Is Your Microsoft E5 Security Expert Truly Qualified? Find Out on Our Podcast!
Hi. Max Clark. If you are a Microsoft 365 enterprise, you've heard about Microsoft E5 Security. And you're probably looking at it and you're probably looking at it really seriously. So if you don't know what E5 Security is, it is Microsoft's bundle on top of 365 that gives you access to tooling like an EDR like email filtering like a sim platform so foundational tooling that you need to improve your security posture so why is this a big deal well well first off it's Microsoft bundling more software together to make the 365 platform more valuable to you it's also competitive in the sense that pricing for these things are fantastic if you're comparing against the alternative EDR and SIM platforms and so now you get everything in one stop shop from Microsoft in one platform.
Speaker 1:So e five secondurity has been an amazingly disruptive security suite of tools and bundle that we're seeing drastically changing the landscape of managed detection response vendors and MSSPs to come into the marketplace and serve enterprises. Now here's the problem. Here's a negative with this is everybody is now a Microsoft E5 secondurity expert. And when everybody's an expert how do you tell which ones are? What do I mean by this?
Speaker 1:It is really easy to become a Microsoft partner or to be a MSP and then claim that you're a security practitioner. What are you gonna do? We're gonna we're we're e5 secondurity. We know exactly what we're doing And this is where you run into trouble, not knowing how to quantify and qualify who you should be doing business with, who you should be paying, who knows what they're talking about, who can actually protect your business, answer the phone call in the middle of the night, etcetera. So if you're evaluating and looking into and thinking about Microsoft T5 Security and you're already a Microsoft 365 enterprise, you should absolutely be looking at it.
Speaker 1:But now you need to think about who's gonna be configuring it, who's gonna be monitoring it, who's gonna manage it, who's gonna be accountable to you to make sure that it's working properly, configured properly, and actually you're getting what you're paying for and what you need out of it. We've done a lot of work on this. There is a lot of people. There's a lot of logos. There's a lot of private equity money coming into this and rolling up a lot of different security players and building larger and larger companies.
Speaker 1:And this isn't bad. It's actually in a lot of ways probably pretty good because you need a MSSP, you need an MDR company that is operating at scale in order to actually give you what you want at an efficient price point. So great thing about technology is as technology moves forward, it's compresses and costs and gives you more value for the same dollar. And the same is true when you start talking about when you start talking about industries that are becoming more competitive or more mature. The old saying of your margins by opportunity really starts to come into play.
Speaker 1:So money coming in and acquisitions and mergers and roll ups are a good thing in this space because you start talking about the cream rising to the top people that are efficient and delivering at scale. These are all good decisions for you. So what are some of the questions that we ask and we talk about when we're evaluating new providers for our portfolio or when we're going through and doing our fire RFIs, RFPs, bake offs, whatever you wanna call it for our clients. 1st and foremost is describe your team. How many people do you have?
Speaker 1:Yes. How many people do you have? What are their qualifications? Where are they? How are you organized?
Speaker 1:What is your HR hiring training advancement processes like and this is also very important. Does the provider have the ability to take and hire new talent? Do they have internship programs? Do they have relationships with with the universities? Do they have a training program?
Speaker 1:Can they take somebody in an entry level and help that person level up inside of that organization and advance their career? These are things that are really valuable because you want your team. First off, if you've got a lot of churn, it's just really expensive for that company to be constantly hiring and constantly churning and constantly replacing. And and, oddly, a lot of times, a lot of churn comes from companies that refuse to invest in their people and that ends up becoming more costly for them. Okay.
Speaker 1:But let's do that a different video. So how do they attract? How do they hire? How do they retain? How do they advance?
Speaker 1:Right? So this is a really good question to start with and something we look at very carefully. Then we talk about where you where they located? Are you running offices? Are you in the geographies that you need?
Speaker 1:What kind of time zone coverage do you need? The what kind of industry are you in? Can you so for instance, there's certain industries where you have to have US citizens in the United States working on your infrastructure so if you have those sort of requirements you can't work with a company that maybe has a sock in Ireland it's probably not gonna work out for you so what kind of geographies they located where their teams are located how much history do they have with the product or with the service something that I've done for years now that we we really look at is is there an existing price list or in skew list companies so in addition to prices and skew list you can ask things like do you have cut sheets do you have markets marketing slicks do you have what kind of assets and collateral do you have a company that has taken the time to productize a pricing calculator a skew list a cut sheet a price list a marketing collateral this is usually indications that service is mature for them it takes a lot energy to actually produce those things so when I find providers that are saying that they offer a service and you're getting information or you're getting a quote that's being being put together by hand in Microsoft Word, it's not necessarily a bad thing, but it's a data point.
Speaker 1:And it's a data point that you need to pay attention to and think about when you're stacking when you're stacking that provider up against competitors. What else do we wanna know? We wanna know what kind of support process they are. You hear lots of things about, like, oh, we run a pod pod architecture, pod based architecture. Like, okay.
Speaker 1:Great. Well, how does that actually help? Is that good? Is that bad? What's your instant response process?
Speaker 1:In the security world specifically? It's like okay Are you here just to manage the tools or are you here to do an instant response remediation? What does the clients team need to do? What do you do for the clients team? How much is automatic?
Speaker 1:How much isn't automatic? There's a big gap a lot of times with with enterprises that think their security vendor is just gonna take care of things for them. And the security vendor is like, no. No. No.
Speaker 1:We just tell you when stuff is happening, and then you have to take care of it. We're not here to actually do that. We can't. We're legally not we're not allowed to based on our contract. Right?
