The market hype suggests all MSPs should become MSSPs -- perhaps even building their own SOCs (security operations centers) along the way. I respectfully disagree with the hype.
No doubt, all MSPs should offer some basic security capabilities -- gradually but consistently pushing deeper in to the market over the next 12 months. Plus, you should be the first stop for customers' cybersecurity questions.
But before you bet the company on a dedicated, full-blown MSSP practice buildout, ask yourself this question: Has your MSP addressed your customers' basic security needs?
Much like hitting the gym and exercising every day, delivering basic security services -- every day -- isn't always glamorous. But the results can be great for your company and your customer base.
10 Starting Points for Managed Security Services
Where do you you start? According to eSecurity Planet, Gartner analyst Neil MacDonald during a recent conference in Maryland pointed to these 10 basic steps for proper security:
- Upgrade to the latest endpoint protection platform offering, with fileless malware detection, memory injection protection, machine learning, and other features
- Remove administrative rights from Windows users where possible
- Implement an IAM program with automated provisioning and deprovisioning
- Perform regular patch management
- Implement a standardized server/cloud workload protection platform agent
- Implement robust anti-spam technical controls
- Use some form of SIEM/log monitoring solution (basic detection and response)
- Use backup and restore for ransomware protection
- Conduct basic security awareness training
- Improve perimeter security, including URL filtering for internet access.
Of course, MSPs must select multi-tenant solutions -- built precisely for service providers -- to deliver each of the capabilities above.
Next: Build That MSSP Strategy
Once you master those 10 steps, you're likely in really good shape to consider a deeper dive -- perhaps with a full-blown, dedicated MSSP business unit of your own.
As Continuum CEO Michael George has stated: No SMB customer wants to work with an MSP and a separate MSSP security partner. Those customers want one point of contact and one trusted provider tackling business productivity opportunities and data protection.
In my mind, that means MSPs must master the 10 starting points for managed security services immediately. And once those steps are completed, it may be time for those MSPs to somehow build or partner their way into true, comprehensive, enterprise-class managed security services.
PS: Track the MSSP journey on our sister site, MSSP Alert.