the War on Cyber Terror: Part 2
By Paul Dobbins
Change the Channel: It’s Broken
I’m not one to bury the lead. When it comes to cybersecurity, the channel is broken because it’s primarily focused on margin. As I said in the last blog entry, the quote “Where there’s mystery, there’s margin” is more important to many than actually solving the complex issues facing the clients served by our channel.
Unsurprisingly, the origin story behind why the channel is broken starts decades ago with a guy named Dave Berkus. Dave was in the business of selling large computing systems prior to the advent of the personal computer, and is the self-proclaimed inventor of the saying “where there’s mystery, there’s margin.” Do a quick search and you’ll find him on video, quoted as saying:
“You’ll be able to charge more, not less, when people don’t understand…”
Think about how this relates to the questions I asked in the first part of this blog series, and the answers you may have come up with:
- How many companies are trying to sell you cybersecurity products so you can expand your offerings for your clients? (I counted 44 exhibitors at MSP Summit last week.)
- At a high level, what are they trying to accomplish and how? And why, if we have all these wonderful individual products and technologies, do we keep losing this most important war?
While the answers to these questions are certainly multi-faceted and complex, let’s break it down as simply as possible. Which organizations first started combating cyber threats? Enterprises. Thus, individual, point-based solutions were sold to enterprises that, theoretically, had the resources and funds to implement and manage multiple point-based solutions with very specific purposes. Commercial antivirus solutions were first, followed by firewalls, VPN, MDM, ETP, EDR, MDR, XDR, and every other acronym-based solution you can think of.
When the enterprise funnel began drying up, these solutions were pushed downstream further into the channel. When those business prospects became too small, rather than solve for scale, many solutions were modified and watered down. Today, on average, it is estimated that each small business deploys a dozen or more different security tools; a medium-sized businesses averages several dozen tools; and an enterprise deploys more than one hundred.
For small or medium-sized businesses—the heart and soul of MSP clientele—having dozens of security solutions to manage is a recipe for disaster. If they are watered-down solutions, it gives a false sense of security. If they are truly enterprise-level solutions, it immediately drains resources for both the MSP and the business itself.
Look at the vast cyber landscape outlined below. Given the sheer volume of logos, there’s obviously margin. The real mystery is figuring out how anyone could think a small or medium-sized business—or an MSP—could successfully navigate this landscape on top of paying attention to the company they are already running.
There Is Good News
Full transparency: At Ostra Cybersecurity, with a few notable exceptions, we haven’t had much luck finding trustworthy MSPs that we can recommend to our clients. We have focused our efforts on looking for straightforward and humble MSPs who share our vision to go against the grain and think differently about the business of cybersecurity so we can start winning the war. So, when we set out to attend MSP Summit last week in Orlando, we felt like we were hunting for unicorns amidst a sea of 40,000 horses.
After many in-depth conversations, our team was encouraged to hear several MSPs acknowledge the cybersecurity problem within the channel. We heard from numerous people that too many point-based solutions using cyber jargon only creates noise, confusion, and ultimately takes the focus away from the core business of MSPs. It was refreshing to meet MSPs that have not been seduced into overextending their business. As broken as the channel may be, my hope of change is restored after talking with these folks.
In the third and final installment this blog series, we’re going to dive deeper into the transparency theme, throwing margin and mystery to the curb. We’ll talk about how to challenge the way MSPs think about cybersecurity and how the channel conducts business. I’ll have some questions for you to consider as you evaluate whether it’s worth changing the way we all do business for the sake of winning this war.
Spoiler alert: it’s worth it.