A first-hand reporting account. The keynote for MSSP Alert Live in DC was a chat with Ryan Orsi from Amazon Web Services focused on MSSPs and Partners. His title — Worldwide Consulting Partner Practice Lead. I had the chance to ask a pair of questions at the MSSP Alert Event this week in DC.
Did you know they have a security-focused partner program? You might not have — and interestingly, It has a set of standards around the deployment of AWS. Their plug — it’s AWS.amazon.com/MSSP/
I focused on two questions — first, asking about the premise of security vendors selling tools like arms dealers and benefiting by having the problem. His answer was savvy — his focus was operationalizing security into organizations. I’ll take it — if the approach is to bake security in, rather than a sold add-on, you can see it as the way to deploy solutions.
Ryan also mentioned a vetting process (and an audit) for entering the program. So I asked – is the program about a small number of curated partners or a broad engagement? His answer emphasized the audit. He walked the line to encourage recruitment, while the lead emphasis was on that vetting process.
Scott Barlow of Sophos reinforced the intensity of this audit process on stage, citing his organization’s work to do so.
Why do we care?
It’s an insight into the security world — not everyone can do it. And not everyone should. It’s easy to say “partner” as the answer for adding capabilities, and I’d challenge that again; it’s a good sales answer but not a panacea. Not all organizations magically partner and solve the problem. There’s going to need to be more vetting in the process for sure. You can see it happening across the market — from the new cyber rules out of the government to programs like this. IT services companies need to be asking – can we do this?