MSPs’ Identity Crisis: Where Do They Go From Here?

MSPs are facing an identity crisis: As customer demand shifts from traditional IT services to advanced security offerings, how can MSPs transition services to address the evolving security needs of their customers?

IDC recently reported that by 2026, 75% of organizations will shift from traditional MSPs to providers that deliver integrated security, cloud, and AI operations—a sign that demand is outpacing legacy definitions. With the collapse of on-premises infrastructure and the rise of cloud-first environments, traditional MSP models are being redefined by more security- and AI-centric approaches.

“Every customer is demanding cybersecurity,” Doug Ford, VP, Solutions Portfolio and Technical Readiness at All Covered, told ChannelE2E. “I don't know that customers are coming to the table and specifying, ‘I really need an MDR, an EDR, an XDR solution,’ but instead they’re reading about all these companies getting hacked, and saying, ‘I need to make sure my data and my infrastructure and my employees are safe. Can you help me?’”

Today's ecosystem really requires advanced MSSP services, Ford added, as bad actors and attackers become increasingly skilled at breaching defenses. Add to that the need for telemetry data management and MSPs are understandably struggling to figure out who they are, he said. As remote monitoring, infrastructure management, and SOC management begin to merge with telemetry data, the resources that do the work are still very different, he said.

“For years, the focus of the MSP was to take in all this telemetry data from remote monitoring and management (RMM), make sense of it, and quickly respond to any outages, servers down, internet connections down, failures,” Ford said. “Now, with security, the amount of telemetry data coming from various devices and tools and platforms – I feel bad for the defensive security folks, because they could look at millions and millions of potential issues, and if they miss one, they're the bad guys!” he said.

The old cliché certainly applies, Ford said, that the ‘good guys’ have to be right a million times, whereas the ‘bad guys’ only have to be right once to infiltrate a system.

“This is the friction: Having systems in place and people capable of taking in all this telemetry data, eliminating the noise, looking for indicators of compromise that are worth digging into, and then doing threat hunting is a completely different skill set than MSPs have ever had in the past,” Ford said. “Knowing what they're looking for, knowing what the signs are, and then what actions need to be taken, and doing this all very quickly, this is not something that can be done over a period of days or weeks. By then, it's too late. It requires a very different portfolio, a very different skill set,” he said.

Evolving Solutions and Services

The nomenclature is less important than making sure they are evolving their solutions and services delivery to address the needs of their customers.

“Clients don’t care what you’re called – an MSP, an MSSP, a TSP, a CSP. What they’re interested in is the services you’re delivering and the efficacy of those services,” he said.

Ford emphasized that adding managed security services like MDR, EDR, XDR, patch management, and security awareness training can be huge for MSPs, noting that small business customers often lack the budget for these services. Ford also stressed the criticality of cyber resilience, including air-gapped backups and quick incident response.

Transitioning Services and Delivery

So, how can MSPs transition services to address the evolving security needs of their customers?

That starts with understanding what specific skillsets are needed to address customers needs, Ford said. When it comes to go-to-market strategy, he said, many MSPs have to solve that mystery before they can accurately position themselves.

“I was at an event with about 20 MSPs, and the question came up around the go-to-market strategy, and whether or not that was MDR, MDR, XDR, or the next big thing,” he said. “And more and more customers are saying, ‘Oh, we want XDR.’ Well, to be a true XDR provider requires a significant amount of skill, capability, platforms and tools, and many of our competitors are coming to market with what they call XDR, but it's really not an XDR solution. I think customers are confused about what it is they really need to protect themselves, and MSPs and MSSPs have to jump in to fill that gap,” he said.

Understanding that a cyberattack or breach – a ‘boom’ event – is an ‘when, not if,’ scenario, is also crucial, Ford said. MSPs and MSSPs should emphasize cyber resilience to their customers, too, he added.

"So you're going to have a boom event. The question is, on the left side of boom, what do you need? What's the level of efficacy within your business based upon whether you have any on-premises infrastructure, what type of technology, etc. And then, how do you protect your cloud data? How do you protect your cloud assets? How do you ensure that your authentication and identity are being properly protected without going overboard? And then when that boom event occurs, what happens? Do you have all of your corporate assets and data backed up? Is it air-gapped? How do you recover and restore from that? So I really think we've entered a stage of cyber resilience, as opposed to cyber protection, and that right of boom becomes critically important,” he said.

There’s also work to be done to get C-level executives to understand the realities in the IT industry, Ford said. Whereas in the past, the message was about complete protection against attacks, that’s not realistic in today's cybersecurity landscape, he added.

“The message is no longer, ‘We're going to protect you,’ the message is ‘We're going to prevent as long as we can and then detect when it happens. When we detect it, we're going to respond as quickly as we can to restore you back to where you need to be. That's the cyber resiliency story,” he said.  

For MSPs and MSSPs, there are a few non-negotiables they should be emphasizing with customers: Patch management, EDR/managed antivirus, security awareness training and MDR/managed firewall, Ford said. But there are other security services MSSPs and MSPs can provide, depending on customers’ budget.

“Vulnerability scanning is one – though I think there are some misunderstandings about this versus patch management,” he explained. “Patching means the vendor has identified something that's wrong with the software or operating system, and they have proactively created a patch and made it available to the public to download and install. A vulnerability is very different. For example, if we ran a vulnerability scan against newly installed Windows servers, those Windows servers would be vulnerable to certain SSL vulnerabilities that are built into that operating system from day one, and you have to go find a patch, download and install it. Most businesses don’t know that; vulnerability management means we’re going to scan across your network, we're going to sit with you and prioritize these vulnerabilities to tell you which ones to address right now. And then, lastly, vulnerability remediation, which is the actions that will be taken to eliminate the vulnerabilities within your network,” he said.