10 Big Cybersecurity Bets Solution Providers Are Making In 2022

From multifactor authentication and least privileged access to unified dashboards and employee training, here’s where 10 solution providers attending this week’s XChange 2022 conference plan to place their biggest cybersecurity bets.

Securing The Future

The XChange 2022 conference held in Dallas this week by CRN parent The Channel Company brought together 265 solution provider executives to get exclusive industry insight, build new strategic relationships, learn about emerging technologies and participate in peer networking events. These executives are on the front lines and therefore understand how top of mind security is for customers today.

Technology, training and usability were some of the biggest cybersecurity areas cited by XChange attendees in conversations with CRN editors, with solution providers calling out multifactor authentication, least privileged access, and SOAR (security orchestration, automation, and response) as some of the key cybersecurity technologies they’re doubling down on.

Solution providers are also focused on making better use of their existing security stack through training and education and identifying integration opportunities with tools already in place. The channel also wants to provide their SOCs (security operations centers) with greater visibility across the technology stack by incorporating the findings of disparate tools into a single, unified dashboard.

Here’s what XChange attendees said is the No. 1 cybersecurity bet they’re making right now.

Regulatory And Insurance Compliance

Luis Alvarez, President of Salinas, Calif.-based Alvarez Technology Group

Compliance will be a big focus. Cybersecurity is a lot of things to a lot of people, but what we‘re seeing is that there’s a lot of regulatory compliance that‘s being pushed down from state and federal levels. But more importantly, it’s being pushed from cyber insurance companies. I recently attended a webinar led by a cyber insurance expert. He was saying that in 2022, they expect that less than somewhere between 50 [percent] and 75 percent of policies will be renewed because a lot of people will drop out because the premiums are going up, and the requirements to renew are going up.

Previously, insurance companies were very lax about the checklist that they would give channel partners to see if they were doing all they needed to do. Now they‘re being very specific. Are you using hosted services? Do all those hosted services have multifactor authentication? And if you check ’No,‘ they won’t insure you. So that means that our clients are coming to us and saying, ‘Hey, I need to enable all of these things that I have been pushing and saying, no, I don’t really want to do this. Now I have to do this. So can we turn on multifactor authentication? Can we turn on encryption on the hard drives because we need to have encryption at rest and in motion?‘

This means MSPs need to get smart on the people side of the compliance piece. The technology is there. We know how to do it. We know how to press buttons. But understanding what our clients, industry and businesses require, and being able to provide them the right level of cybersecurity support for what they need, is going to be our biggest challenge this year.

Internal Security

Brian Bakkila, Sales Operations Manager at Grand Rapids, Mich.-based Applied Imaging

It‘s probably going to focus on even more internal security for our practice. Over the last several years, we’ve become more and more serious about that. Just crossing our t’s and dotting our i’s in that space. And we‘re just going to continue to heavily invest in that because we realize the responsibility that’s been placed on us and what that means from our clients’ perspective and what we are truly responsible for.

There‘s not any type of increase in threats that we can demonstrate, per se. It’s just looking at other people‘s stories as well as just making that a focus and making sure we’re not one of those stories.

We‘re looking a lot more at least privileged sorts of things in our environment, basing job roles on what access somebody has so if something were to happen to limit the impact of that, as well as looking at privileged access management and some of those sorts of things inside our tool sets. We’ve already gone through the basics, all the MFA and all those sorts of things. We‘re just really tightening down the roles within the organization as we continue to grow.

Next-Generation Tools

Phillip Walker, CEO of Manhattan Beach, Calif.-based Network Solutions Provider

Our next big cybersecurity investment for 2022 will be around the next generation of tools, including AI, deception, SOAR—things that are going to help level the playing field or change the landscape for current threats. So, tools and people, and platforms, things that are going to help us bring everything we have together to deliver a cohesive solution.

We haven’t been able to bring advanced tools like AI, SOAR and others to clients because of traditional price and feasibility issues. But I think this is going to be the year that we‘re going to be able to grab those tools and bring them down to our customers’ level and be able to scale them out.

