With cybersecurity remaining a chief concern for Managed Service Providers (MSPs) amid a landscape of ever-evolving threats, it’s reasonable to expect IT providers to have a few protection route options. But should that be done in-house or should you look at outsourced cybersecurity?
MSPs have more than merely their own data and reputation to consider. They work for companies and organisations that put immense trust in their ability to manage networking and essential resources.
Therefore, MSPs must think carefully about managing cybersecurity for the best, both for their needs and clients.
Typically, this boils down to two or three options. You can:-
- Manage cybersecurity in-house
- Partner with or outsource your Security Operations Centre (SOC) to a specialist
- Use a hybrid option that offers the best of both worlds
Each of these options has pros and cons. MSPs might naturally gravitate towards option three, the hybrid.
So, in this guide, we’ll take you through the advantages and disadvantages of running cybersecurity in-house and outsourcing this work. By the end, you should have a clearer idea of what likely works best for your setup and budget.
In-House SOC: In brief
An in-house Security Operation Centre, or cybersecurity department, is a centralised team of security analysts and engineers you employ directly. They are on your payroll and might work in the same building. They do so exclusively for your MSP and any clients you white-label for.
For many providers, convenience and exclusivity are enough to “seal the deal.” However, following the COVID-19 pandemic, the lines between in-house SOC and hybrid cybersecurity support have blurred slightly.
That said, there are still other advantages to running an in-house SOC over outsourcing the expertise, just as much as there are drawbacks.
What are the benefits of in-house cybersecurity management?
In-house cybersecurity gives you immense control, privacy, and convenience. Here’s what you need to know.
In-house SOCs work to your standards
When employing an in-house cybersecurity team, it works purely to your standards – you call the shots.
You’ll benefit from an exclusive, custom cybersecurity package that you can update and tailor to your precise needs whenever necessary.
Moreover, your own SOC is familiar with your business practices and understands how you operate in-depth.
You can choose who works for you
Employing a team means choosing who’s part of that setup. Again, you call the shots regarding recruitment and interviewing.
The knock-on benefit is choosing what skills and experience to prioritise when hiring. This is another element of control you might otherwise lose when opting for outsourcing packages.
However, as we explore a little further down, you’ll ideally need working knowledge of what a talented SOC analyst looks like and what skills they should bring to the table.
You can keep security practices private
MSPs, naturally, handle multiple clients at any given time, meaning they have strict data protocols in place. Providers, too, will want to keep practices and data private – and with an in-house team, they can ensure no data regarding their practice leaks out.
Data protection will be in place when you work with a reputable partner or outsourced platform. However, in-house is the way to go if you prefer to keep things private for internal eyes only.
You can train staff on your existing systems and software
When managing cybersecurity in-house, you can train a team to become familiar with your existing systems and processes, potentially cutting back on training and coaching time overall.
That said, whether a SOC operates in-house or externally, it still needs to choose an SIEM (security information and event management) product to integrate with existing systems.
The integration side of SIEMs is becoming less of a concern nowadays – but there’s always going to be the need to train staff on how to use some new software when building a SOC from scratch.
You have easy access to knowledge and support
You have access to cybersecurity advice and support at a moment’s notice. When hiring in-house, you can refer to your team and arrange ad-hoc meetings when needed.
What are the drawbacks of managing cybersecurity in-house?
Unfortunately, building and managing in-house cybersecurity teams is not always easy. There are extensive costs to consider, and getting a team of specialists up to speed takes considerable time and effort.
Here’s a breakdown.
There’s a shortage of skilled professionals
Official government data shows that, while there were over 160,000 different cybersecurity job postings in the UK in 2023, over a third of them were “hard to fill.” Moreover, there’s an employment shortfall of 11,200 people to keep up with demand.
These statistics tell us that, although hiring your cybersecurity staff sounds appealing in theory, there’s a distinct shortage of people skilled enough to fill these roles.
In practice, MSPs risk running through endless hiring cycles and mishiring cybersecurity professionals who fail to live up to their expected standards.
Another issue is that in order to build an effective and workable SOC, you’ll need a lot of staff – probably around 20 people. As Dima Kumets of Huntress explains:
“This is a bigger problem than figuring out a stack of tools. Most MSPs can’t afford to do this. The impact is that they end up with employees burning out after having to be on-call for double shifts.”
You need to be technically prepared to run your SOC
Whether you’re building a SOC in-house or for a client, ensuring it operates efficiently and effectively is one of the biggest hurdles you’ll need to overcome.
For example, do you know what a good SIEM looks like? Moreover, do you know which skills to prioritise when hiring and training SOC engineers?
In addition, consider your operational availability, experience, and expertise. Can you operate a SOC 24 hours a day as your clients might demand? Do you have the insight to recruit the right experts, build an efficient team, and manage a highly specialised service?
Who’s watching your clients outside of working hours? Do you have the appropriate software to monitor and manage security day and night?
