Learn more about the current MSSP environment and what it takes to succeed
Yet another wave of high-profile cybersecurity data breaches (including EasyJet, Deloitte, and Home Chef) underscore what all MSPs already know: security is one of the most important key functions in the information technology industry, no matter the size of your business or number of employees. If you’ve considered moving your Managed Service Provider (MSP) into the Managed Security Service Provider (MSSP) realm, both the opportunity and the stakes are higher than ever and require careful consideration.
Adding Security to the MSP Experience
Back in December, before the coronavirus pandemic registered on anyone’s radar, Liongard founder and CEO Joe Alapat predicted that 2020 would be the year that many managed service providers would decide whether they would offer increased security measures or continue to outsource to a third party. Now that COVID-19 has abruptly forced a mass migration to telecommuting, keeping employees’ additional personal devices and home networks secure has added more cybersecurity surface area to cover and another layer of complexity to the Managed Service Provider and Managed Security Service Provider spaces.
From a customer standpoint, expectations are on the rise. Of course, there’s a certain baseline expectation that exists already that your Managed Service Provider will be able to handle your business’s customer data responsibly. (If you’re not baking security into your product offerings as an MSP, you’re putting your customers and yourself at risk.) But now, many customers who sign up would like their MSP to become a one-stop-shop for all information technology support, including information security services that protect hackers from accessing sensitive data.
To meet these growing demands, some Managed Service Providers have chosen to branch out into the Managed Security Service Provider space with tiered offerings or package deals that include information security expertise for specific clients. This leads to additional sales opportunities for MSPs but also comes with additional responsibilities and liabilities.
Cyberattacks increasing since the COVID-19 pandemic began, coupled with higher customer expectations, give MSPs something to think about moving forward. With an estimated 68% of major organizations (public and private) planning to increase cybersecurity spending in response to the pandemic, there is undoubtedly an opportunity for MSPs to expand their global cybersecurity services. But it’s not a decision to take lightly.
Operating Procedures for MSSP Success
Prior to joining Liongard, I worked at IT Freedom for 11 years. From the start, our MSP felt we could only serve our customers effectively with standardized endpoint antivirus and off-site cloud backup solutions. Those offerings were non-negotiable in order to cover the unavoidable risks that come with delivering information technology services. As we grew, we gained additional customers in the financial and medical spaces, as well as a number of successful startups. Each of those verticals came with unique security challenges. That’s what drove our growth into the MSSP realm. As security threats got more sophisticated, we knew we had to increase our capabilities, so adding more advanced firewall solutions, endpoint protection, and monitoring to our services was just a natural progression.
The transition went well, but there were certainly challenges along the way—and that’s to be expected for any MSP expanding into more advanced security offerings. Over the years, we ended up building out several of our own security-focused tools simply because packaged solutions didn’t exist at that time.
Fortunately, MSPs today have much richer options for platforms that offer advanced monitoring, change detection, and more—and that’s where Liongard makes an impact. Its automated documentation, custom alert generation, and reporting capabilities eliminate manual tasks, proactively address critical changes and allow MSPs streamlined management of their myriad clients’ environments. And for MSSPs, it provides that solid foundation of visibility and auditability as to how systems are configured and what changed when.
Plan Your Work, Then Work Your Plan
Bottom line: Being an MSSP can mean a lot of different things. Don’t just sign up and jump on the bandwagon because an opportunity exists—FOMO can’t be your business’s driving force. Instead, focus on your MSP’s goals, the specific outcome that you want to deliver to customers, and what will be uniquely compelling about it—then validate that with your MSP’s customer base. The type of customers your company serves—or those you want to serve in the future—will play a large part in your decision as to whether to become an MSSP. Ask yourself, “Will not being an MSSP become a liability for your clients in industries with high data security needs like healthcare, government, and finance?”