Interviews - News - Analysis: For successful growth with Managed Security Services

We want control.

When we have more control over things, and it sounds a bit strange that we want to have that control, we do it because it allows us to move the infrastructures that are a problem. For us, it was all about making sure that the people with us who provide the technology and the service cover the issue as quickly as possible and lose less time.

The start of the MSS journey

Craig explains that his company’s transition to managed security services was born out of necessity. Originally operating as an Internet Service Provider (ISP), the company realized that traditional support was no longer sufficient to meet the growing demands of its customers. ‘We had a lot of our engineers on the phone with customers who couldn’t solve problems fast enough. We knew we could do better,’ says Craig. The introduction of MSS allowed the company to gain more control over the services provided. This meant that issues could be resolved faster and overall service quality improved.

Structure and growth

A decisive step in the development was the structuring of the team into typical 1st, 2nd and 3rd line support levels. In addition, a Proactive Security Monitoring and a Proactive Security Team were established. These teams act not only as support, but also as consultants and architects for security solutions. Since Craig joined the company, the team has grown significantly. From the original 15 employees, the company has grown to over 60, with almost half of the company made up of security and support staff.

Important pillars of the managed security portfolio

For IT service providers who want to offer MSS, it is crucial to evaluate and optimize their customers’ existing security measures. Craig emphasizes that a basic security review is necessary to identify and target risks. His company relies on proven partners such as Sophos and MIMECAS for email filtering and endpoint security. Another important point is the 24/7 provision of security services to offer customers round-the-clock protection. This relieves the burden on customers’ internal teams and ensures continuous monitoring and fast response times in the event of an emergency.

The road to success

The success of MSS relies heavily on close collaboration with customers. Craig explains that it is important to take a step-by-step approach and support the customer at every stage. This includes a roadmap that ranges from day one support to the introduction of further security services in the following months. Standards and certifications such as ISO 9001 and ISO 270001 also play a major role here. These help to standardize processes and ensure that new services are introduced and implemented correctly.

A look into the future

A look into the future shows that new technologies such as artificial intelligence (AI) will play an important role in the further development of MSS. Craig emphasizes that it is important to work closely with vendors to identify new developments early and integrate them into your portfolio. However, the introduction of new services requires careful planning and training of teams to ensure that customers continue to receive the best possible security solutions.

'If we have more control over things, and it sounds a bit strange that we want to have control, but we do because it means we can change the things that are a problem.'

MSP Journey · Managed Security Services · Sophos & Olaf Kaiser · Portraitbild Craig Faiers
Craig Faiers
Arc Systems Ltd.
Olaf Kaiser:

When and how did the journey of managed services begin in your company?

Craig Faiers:

It was an unusual journey for us, because we were already 20 years old. It started with support. What we did with other solutions was that our customers wanted a better service. We were an internet service provider at the time because we offered internet through an ISP in the UK. We had a lot of our technicians on the phone with people and we couldn't solve the problem as quickly as we wanted. We said, we can do better than that. That's how we really grew. Over the years, we've done a lot of negotiation and partnered with the best suppliers to provide the best experience and service in terms of maintenance and specific times. When we have more control over things, and it sounds a bit strange that we want to have control, but we do because it means we can prioritize the things that are a problem. For us, the most important thing was that the people delivering the technology and service do it as quickly as possible and waste less time.

Olaf Kaiser:

And when did you decide whether you might need to change something in your internal processes or structures?

Craig Faiers:

The world we live in now, with fast communication via the internet, means that we can solve 95 percent more of the problems we see with everything we do. Our team has grown a lot in that time. When I joined the company, we were about 15 people. Now we're over 60 and our team makes up almost half of the company. We have structured it into a typical 1st, 2nd and 3rd line. But we also created Proactive Security Monitoring and a Proactive Security Team, which then work through the 1st, 2nd and 3rd line in an architect style and less from a support perspective.

