Source: securityboulevard.com – Author: Michael Vizard
Amazon Web Services (AWS) this week revealed it has added new categories for describing offerings provided by partners offering managed services security providers (MSSP) as part of an effort to ensure a more consistent customer experience.
Announced at the AWS re:Inforce 2025 conference, this update to the AWS MSSP Competency program adds specific categories such as infrastructure security, workload security, application security, data protection, identity and access management, incident response and cyber recovery to the AWS partner program.
Ryan Orsi, head of the worldwide Cloud Foundations Partners program at AWS, said that after reviewing the existing program, it became apparent there was a need to clarify what types of cybersecurity services partners have demonstrated an ability to actually deliver. AWS to help ensure the quality of the services requires each partner to prove they have worked with at least one customer to successfully implement them before they can join the AWS MSSP Competency program, through which the cloud service provider promotes partner services across its customer base. In effect, AWS is now raising the bar, noted Orsi.
Previously, there was a level of inconsistency in the quality of the services provided simply because there wasn’t enough focus on different types of services that require specialized expertise, noted Orsi.
The changes to the AWS MSSP program come at a time when more organizations are relying to some degree on a managed service for one or more security functions, primarily because finding and retaining the cybersecurity professionals to manage those tasks remains a significant challenge.
The issue that organizations encounter when engaging with MSSPs is that while they all claim to be one, the quality of the services provided can vary widely. Some MSSPs may simply be reselling a set of managed services provided by other entities that they, in turn, rely on to actually provide that capability. In some instances, that approach makes it simpler to aggregate various services that might be required, but the MSSP isn’t likely to have the same ability to conduct a forensics investigation into a specific threat using cybersecurity professionals that are staffing a security operations (SOC) center.
Each organization will, of course, need to determine to what degree to rely on external versus internal cybersecurity expertise. Very few organizations, however, have the financial resources required to address all their cybersecurity requirements by relying solely on their own full-time employees. The issue is that not all MSSPs are the same, so the capabilities provided need to be carefully evaluated.
Longer term, of course, a much wider range of cybersecurity tasks will be automated using multiple types of artificial intelligence (AI) technologies. The degree to which those advances might reduce the need to rely as much on external service providers is unclear, but the one certain thing is that the total cost of cybersecurity should, in the months and years ahead, steadily decline. That doesn’t mean there won’t be a need for cybersecurity professionals, but it does mean that as roles evolve in the age of AI, the economic equation used for determining which tasks are going to be performed by whom, or what, is about to fundamentally change.
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2025/06/aws-raises-expertise-bar-for-mssp-partners/?utm_source=rss&utm_medium=rss&utm_campaign=aws-raises-expertise-bar-for-mssp-partners
Category & Tags: AI and Machine Learning in Security,Cybersecurity,Featured,News,Security Boulevard (Original),Social – Facebook,Social – LinkedIn,Social – X,Spotlight,AWS re:Inforce 2025,Customer Experience,cx,MMSP – AI and Machine Learning in Security,Cybersecurity,Featured,News,Security Boulevard (Original),Social – Facebook,Social – LinkedIn,Social – X,Spotlight,AWS re:Inforce 2025,Customer Experience,cx,MMSP
Views: 1
