Subscribe To Our Daily Enewsletter:

MSP or MSSP? Part 2: How to Decide if it’s the Right Move for You

I previously discussed the current security landscape and my personal experience working for IT Freedom, an MSP that successfully transitioned to an MSSP, in MSP OR MSSP? Part 1: What to Know Before You Make the Leap. Now, it’s time to dive in and consider the pros and cons of making this move for your MSP right now. And regardless of what you decide, I’ll show you how you can easily give your security foundation a major boost with Liongard.

Find your “why.”

Author: Matt Miller, director of product management, Liongard

Don’t just jump on the MSSP bandwagon—think about your current situation, your clients, and why you want to move into the MSSP space. Maybe you have several startup clients where the added visibility of investment and acquisition announcements attract phishing and spearphishing attempts. Or, perhaps many of your clients operate in the healthcare and financial industries, where security is always top-of-mind. Both of these situations applied to IT Freedom when I worked there and drove our decision to add managed security to our menu of services.

Define your “why” and make sure it addresses your unique situation.

Consider the pros and cons.

Pros:

  • Additional revenue. Adding higher levels of security protection undoubtedly has the potential increase your bottom line. According to a recent Forbes article, the global information security and risk management end-user spending are forecast to grow, reaching $174.5 billion in 2022―and that’s less than 2 years away.
  • Today’s reality. Security concerns for organizations of all sizes have been growing for years. And given the unexpected, mass relocation to remote working as a result of COVID-19, the security surface area for most organizations is larger than ever. Even as the economy re-opens and some workers return to office life, the way that organizations look at remote work has changed for the foreseeable future and very probably forever. As organizations of all sizes adapt to today’s reality, they will expect their MSPs and other vendors to adapt to those new needs.
  • Differentiation. MSPs that provide advanced security offerings set themselves apart and fend off competition from other security-focused vendors. With added security services, you’ll be better equipped to provide a turn-key MSP/MSSP experience for your clients—an important aspect for small- and medium-sized customers who may not have a dedicated IT security budget. For many MSP customers, hiring a separate security provider isn’t realistic, so the next best option will be selecting an MSP that they feel can confidently handle their security needs. If that isn’t you, it may be a competitor.
  • Efficiency. Having a single provider handle security as well as other IT needs provides efficiency in delivery and clear lines of accountability, another selling point to customers.
  • Better protection for customers. Last, but certainly not least, you will simply be able to provide a higher quality and more complete service offering to your customers. Every MSP knows that their customers are generally not IT experts—that’s why they hired you. One of the best ways that MSPs can serve their customers and perhaps even a greater good is to provide high-quality security to customers, even if they don’t necessarily understand the need.

Cons:

  • Competition. There are already a lot of experienced MSSPs out there, which may make it tougher to break through as a new security provider. You will need to identify your unique selling proposition and have a realistic sense of how much wallet share you can expect to get from your existing customer base in order to build credibility in the market.
  • Difficulty. Both technically and operationally, it’s difficult to do security well. Operational efficiency and quick customer service can often be at odds with security best practices. It will take both technical talent as well as buy-in from your staff to living by security and compliance policies in order to deliver a complete solution.
  • Distraction. Security is probably already a part of your business, but it may not be your core competency. If, for example, your MSP’s superpower right now is centered around tightly operationalized helpdesk services, a security-focused business unit could be a big distraction from that effort. This is especially true if you have finite resources in terms of staff members, who will need to split their attention between both tasks.
  • Risk. You’re on the hook for all IT and security-related needs for your customers, which can expose you to more liability issues.
  • Expense. Adding security services will likely result in additional expenses, from completing certifications like CISSP to onboarding and training up on new security technologies to hiring additional team members to increasing your marketing budget.

Assess your current position.