At our level of customer, we’re seeing an understanding of the tools and the patches needed. I think that our cybersecurity maturity has grown over the past two or three years. So we‘re not just in a reactive mode, we’re way more proactive than in the past.

Unified Dashboard

Kumar Nandigam, President and CEO of Plano, Texas-based Tekpros

We‘re trying to get to one single dashboard window which can show me everything in one kind of dashboard. So nowadays, there are like 6,000 vendors in cybersecurity. So we are trying to bring in the value from different vendors like email protection, I would say Area 1 [Security] is good. Maybe CrowdStrike is good for endpoint protection. We want to bundle it all together and increase the advanced security stack for customers and bring them more value. So that’s the plan for 2022.

It‘s tough to create that dashboard because we’re dealing with 6,000 vendors. With Cloudflare acquiring Area 1, it‘s a good thing since Cloudflare can do firewall protection better and block DDoS. And they’re not good at email security, so now they‘re bringing in Area 1 Security. Then they can put it into their Cloudflare dashboard, right? If the security vendors, especially in cybersecurity space, can consolidate and can offer one dashboard for multiple different things, that will help MSSPs like us to go to the market and help our customers more easily.

The single dashboard is important for our SOC. So people are sitting and they‘re watching. And again, being an MSSP, it’s not like I‘m an enterprise customer and have just one organization to monitor. I have 200 or 500 customers, which are anywhere from five seats all the way to 500 seats or 5,000 seats. So having one dashboard where I can monitor Office 365 would make it easy for us to provision and also do health checks and also to monitor and to be very responsive. So that way, we can meet the SLAs and our customers are happy and we can retain them and keep going.

CSSP Certification

Sophia Jaber, Director of IT Operations for Lake Forest, Calif.-based CyberTrust IT Solutions

My biggest one is getting my CSSP [Cyber Security Service Provider certification]. That‘s something that I think is really valuable and it really opens the door to all kinds of contracts. I’d also like to have one of my team members become CSSP-certified. I always like to have an expert on [the technologies we use], whether it‘s ConnectWise-certified, or ID Agent-certified, at least having one person in-house that speaks the language is always really important.

New Vendors

Nalit Patel, CEO of Livingston, N.J.-based All Solutions

New vendors and partner programs. We are looking at some new ones because security is a landscape that is always changing so we always try to keep up. We picked up two good ones. We’re going to utilize them because it takes a lot off our plate and it automates our processes.

Training

Sean Wright, Founder and President of Brentwood, Tenn.-based Affinity Technology Partners

A security investment we’re making is training on the tools and processes to equip the team. There’s so much noise going on that we forget to pay attention to what is in front of us ,and we’re not doing a good job of paying attention to that stuff. We want to work on our processes and make sure the staff that we have can actually be equipped to work with what we are implementing.

Finding Value And Efficiency

Tanaz Choudhury, President of Houston-based TanChes Global Management

I plan to re-evaluate our stack like we do every year. Security is something that we obviously want to be innovative with. At the same time, we want to ensure that it‘s not just a fad that we’re buying into and it actually has chops. The whole idea is to go for products that have value, or can add value to our existing products. Efficiency is really important, and so is security. So, if the product can deliver these two items and check those two boxes off, that‘s something we look to invest in. We’re not averse to new technologies. We love innovation. But by the same token, I just want to make sure that the product is solid before it makes it to our stack and, obviously, before it makes it to our clients.

Education

Manuel Villa, President of San Antonio-based Via Technology

Education and business process optimization. We‘re teaching the folks all about cybersecurity all over again so we take that back to the streets. The technology stack is there, but it’s human error that‘s causing all these problems.

Marketing Investment

Kurt Amos, CRO and Managing Partner at Coral Springs, Fla.-based Netverta

Security is going to be one of our core pillars. We have our own UCaaS platform and we’ve been leading with UCaaS and CCaaS. But in Q2, we’re going to lead with cybersecurity, and that’s going to be our lead for our marketing endeavor. We’re just talking about it now, and it’s going to happen.