Increasing focus across the industry in Security as a Service is a massive opportunity to MSPs providing they can tool and skill up fast enough to take advantage of this wave.
This should be straightforward; they have the devices and data under management; they know the customers; and they probably already offer a certain degree of IT security services bundled up with their managed services contracts. However, that doesn’t make them an MSSP and so still leaves their customers vulnerable not only to attack but also poaching by security consultants who are approaching this market from the other direction. Also watch out for MSPs who have already managed this transition.
So, what does it take? Below we summarise the four key gaps to address:
- There will be skill and knowledge gaps as dealing with the threats takes specialist knowledge, which can be difficult and expensive to hire in. Staff training and some recruitment will be key to achieving competence. Part of being an MSSP involves offering consultancy services, business change management and design and implementation of security compliance frameworks - very different skills to usual MSP technical staff. However, the resulting security analysts command far higher charge rates and so the investment will pay off
- They will probably operate a NOC, but this needs to be enhanced and increased in coverage hours to be able to also operate as a 24/7 SOC, combined and supported by the use of an SIEM offering (a combination of software, devices and services) to enable threats to be identified, avoided and then ultimately handled successfully
- They need procedures for dealing with incidents, so mature and practiced remediation management for handling breaches, ransomware attacks and data loss, smoothly combined with their existing core backup services. The more mature and clearly proceduralised these remediation services become, the more likely the providers can achieve accreditation, a major marketing pillar
- Services offerings must be well articulated and separately designed. Customer awareness and training is much more important and 24/7 operation (in some form) will be key to credibility
Supplemental to this, for MSPs who provide expertise in specialised verticals (law, education, healthcare etc), it is a requirement to have a comprehensive knowledge of the compliance and reporting governance frameworks and legislation that apply to the industries they serve, so that their role in breach management procedures can be demonstrated to comply.
Becoming a capable and successful MSSP is a journey not a switch, but your revenue will benefit as will your customers. The MSP will benefit by achieving more stickiness in their customer base and higher earnings. Plus, even medium-sized enterprises can’t generally afford in-house specialists who are good enough to protect them. They will benefit from having a single point of contact and the economies of scale delivered by outsourcing a service.
About the Author: Harmony Business Systems Ltd (HBS) is the company behind HarmonyPSA, the most complete cloud PSA software on the market. Developed with functionality to cater for even the most complex needs of MSPs, VARs, ISVs and Professional Services organisations, HarmonyPSA truly is the next generation of PSA systems. HBS is an independent company based in the UK. Follow HarmonyPSA on Twitter