Olaf Kaiser:

Let's take a look at your portfolio in terms of managed or managed security services. What are the main pillars of the portfolio if you want to convince me to become a new arcsystems customer?

Craig Faiers:

The first thing we like to do when we bring someone in is to see what they already have. If we already have an antivirus program, we need to look at what the antivirus program does. It's about visibility, what we can see. And whether there are the right providers. We chose Sophos and MIMECAST for email filtering and endpoint security. We also use Sophos's MDR service, so we have round-the-clock security here too. This means that our team doesn't always have to be online.

Olaf Kaiser:

Because support is available around the clock anyway.

Craig Faiers:

Normally we sit down with the client and do a security audit to find out what the risks are in terms of user mobility and how the client is setting up their clients. Because sometimes we see clients who need to send information securely but are not using their email securely. So it's important to have a good basis to identify the risks, and then we can eliminate those risks by using these special services. Because our customers don't want to worry about their security themselves. They want us to do it for them. And they want us to tell them that they have the best information so that they can be sure that they can do what they do as a business, and we do what we do as a business, and we combine those two things.

Olaf Kaiser:

How did you develop this basic safety audit?

Craig Faiers:

Some of these applications come from the Cyber Essentials System, which is a government framework that everyone in the public sector should be using. It's also an important part of the trends, and we're seeing a lot of security issues and applications coming from cyber insurance companies. A lot of cyber insurers now want to see that you have your Microsoft 365 score and your Cyber Essentials so they know they're not at risk. That makes it easier for them in terms of security, but also for customers. The basis is a mixture of us, the industry standards and also the providers.

Olaf Kaiser:

Is there a kind of roadmap that you guide the customer through?

Craig Faiers:

Yes, absolutely. I think we've seen for years that customers start with support. Now we're finding that we have customers who give us five or six services on day one. That makes it more difficult for customers because they have to use all those services. But if we understand that, we can help customers understand what we can overcome. Maybe we start with support and say we'll support you on day 1 of day X. And then, in three months, we'll look at the email filter. A few months later, we'll add virus protection and when the time is right, we'll include M365. Because, as I said, we want to have control over our customers' systems as quickly as possible.

Olaf Kaiser:

What are your plans for the managed service at ARC Systems? What are you going to buy, test or evaluate?

Craig Faiers:

We talked about MDR earlier. It's relatively new on the market. It's about being close to the suppliers so that you know when something new comes onto the market. And you know how it fits into your own product portfolio. Sometimes it's difficult to know what the future holds. There is a lot of AI that suppliers are building into the software. That also brings with it a lot of fear. But there are also a lot of vendors bringing AI into security and distribution. We are ISO 9001 and ISO 270001 certified and therefore work in a very process-oriented way as a company. We can't just say, 'Here's a new service, we'll introduce it tomorrow,' because we need our teams to be as trained and accredited as they need to be so that we can communicate properly.

MSP Journey · Managed Security Services · Sophos & Olaf Kaiser · Portraitbild Craig Faiers

Profile

As an IT manager, your day shouldn't be all problems. That's why Arc Systems exists. We've been looking after our customers for over 30 years, making sure people like you stay where they belong: up to date, in the know and at the top of their game. Arc Systems is an award-winning, ISO 9001 accredited UK managed service provider. Our comprehensive desktop to data center support, strategic offering and reliable, friendly service enable CIOs and IT Directors to free themselves from problems and get back to leading.
Craig Faiers
Group Sales Director
Arc Systems Ltd.
Unit 9, Carnival Business Park Carnival Close Basildon
Essex SS14 3WN

Related articles

Appetite for risk.

Jason Fry, who has already sold an IT company in the UK and has been successful in the UK market with his start-up adnitor since 2019, talks about the managed security aspects that are important to him. Jason says, among other things, "we understand that the traditional way of supporting and managing IT needs to change". And what are the most important security services for him and what makes them successful? What is the "customer experience level" that is important to him as a supplement to the technical SLA?