Managed service providers (MSPs) find themselves in a difficult position as their clients’ needs shift to meet the demands of an always-on, commerce and data-driven digital infrastructure. The original MSP mission was to meet uptime demands of service level agreements. If an MSP kept the client up and running, took care of hardware issues, and made sure things operated smoothly, his job was complete. Today, MSPs are getting stretched thin with new demands that require new tools, new knowledge, new certifications, and new skill sets.
Today, businesses of all types are under pressure to provide continuous business functionality while also assuring the security of their customers’ digital footprint. MSPs must be able to provide their clients with guidance and services that meet the requirements of new government regulations. They must be able to answer questions about the latest malware and malicious activities of cybercriminals. They must understand how to protect their clients from data loss due to phishing attacks, ransomware, CEO fraud, USB attacks, vishing attacks, and more.
In reality, this is not the job of an MSP. It is the job of an MSSP (managed security services provider). However, the line between the two is becoming increasingly blurred. This has driven MSPs to change their service portfolios to include security offerings, such as antivirus, encryption, and backup. While these services have helped bridge the gap for many, the requirement for more robust security solutions due to more advanced threats, increased malicious cyberactivities, and regulatory requirements has pushed MSPs beyond their traditional comfort zones.
Security: the driving motivation of the 21st century
As we look forward, it would appear the inevitable is upon us. We cannot turn back the hands of time. Security in all its forms will be the driving motivation behind much of what transpires in the 21st century. As people, companies, communities, and nations seek to be free from fear, uncertainty, and doubt, they will seek security. They will seek it in every aspect of their lives. Security is what will allow us to move forward with clarity and confidence, and the security of our digital lives is critical to the stability of our way of life.
So, how, as MSPs, do we make the transition to MSSPs? What makes sense for our businesses? How long can we survive offering MSP services alone? Will our customers wait for us to catch up or will they seek other services? These are all questions MSPs must be asking themselves as security begins to take centre stage in our digital lives.
There are two important steps MSPs should take to help them make the transition to MSSP.
1/ Invest time and money into developing the necessary tools and people
While many MSPs are making these investments, others do not have the resources to complete the task. It is important to remember that becoming an MSSP is in many ways a totally different to being an MSP.
Unless you are very lucky, you will need to invest in talent. Talent in the cybersecurity sector is in high demand. It is expensive and hard to find truly qualified people. Then you will need to invest in tools. Security tools are typically developed for enterprise clients. There are tools available for the SMB market, but they must be integrated to achieve a viable security stack. Finding a balance between the tools that your clients need to remain secure and the price point that will enable them to buy can be a daunting task.
2/ Consider strategic partnerships
As an MSP, who do you do business with that has the tools and services available that you can use to supplement your current services?
Can you partner with them to begin the process of providing security solutions to your clients? Do partner companies have engineers that you can use or training programs that will allow you to learn as you go? What kinds of products and services do you need to get started? Can you layer your security services on top of your MSP services to create a solution that will work for your SMB customers?
Using strategic partnerships to begin to build your security services is an excellent option for MSPs that do not have the immediate resources to build out their own solutions. However, understanding what your clients need and what they can afford is essential before beginning the process.
Taking a layered approach to security
The starting point is to determine the basic security needs of your client base. What do they need to be protected from the most common security problems facing all businesses today? Most MSSPs will tell you the best option is to offer a layered security approach. This means utilizing various tools to protect them at different points while they are connected. The primary rule to always consider when talking to a client about security is “if you are going to be connected… you must be protected!” Remember that SMB clients resist change for a variety of reasons, but the statistics don’t lie: 60% of all SMBs that suffer a breach are out of business in six months.
The future viability of your business may depend on your ability to change and adapt. The ability to protect your clients from the onslaught of malicious cyberactivity taking place today may be the differentiator you need to continue to grow and prosper. Take some time to think about the future of your company. Will it need to transition to stay viable? If the answer is yes, there are resources that can help you through the process. You should start by reaching out to your current suppliers to see if they can help.
Rick Miller is COO and Partner of The Tek, an MSSP specializing in risk assessment, risk mitigation, protection, and education to SMBs. Rick is a long-term veteran in the IT industry. His success has been founded in propelling start-ups and turnarounds to success and profitability. His experience has helped to grow multiple companies from start-up to profitability.
To find out more about how SolarWinds MSP can help you protect your data, click here.