An Adelaide security specialist anticipates its new, hosted instance of enterprise-grade security software will drive strong demand from small to medium enterprises (SMEs) struggling to pay the “insane” costs required to run such platforms and staff the security operations centre (SOC) to support them.
OpSys, which has already established itself as a cybersecurity consultancy with strong ties to the South Australia-based defence industry, this month launched a hosted instance of FireEye’s Helix security platform that it is now reselling to SMBs on a per-endpoint basis.
The firm has also established a SOC to support its customers and is looking for more security staff – it currently employs a pair of FireEye-certified engineers – to join a team that is available to co-ordinate incident responses for even small businesses.
“We’ve been able to deliver a top-end enterprise platform to the SME space,” managing director Matthew Fabri told CSO Australia. Those capabilities are normally elusive not only because of their high licensing costs but because strong market demand has driven up the cost of specialised security staff to support them.
“If you look at what a top-end security specialist costs these days, the types of people you’re going to get to your business are only going to be there for a short amount of time,” Fabri said, noting that combining the licensing costs of a high-end security platform and the salaries of skilled security specialists had pushed the “insane cost of running a proper, secure facility” well into the six figures per year – well out of the reach of most SMEs. “These small businesses don’t have the millions of dollars to inject into a cybersecurity posture.”
Repeated surveys have underscored the challenges that SMEs face in keeping up with the fast-changing security landscape: the recent IDG Enterprise Security Priorities Survey, for example, found that security-driven hiring and organisational structures are more common among larger organisations than smaller ones.
Many SMEs were racing to embrace cloud services whether they have appropriate security controls or not, one recent survey found, driving some security firms to develop SME-focused bundles of products designed to get even the smallest business to a certain level of capability.
Yet even if SMEs could afford top-tier security staff, keeping them is another matter, Fabri added. “These guys want to be involved in the exciting stuff – but working as internal security at XYZ company they will be dealing with all the daily boring stuff on a daily basis. So businesses will have a high security turnover. The capability of what we have is that we have these technicians working for us – and we provide a great environment for them to work.”
Cloud providers have also been pushing security as a key capability as they target new markets: IBM, for one, recently rolled a range of security capabilities into its Cloud Public infrastructure offering. Gemalto this week debuted SafeNet Data Protection On Demand, a centralised cloud-based platform with a range of compliance-focused security controls. And European cloud giant OVH this year acquired VMware’s vCloud Air business and recently debuted the Australian instance of its Private Cloud offering bearing a range of security certifications and a partnership with OpenStack that will bring its Public Cloud Passport Program authentication initiative to geographies including Australia.
Such investments reinforce the push by OpSys to extend the reach of cloud-based security services, and Fabri believes its focus on putting such capabilities within reach of SMEs will ensure strong demand going forward. This, on the back of “absolutely exponential” growth in recent months, will keep the company busy looking to land security experts even as it expands its SOC and associated response programs to meet strong demand.
The debut of the hosted FireEye platform is also designed to tap into ongoing anxiety around the looming introduction of Australia’s Notifiable Data Breaches (NDB) scheme and subsequent implementation of the European Union’s General Data Protection Regulation (GDPR) program.
Onboarding customers takes around a week, during which time OpSys engineers inventory the customer’s critical infrastructure and develop resilience plans that can be wrapped around the FireEye platform and associated response strategies.
“A lot of the coming reporting has scared a lot of people,” Fabri said. “Many are putting their heads in the sand, and many are still hearing about it for the first time. But we’re trying to get SMEs up to date, and to understand that they face the exact same threats that the top 100 businesses in the world face. The key is to move from being reactive to threats, to providing a more proactive posture.”