vCISO Services Bring Security, Compliance Together For MSPs

‘vCISO services have become one of the main tools that enables you basically to address Wall Street, make money out of it, and provide those services to your end clients. vCISO services is indeed a huge opportunity,’ says Royi Barnea, vice president of channel sales at Cynomi.

This year will be the year of the virtual chief information security officer, or vCISO, as concerns about security and compliance take center stage in a world where most SMBs cannot afford to hire their own CISOs or other top-notch security specialists.

That’s the word from Royi Barnea, vice president of channel sales at Cynomi, a Salem, N.H.-based provider of a vCISO platform, who Monday told an audience of MSPs at the XChange 2024 conference in Orlando, Fla., the need to address security and compliance has become crucial in businesses of all sizes.

“Basically, compliance is becoming more tight, more compressed, if you have a client that needs to be directly under any type of regulation,” Barnea said. “And cyberattacks are something we're all familiar with.”

vCISO services have become kind of an insurance MSPs can offer their business clients, Barnea said.

“vCISO services have become one of the main tools that enables you basically to address Wall Street, make money out of it, and provide those services to your end clients,” he said. “vCISO services is indeed a huge opportunity.”

Cynomi last year worked with a third-party company to survey over 250 service providers to understand their use of vCISO services, Barnea said.

“About 19 percent of service providers indicated they are offering it, meaning 81 percent are not,” he said. “We asked them if they planned it for the upcoming year, and 86 percent of the service providers in North America indicated they're planning to add vCISO services to their offering to their clients. This is huge.”

When asked what they are looking for from vCISO services, they indicated first and foremost they want to expand cybersecurity offerings and improve core efficiency, Barnea said. “You’re looking for automation, efficiency, and of course to improve your profitability,” he said.

When asked about the expected benefits of implementing vCISO services into their practices, 44 percent of service providers said they expect it to be an easy upsell, 43 percent said they expected it to improve margins, and 42 percent said they expected it to improve customer security, he said.

When it comes to vCISO services, Cynomi differentiates itself by positioning itself as a true vCISO platform, Barnea said.

“We have the only platform looking at cybersecurity gaps and compliance gaps as well,” he said. “We truly believe that if a client is compliant, it doesn't necessarily mean it’s secured. And if it’s secured, it doesn't necessarily mean compliant. We literally cover two sides of the coin. That's the most important thing.”

Cynomi is also the only vCISO platform developer that sells exclusively through the channel, Barnea said. And, he said, it understands that every client is different.

“Cynomi has 16 to 19 questions in its onboarding questionnaire for each of your clients,” he said. “And according to the answers, it will automatically populate the relevant frameworks and domains and assessments relevant to that specific client.”

Many businesses struggle with security and compliance issues because the reports they receive from their vendors are difficult to understand, Barnea said.

Service providers who partner with Cynomi will see improved client retention, improved efficiency with automation, decreased time to convert leads to customers, increased recurring revenue, increased upsell opportunities, a chance to close clients’ security skills gaps, and the ability to standardize processes and automate procedures, he said.

Barnea said there are three primary use cases for vCISO services. The first is to offer clients those services on a continuous basis, to offer them as part of a one-time assessment, and to use it as a way to prospect potential new clients, he said.

Channel partners can also offer Cynomi’s vCISO services to clients as a DIY technology for those with high-level skills, or they can do the services in conjunction with their clients, or they can do the service for their clients, he said.

Jonathan Gibney, CEO at Southridge Technology, a Brookfield, Conn.-based MSP, told CRN that his company has yet to dip its toe in the vCISO waters.

“We're sort of playing on the periphery of it,” Gibney said. “Our clients, in some cases, have sort of this natural expectation that we provide the service automatically. But that's usually because they don't understand what's involved in it. So really, this is pretty exciting. I hadn't heard of Cynomi prior to this. And it sounds like they have put together a good solution.”

Southridge Technology already provides security-related services, but in most cases, it is not supplying the accompanying compliance certifications, and similar components, Gibney said.

“That's where this really seems like it'll fit well, because Cynomi provides that extra layer,” he said. “The two components, the security side and the compliance side. Many people in this room are pretty good at one, but not necessarily very good at the other. So it's exciting to see opportunities like this.”