Ah, outsourcing. There’s a long and successful history and well-understood principles underpinning the now-familiar concept of outsourcing IT or any other specialist function to ‘the professionals’. It works because it makes sense: not an expert in [whatever], but [whatever] is essential? Hand it to those who are the experts. It works for general IT. And it works for security, too.
It isn’t only individual businesses recognising the necessity for an outsourced specialist handling their security requirements, although that is a big proportion of our business. Increasingly, we’re seeing Managed Services Providers, to which technology support is handed, themselves handing on a portion of that work to even more specialised specialists.
That may seem like some Inception-level mind-bender, though it is anything but. Security is a big deal for every company, and it is also a highly specialised field. There have been multiple cases of MSPs falling foul of a hack, with the resultant contagion drawing in multiple government agencies and corporate companies.
This MSP, like any other, has a lot on its plate. Most of the work of these companies is in supporting people with their computers, software, and deskside gadgets like printers and so on. They’ll also get involved in some strategic stuff, like cloud migrations, infrastructure and architecture, roadmaps.
Within and surrounding all that is security; security, of course, encompasses technology, process and people. It is also far less procedural than most other IT disciplines, and it is subject to even more rapid and unpredictable change than the industry at large.
The division of labour
From a theoretical standpoint, the notion of the division of labour into smaller tasks in which individuals might become highly proficient has a long and successful history. The Scottish economist and free market pioneer Adam Smith famously broke down the manufacture of pins into 18 individual tasks. Do so, asserted the 18th century thinker, and ten people could produce 48,000 pins daily. One man on his own, by contrast, might not produce one in the same timeframe.
The point made is as relevant today for security (or any other specialised task) as it was then. By hiring a Managed Services Provider, the concept of division of labour is being applied.
In hiring a security specialist, the MSP does precisely the same thing (though our approach is White Labeling, so our expertise is delivered under the umbrella of any individual provider).
Skills, personnel, and costs
The arguments for a Managed Services Provider are familiar: IT skills and personnel are costly for every business. If your business is not IT, those costs are prohibitive, and the skills aren’t needed all the time (driving up the effective cost; imagine the mischief of idle IT people in the basement).
By contrast, the MSP offers more rewarding and perhaps better paid work for the basement-dweller. They are kept busy across multiple clients, and deal with multiple issues and tasks, rather than the limited requirements of a single company.
This helps retention, and done well, the higher total productivity of any individual qualifies them for a better pay packet.
You can see where this is going. As a Managed Security Services provider, we do exactly the same for our security specialists. They have more work, they solve more interesting problems, they enjoy their job, they add more value (and therefore get paid well) and we make more hires (and staying is more likely).
They say the proof is in the pudding, and yep, we’ve got pudding. We’ve made numerous hires of highly experienced, highly motivated, and highly capable people in recent times. We’re actively growing our headcount (see our News page for details), and we’re actively adding more and more MSPs who appreciate the idea of applying the same principles underpinning their fundamental value proposition, to their own businesses.
Adam Smith knew division of labour was smart back in the 1700s. It remains just as smart today.