From the Verkada breach, which exposed thousands of security cameras at Tesla and many others, to the Molson Coors breach, which shut down production, recent breaches of IoT and OT are getting plenty of press 1,2 . This raises the question of when a notification of potential malicious behavior arrives, who will answer the call?
Real time systems need real time response opening the door for security service providers to fill the gap. If you are a cybersecurity provider but don’t have answers for your customers, you may be missing out. Gartner is projecting a 22% growth rate through 2024 in professional services for securing IoT and OT. However, security technology providers continue to struggle to overcome end-user adoption hurdles for securing IoT and OT, because they often fail to operationalize security. Product managers focused on security services must align their service capabilities with the end-users’ maturity and vertical needs to capitalize on IoT/OT through Managed Security Service Providers (MSSP) and managed detection response (MDR) services.
A quick chat with Otorio’s CEO Daniel Bren revealed several challenges that many end-user organizations face. Otorio offers security orchestration, automation and response for OT security, and an MDR service for industrial organizations. In our discussion, Bren began by outlining the big issue, “It’s not just understanding OT security, it’s about understanding OT security within a certain vertical, contextualizing the risk.” With ransomware attacks on the rise, enterprises need a better strategy than buying up millions in cryptocurrency. Bren added, “Show me how you can stop a ransomware attack, not just known vulnerabilities like Stuxnet.” This capability is an imperative in this environment.
Security providers must go beyond developing technology solutions alone. Becoming a trusted advisor and adding value to enterprises will require a higher touchpoint approach for growing your solution offerings. Conversely, a few technology providers have started to partner with MDR and MSSP providers like, Nozomi Networks, which offers a multi-tenant OT and IoT for managed security service (MSS) and MDR service providers. As we think about security for IoT and OT, we should align our ideas with the customer journey. The figure below is an example of services, technology and hybrid solutions, and services that can be offered in this area. Assessing, designing, governance, implantation, and—ultimately—incident response and compliance are organic service categories that can align with the customer’s needs at each stage. Further, some end-users will productize their digital transformation efforts, leading to increased needs for security, testing, and product lifecycle management services.
Product managers responsible for product planning in security services must:
- Capitalize on IoT/OT security by aligning services along the IoT/OT end-user maturity journey, as doing so enables end-user adoption with service capabilities that include assessments, design, governance, and operationalization for incident response and compliance.
- Technical solution and service providers must strengthen their channel partner programs to support a multi-staged approach to security services that is seamless for end-users.