Mark Taylor, founder of Chorus, the leading Microsoft MSSP, explains to Richard in TubbTalk 140: How To Transform from an MSP to MSSP for Business Growth, that MSPs building SOCs need to think carefully about what their offers look like.
“It’s worth considering how you’ll respond to breaches,” he suggests. “Will you just send an alert to the client, or will you fix it for them, too?”
Taylor also suggests that it might be prudent for MSPs to partner with others to build an effective SOC offering. It’s just one of many in-house considerations you must make before committing to what your product looks like.
You need to build and pay for a team from scratch
As mentioned, setting up an in-house SOC means leaping through hiring hoops and carefully selecting candidates. Getting a fresh security team up to speed will take considerable time and effort, regardless of any skills shortages.
Moreover, running an in-house team demands considerable financial investment. For example, MSPs must set up legally binding contracts and pay benefits and sick leave when employing staff via PAYE.
Another drawback is that MSPs hiring in-house staff pay for a set number of hours each week or month. There’s a chance that not all of these hours are used. Meanwhile, you pay for precisely what you need when outsourcing, meaning your ROI increases.
You need to manage your team effectively
Hiring for a team is one thing, but consider the management challenges you’ll face along the way.
For instance, you must provide for unexpected absences, holiday time, and 24/7 operations. That means hiring enough staff to manage your SOC around the clock and cover any sudden shortfalls.
Beyond this, cybersecurity analysts are highly sought-after. To retain your best experts, you must offer attractive compensation for their work and genuine career development opportunities. Larger organisations tend to have greater capacity to support employees to advance up the career ladder.
That said, how you keep one staff member will always differ from another (and far be it from us to dictate how you should mitigate turnover!).
You need to invest in your own tools, software, and protection
Running an in-house SOC also means carefully selecting the best tools and software to help your team do their job. That’s additional time and money spent, which you immediately save when working with partner tools and security platforms such as Guardz or Huntress.
Again, prior knowledge and experience are golden here. Understanding what makes an excellent SIEM or partner tool takes more than simply comparing features or undertaking free trials. Unfortunately, it could take years before you settle into a comfortable and effective software stack.
You need to build a reputable presence
Even if your MSP is already a trusted entity, establishing a new SOC will take time to market effectively and “settle” in your customers’ consciousness.
When it comes to the credibility of your SOC, in-house, you’re on your own. You must ensure your analysts communicate effectively with existing teams and commit to training and development. Moreover, it pays to prioritise gaining accreditations and helping your analysts obtain additional qualifications.
Experts claim that a SOC can take around three years on average to be ready for market. That’s somewhat avoidable, however, if you outsource to a team of analysts already up to speed on technologies and processes and who are available around the clock.
Outsourced or partnered cybersecurity: In brief
Outsourcing cybersecurity as an MSP means delegating client protection to a third party. To some, this might sound like a risky move. However, as mentioned, scalable, reliable options such as Huntress can help you set up cybersecurity out of the box without any need for manual setup or management on your side.
For example, Huntress offers a purpose-built SOC solution with endpoint detection and response (EDR) to squash threats as soon as they’re spotted. Its lightweight suite runs in the background for MSP clients, making it painless to install and run – and the company even offers security and training insights.
Outsourced EDRs are invaluable elements of outsourced SOCs. They provide MSPs with complete visibility over incoming threats and real-time insights, meaning they can react quickly should potential attackers be spotted.
Outsourcing an EDR also means MSPs have reliable intelligence databases they can use to investigate threats and ongoing vulnerabilities swiftly. EDRs can also sniff out attackers who might squat inside networks without getting detected for weeks.
However, one concern that could arise when outsourcing as an MSP is how your clients might respond. For example, they might oppose the idea of their security being handled by an external agency.
Michael George, one of the godfathers of modern outsourcing, spoke with Richard via TubbTalk about this problem.
In the episode, he explained that many MSPs don’t advertise white-label partnerships. They simply use outsourced providers and end users frequently can’t tell the difference.
We’re at a point where outsourced cybersecurity is exceptional enough for this to be less and less of an issue.
That said, again, there are pros and cons to either side of this option, so let’s explore them.
What are the benefits of outsourcing cybersecurity?
Outsourcing cybersecurity means you benefit from immediate expertise, highly scalable solutions, round-the-clock protection, and immediate value for your initial investment.
Let’s dig deeper.
You have instant access to expertise and experience
With in-house cybersecurity, you must hire and train staff manually based on your needs and systems. This takes considerable time and effort.
However, when you partner with an outsourced solution, you have instant access to experts with years of experience. That means MSPs hit the ground running with immediate protection, advice, and monitoring from the moment a contract begins.
This is an increasingly valuable benefit in light of the cybersecurity skills deficits mentioned earlier. The people you work with via outsourcing are already employed, meaning you don’t have to hunt down additional support.
That’s also going to cut down your time to market significantly.