After considering the pros and cons of becoming an MSP/MSSP hybrid, you still need to look at the health and position of your MSP. Are you ready to take the next step? You might be, if:

✓You’re technically strong enough to handle the complexities involved in security services;
✓Your MSP has a high level of maturity when it comes to internal processes—precision and 24/7 responsiveness are key; and
✓You have reliable external resources to outsource to, since only large MSPs will likely be able to build out full-blown SOC operations in-house.

On the flip side, if your MSP is very small and/or operationally immature, it will be very tricky to capture MSSP business. This isn’t a reason not to add some additional security offerings to your stack, just be realistic about the type of service you can really deliver on.

Solidify your security foundation.

Whether you go the MSSP route or stick to your MSP’s current offerings, there’s a certain standard of security that all customers expect and all MSPs must provide. Partnering with the right vendors can help you establish a solid foundation and better serve your customers. MSPs who partner with Liongard work more efficiently, accurately and proactively.

First and foremost, we’re committed to maintaining the trust of our customers, staff and partners. We continuously pursue compliance and certification under a variety of advanced security standards and frameworks such as SOC2 certification (Type 1 complete; Type 2 currently underway), NIST accreditation, and compliance standards including HIPAA, PCI, GDPR and FIPS. Our solid security foundation enhances yours.

Beyond how we protect the data entrusted to us by our MSP partners, though, Liongard is a foundational piece of any MSSP’s security toolset. How does Liongard fit into your security practice?

  • Automated Documentation. Living, breathing, up-to-date date documentation gives you and your team unified visibility without needing to log in to separate systems. You cannot manage and secure what you cannot see. We also maintain a historical timeline of system configurations from the moment an inspector is activated, giving you the ability to “go back in time” to answer the critical security-related questions, “What changed, and when?”
  • Custom Actionable Alerts. Set alerts for almost anything, so you can stop digging for data and start digging in. By flagging misconfigurations that don’t align to your security best practices and detecting potential threats and changes to critical security configurations, you can proactively serve your customers and catch security issues early, with tickets sent directly to your PSA. Using Liongard’s alerts can also help you support CIS controls.
  • Reporting and Metrics. Run internal reports in Liongard to perform security assessments across customers, track privileged users and firewall rules, and more. Instead of being at the mercy of your data, Liongard puts you in control.

Our goal is to give you unified visibility and proactive monitoring of your systems. The benefits for the MSP go well beyond security, but the visibility, historical record and proactive alerting provided by our platform are foundational for any serious security practice.

Which direction will you go?

Ultimately, there’s no perfect playbook to becoming an MSSP, and it shouldn’t be a decision you make lightly. It starts with an objective look at what outcome you want to achieve for your customers, followed by a realistic assessment of whether or not you’re in the position to make the move right now.

The current IT landscape offers many advantages to those offering advanced security services, and customers always want to feel confident in your ability to keep their data secure and their systems running. So, whether you’re heading into the MSSP space or sticking to your core capabilities, Liongard is here to help you establish that solid security foundation.
For more on Liongard’s commitment to security and transparency, visit our Trust Center.


Matt Miller is director of product management at Liongard. Read more guest blogs from Liongard here.

Return Home

2 Comments

Comments

    Dustin Bolander:

    Our industry needs to work on getting the MSP part right first, every other new client we have is in horrible shape from their previous MSP being negligent. We are on-boarding a client right now from a national MSP, they got hit by ransomware BAD 3x in the last 6 months. I had a client forward me a sales email from that same MSP this week…bragging about their cybersecurity.

    Matt Miller:

    Hey Dustin – I fundamentally agree with your point, the “MSP or MSSP” bit here doesn’t mean that the two are mutually exclusive. The good MSSPs are driven into that market by being good at the security stuff for their MSP clients and growing from there. There’s a decision point on that really being a core business focus, but the foundational layer has to be there regardless of what you’re calling yourself in the marketplace. Thanks for taking the time to read and comment!

Leave a Reply

Your email address will not be published. Required fields are marked *