Ibexlabs, a Top 250 Public Cloud MSP, has achieved the AWS Level 1 Managed Security Service Provider (MSSP) Competency. The AWS MSSP competency, launched in August 2021, identifies partners that are "fully prepared to deliver class-leading managed security services to protect and monitor customers' essential AWS resources 24/7."
The Ibexlabs news is part of a larger trend in the public cloud security market. Indeed, both Amazon Web Services and Microsoft Azure have been working hard to engage and train MSSPs. And there are anecdotal signs that Google Cloud also plans to open its arms to MSSPs.
AWS, Microsoft Azure and Google Cloud: Security Risks
Why are cloud providers engaging MSSPs? The short answer involves end-customers -- many of whom are (1) short on cyber talent and (2) poorly equipped to properly configure and maintain public cloud services.
Indeed, 90 percent of organizations are susceptible to security breaches due to cloud misconfigurations, according to the “2021 Cloud Security Report: Cloud Configuration Risks Exposed” from application lifecycle security company Aqua Security.
As a result, end customers are pursuing MSSP and MSP partnerships to address such areas as cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM).
Indeed, annual CSPM spending will reach $9 billion by 2026, up from $4 billion in 2020, according to Markets and Markets. That’s a 14.4 percent compound annual growth rate.
On a related note, 41 percent of our Top 250 MSSP survey participants already offer CSPM to their end customers, MSSP Alert research found in September 2021.
AWS, Microsoft Azure and Google Cloud: Engaging MSSPs
Eager to mitigate cloud security risks, the major cloud providers continue to more closely engage MSSPs in multiple ways.
For instance, Microsoft continues to aggressively expand MISA — the Microsoft Intelligent Security Association. MISA is designed to drive software integrations and interactions between MSSPs and ISVs (independent software vendors) and Microsoft Azure Sentinel for cloud=based SIEM, among other areas of opportunity.
As of August 2021, MISA had 67 MSSP members that supported 165 managed security services as of August 2021. Furthermore, MISA reported that 176 ISVs delivered 259 integrations as of July 2021.
Somewhat similar to MISA, Amazon Web Services (AWS) in August 2021 introduced the Level 1 MSSP Competency for AWS Partners as it tries to foster new partnerships with MSSPs and ISVs. AWS Partners can earn this competency to deliver AWS security and monitoring as a fully managed service.
Also, Google Cloud acquired Siemplify in January 2022 and Mandiant in March 2022. The Siemplify business has MSSP partner experience — which could bode well for Google as the company strives to counter AWS and Microsoft Azure in the cloud security partner ecosystem. In stark contrast, Mandiant has been known to both compete and cooperate with MSSPs and cybersecurity consulting firms -- especially in the Incident Response (IR) market.