Scalability is simple
For all in-house SOCs can be simple to scale depending on your needs, outsourcing is even easier to manage when growing a company.
You don’t have to hire additional staff or invest in extra tools or software – your support network grows and adapts with you, meaning there’s much less planning and budgeting to consider.
This is especially useful if your or your clients’ security needs evolve over time. For example, you might need to scale from traditional MDR solutions to MXDR protection—more on that a little further down.
You’re protected 24 hours a day
This benefit is slightly blurred if we consider that some “in-house” cybersecurity experts work remotely, on shift patterns, and worldwide. However, you have complete defence around the clock with services such as Huntress.
This is especially beneficial from an MSP’s perspective, as multiple clients depend on security support at varying hours of the day.
When managing SOCs in-house, you must always ensure you have staff available. Outsourcing, however, removes that management headache completely.
You pay for what you need
Outsourcing your cybersecurity usually means paying for the support you need and nothing more. When you hire a team outright, you pay for hours you might not necessarily require. Flat pricing ensures that MSPs benefit from immediate ROI.
Beyond this, outsourcing and partnering are generally affordable for small to medium MSPs, meaning there’s little blocking providers from taking advantage.
What are the drawbacks of outsourcing your cybersecurity?
Of the few drawbacks of outsourcing MSP cybersecurity, providers need to be willing to relinquish some control, work with experts handling other providers, and choose between standardised packages.
Here’s a more detailed overview.
You don’t have the luxury of complete control
When you outsource your SOC, you agree to release control of your operations somewhat.
This isn’t necessarily bad when you consider the time and effort you save along the way. However, it can be a sticking point for those MSPs who care about monitoring the minutiae and keeping practices private.
You won’t have an exclusive team
When partnering with cybersecurity outsourcers, remember you’re working with a team with multiple other clients and partners. That means their work isn’t exclusively tailored to your needs, and you’re sharing time and resources to some extent.
Outsourcing firms work with multiple companies simultaneously to pass savings onto their clients. Therefore, although outsourcing means you lose some exclusivity, you certainly benefit in terms of ROI.
To clarify, here, too – you will still have an exclusive contract and, in many cases, named account managers who act as your contact points.
You won’t have a custom package
Outsourcers can provide custom plans and packages depending on your needs. But, if you need a complete bespoke fit-out, hiring in-house is better.
Yet, again, that comes with caveats such as increasing costs and time demand. It could take years for a brand-new, in-house SOC to get up to standard. Therefore, it pays to compare and balance what’s most important to your SOC needs.
Should you go hybrid?
Hybrid SOC management means effectively taking the best elements of both avenues discussed above.
For example, you could hire one or two in-house experts but still use outsourced monitoring to provide your clients with peace of mind.
If you can’t choose between the benefits on either side, it’s worth considering a hybrid SOC. However, doing so can be a complex undertaking. Our advice, generally, is to compare the market.
Guardz, for example, is a hybrid-ready SOC-like offering that supplies protection against familiar threats such as ransomware and phishing. It supports MSPs and their clients against mass data loss. Users benefit from real-time protection, too, meaning someone always has their back.
Remember: Every SOC is different
If you’re new to setting up SOCs, it’s easy to assume that one size fits all. That’s rarely the case—if you’re working on behalf of clients, you might need to be flexible to offer particular security features compared to someone who might simply need access to a helpdesk occasionally.
Consider the difference between SOCs operating as MDRs and Managed XDRs, for example. Both options outsource real-time EDR protection and threat detection and provide clients with direct access to security analysts and expert personnel.
However, the difference – as Mark Taylor advises – lies in scope. MDRs (Managed Detection and Response services), Taylor states, tend to be great starting points for SOCs.
Meanwhile, MXDRs (Managed Extended Detection and Response services) use XDR technologies to extend real-time coverage.
Typically, MXDRs offer broader responses to security threats and are frequently more efficient and effective at protecting clients on both sides of Boom [insert link to blog about Boom here]. They pull in more endpoints and build up a clearer picture and “story” about how security looks across a client’s network.
Therefore, it’s frequently easier for MSPs to outsource SOC operations that can scale with specific client needs. Otherwise, they must build a department from scratch, which takes time, effort, and resources.
Which route is best for MSPs?
The answer is pretty non-committal, as your providing needs may vary compared to others.
However, experts lean more toward outsourcing simply because of the instant access to expertise, the immense cost savings, and the measurable ROI from the get-go. That all translates into a fantastic service you can offer clients, helping you build trust over time.
Generally speaking, it’s more common for enterprises and larger organisations to build SOCs in-house as they have the resources, personnel, and funding to do so. However, that doesn’t mean outsourcing can’t work well at an enterprise level. You just need to find the right partner!
Far be it from us here at Tubblog to decide for you! Business needs vary, meaning it’s always good practice to compare outsourcing partners and assess your budget carefully before leaping into what seems to be the ideal SOC solution.
You Might Also Be Interested In
You might like:
Comments