Speaker 1:So understanding what the lines are between your teams and the provider's teams, very important to define. Let's see what else. Do they have rest of referenceable customers? Right? Like, that's a basic one, but let's talk about that for a second.
Speaker 1:It never ceases to surprise me in my my headset's falling off here. So let me let me take a quick second and fix this here. Way better. Okay. Do they have referenceable customers and will those customers actually, like, talk to you?
Speaker 1:Right? Again, if if you've got a mature practice area and you can't get 3 companies to raise their hand and say, yes, I'm willing to talk about you and that you're a good good partner for us to work with, that's a pretty big warning sign. How do you separate your presales to implementation to engineering to change management to actual operations, your sock, like like, what's your process? What kind of process you're getting into? How do you make changes?
Speaker 1:How do you grow? How do you contract? These are things that you wanna know. And the point with all this is every Microsoft adjacent enterprise service provider, telco, network services provider, data center colocation cloud company, managed services provider, IT consultant, wiring company, etcetera, is going to be advertising services related to cybersecurity because of course there's a lot of revenue there and it's it's sexy and there is an absolute value with having a single vendor involved in single invoicing it is great when you can take and leverage an existing contract and add services onto it especially if that service provider can deliver it for you the scary thing for me in my position is when we see companies making these decisions and you start digging into the service provider a little bit and you find out like hey there is only 9 people here on the security team and and you're like okay wait a minute there's 9 of you how are you going to manage a 247 incident response like compat your capability? I mean, the answer is they can't.
Speaker 1:They just there's not enough people there. What what they're what they have to do is they have to go to some sort of pager based deal. And the issue with that becomes let's just say 500. We'll just use 500. You're a 500 person business.
Speaker 1:In a lot of cases that that puts you some people will call you a SMB still. Some people will call you small enterprise. Let's just say it's 500 person business. If you have a cyber event with a 500 person business, you're talking about a lot of devices and a lot of data and a lot of information that has to be looked at, analyzed, evaluated. A decision has to be generated around it.
Speaker 1:So while all that's going on now you also have to have a communication cycle. Right? There has to be communication between the enterprise and the service provider that's managing and running that incident. So now how what's the communication line? I mean, if you're if you've called into something that's fired off a pager duty and somebody's gotten been woken up 3 o'clock in the morning and they're the one running the incident for you, they're trying to dig through some data and EDR data and figure out, like, what's necrotic on the in your infrastructure needs to be cut off and what's okay?
Speaker 1:That person isn't necessarily the person you wanna be like talking to and trying to get updates for you to communicate with your peers, your team, your boss, your ownership, whatever that that looks like on your side because there just isn't anybody to talk to. Right? So that's that's the evils on the very small side now on the on the very large side you run into the you run the risk of falling into the bureaucracies where you just get lost and that's not great either. There is this thing of understanding what you're looking for. Can they deliver when you're picking a service provider?
Speaker 1:Can they give you what you need and what you actually are are paying for or not? And what are the trade offs that you're making? Are those trade offs to those trade offs work for you or not? Yeah. Well last last thought here before I go.
Speaker 1:Last thing that I really look for in service providers is we're we're doing this with our clients is can they grow with a client or not? Yeah. Very common in cybersecurity. It starts with a tool and a tool deployment. Maybe it's just, hey.
Speaker 1:We we gotta get our EDR deployed. We haven't had been successful getting this thing rolled out Or maybe that unwinds a little bit too. We're trying to get our MDM working properly. If you start with that and you say, okay. Great.
Speaker 1:Now we need we wanna integrate an EDR, MDM, and then we're gonna do an EDR. And then usually if it's it's I'm in single sign on and multifactor authentication kind of all, like, in that looping. And then a couple months later, you come back and you say, okay. Great. Now we wanna do network based sniffers.
Speaker 1:We need to do pen testing. We want to do asset vulnerability management. We need to patch management. We wanna do security and gateway, we wanna do DLP or CASB, or we need to have a secure web gateway, or we need to have auditable remote access. I mean, there are a lot of different acronyms and and solution sets within this, like, cyber domain.
Speaker 1:You wanna get a response out of that vendor that you selected, that provider that you selected. I'm like, yeah, absolutely. We can take care of that. We can help you with this. It's really aggravating when you come back to a provider.
Speaker 1:You say, hey. We're we wanna do this. And they say, okay. No. We can't do it or we can do this, but we've partnered with this crazy cockamamie company that you've ever heard of to deliver this functionality because we got a good resell rate on it.
Speaker 1:And and it's those conversations that 14, 16, 18 months down the road when you're when you're looking at that kind of expansion that also become really aggravating if you didn't plan for it up in advance. And the scary thing about it is people doing this for the first time and buying this kind of service for the first time. If you don't know the road map and you don't don't know where you're I mean, like, it's like, okay, we're at we're at 0 and, like, we're just getting off the starting line and you're like, okay. Great. We need to solve these problems right now.
Speaker 1:But now you've gotta figure out, like, there's there's a lot of steps involved. That's your early innings on this thing. We'll use a baseball analogy. If you're if you're solving a problem in any one, if you've got 8 more innings of baseball to go that you've got to be ready for. And maybe you're gonna call this together with different providers and maybe you're looking for a single provider that can grow with you and do it all for you at the same time.
Speaker 1:So I'm worried for and I'm very cautious with people that are in the market signing contracts with a company that I think has a deep bench of expertise that can support them and can offer configuration management and assistance and yada yada yada, especially in the Microsoft E5 Security world and then they find out they just can't. I'm Max Clark. I hope this helps. If you have any questions, drop me a comment, send me a message, and we'll help more
