Making Co-Managed Security Work

Should you outsource IT? According to industry research, about three quarters of small-to-midsized businesses (SMBs) outsource their IT to a solution provider, VAR or Managed Services Provider (MSP) in a given year. As the remote work trend accelerates with COVID 19, this number is likely to get higher.

As conditions evolve, though, many IT professionals are realizing that outsource vs. in-house isn’t even the right way to look at the matter. Rather, the decision should look at much of your IT to outsource, and on what basis. Full outsourcing tends to be problematic. It leads to uneven service levels and potential conflicts over how IT workloads are handled. A complete handoff to an outside firm can also result in a cyber defense gap.

Co-managed scenarios offer a more balanced path forward, especially when the co-managed provider takes on a meaningful share of security responsibilities. I spoke about this issue recently with Matt Tomlinson, Director of Channel Partnerships at Huntress, which offers threat hunting and threat remediation solutions.

“Splitting the work between in-house teams and MSPs has many advantages,” Tomlinson explained. “This is particularly true for companies that may not have the time or budget to recruit, train and hire experience IT and security staff—a common situation facing SMBs.” For example, a company might have its internal security team handle patch management while an MSP takes care of pen testing. In core IT, the in-house team might deal with end user support while the MSP addresses specialized needs like SAP performance tuning, and so forth.

Matt Tomlinson, Director of Channel Partnerships at Huntress

Success is not automatic with the co-managed approach, however. “In a total outsourcing model, everything is under the care of the service provider, at least in theory,” Tomlinson said. “By definition, co-management means dividing responsibilities. For it to work, each group has to be really clear on who is doing what. And, it’s more than just ‘we take care of x, and you do y.’ In reality, a co-managed situation often has in-house and external teams in primary and secondary positions on the same workload.”

Making a co-managed security arrangement fulfill its purpose involves a process of assessment in the early stages of the engagement. “You have to figure out how mature your organization is for different areas of security,” Tomlinson shared. “Like, can your in-house team handle SOAR or SIEMs? If not, let the MSP do that.” From there, a careful scoping process should establish what, exactly is expected from the MSP. “The more attention to detail at the outset, the better it will work,” he added.

Tooling also matters. Automation can augment the capabilities of both the in-house and MSP team. In the case of Huntress, the solution offers a “one button” assisted remediation for threats it detects in the environment. This kind of functionality can make everyone in the co-managed scenario more productive.