Amazon Web Services has shifted the AWS re:Inforce 2022 cybersecurity conference to July in Boston. Earlier reports suggested the event was set for June 2022 in Houston. Amazon says the conference will focus on cloud security, compliance, identity and privacy.
AWS re:Inforce 2022 could provide a timely reality check for MSSPs that focus on public cloud security services. Indeed, the cloud giant in August 2021 unveiled a Level 1 MSSP Competency for AWS Partners that provide security and monitoring as a fully managed service. Multiple Top 250 MSSPs and Top 40 MDR (managed detection and response) service providers earned the competency at launch-time.
It's a safe bet many of those MSSPs will be on-hand for the AWS re:Inforce 2022 conference. No doubt, AWS is also seeking to certify more MSSPs to protect cloud workloads. Service providers that are interested in the competency can focus on such managed security service domains as:
- Application security
- Cloud security best practices and compliance
- Host and endpoint security
- Network security
- Threat detection and response
- Vulnerability management
Public Cloud Security and MSSPs
Why are cloud providers engaging MSSPs? The short answer involves end-customers — many of whom are (1) short on cyber talent and (2) poorly equipped to properly configure and maintain public cloud services.
Indeed, 90 percent of organizations are susceptible to security breaches due to cloud misconfigurations, according to the “2021 Cloud Security Report: Cloud Configuration Risks Exposed” from application lifecycle security company Aqua Security.
As a result, end customers are pursuing MSSP and MSP partnerships to address such areas as cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM).
Indeed, annual CSPM spending will reach $9 billion by 2026, up from $4 billion in 2020, according to Markets and Markets. That’s a 14.4 percent compound annual growth rate.
On a related note, 41 percent of our Top 250 MSSP survey participants already offer CSPM to their end customers, MSSP Alert research found in September 2021.
AWS, Microsoft Azure and Google Cloud: Engaging MSSPs
Eager to mitigate cloud security risks, the major cloud providers continue to more closely engage MSSPs in multiple ways.
For instance, Microsoft continues to aggressively expand MISA — the Microsoft Intelligent Security Association. MISA is designed to drive software integrations and interactions between MSSPs and ISVs (independent software vendors) and Microsoft Azure Sentinel for cloud=based SIEM, among other areas of opportunity.
As of August 2021, MISA had 67 MSSP members that supported 165 managed security services as of August 2021. Furthermore, MISA reported that 176 ISVs delivered 259 integrations as of July 2021.
Somewhat similar to MISA, Amazon Web Services (AWS) in August 2021 introduced the Level 1 MSSP Competency for AWS Partners as it tries to foster new partnerships with MSSPs and ISVs. AWS Partners can earn this competency to deliver AWS security and monitoring as a fully managed service.
Also, Google Cloud acquired Siemplify in January 2022 and Mandiant in March 2022. The Siemplify business has MSSP partner experience — which could bode well for Google as the company strives to counter AWS and Microsoft Azure in the cloud security partner ecosystem. In stark contrast, Mandiant has been known to both compete and cooperate with MSSPs and cybersecurity consulting firms — especially in the Incident Response (IR) market.
Next up, we'll be watching to see what new MSSP messages AWS shares during the re:Inforce 2022 conference.