MSP or MSSP? Part 1: What to Know Before You Make the Leap
Yet another wave of high-profile cybersecurity data breaches (including EasyJet, Deloitte and Home Chef) underscore what all MSPs already know: security is one of the most important functions in the IT industry, no matter the size of your company. If you’ve considered moving your Managed Service Provider (MSP) into the Managed Security Service Provider (MSSP) realm, both the opportunity and the stakes are higher than ever and require careful consideration.
Assessing the Current Security Landscape
Back in December 2019, before the coronavirus pandemic registered on anyone’s radar, Liongard founder and CEO Joe Alapat predicted that 2020 would be the year that many MSPs would decide whether they would offer increased security measures or continue to outsource to a third-party. Now that COVID-19 has abruptly forced a mass migration to telecommuting, keeping those additional personal devices and home networks secure has added more security surface area to cover and another layer of complexity to the MSP and MSSP spaces.
From a customer standpoint, expectations are on the rise. Of course, there’s a certain baseline expectation that exists already that your MSP will be able to handle customer data responsibly. (If you’re not baking security into your product offerings as an MSP, you’re putting your customers and yourself at risk.) But now, many customers would like their MSP to become a one-stop shop for all IT needs, including security services.
To meet these growing demands, some MSPs have chosen to branch out into the MSSP space with tiered offerings or package deals that include security expertise for specific clients. This leads to additional sales opportunities but also comes with additional responsibilities and liabilities.
Cyberattacks increasing since the COVID-19 pandemic began, coupled with higher customer expectations, give MSPs something to think about moving forward. With an estimated 68% of major organizations (public and private) planning to increase cybersecurity spending in response to the pandemic, there is certainly an opportunity for MSPs to expand their security offerings. But it’s not a decision to take lightly.
A Blueprint to MSSP Success
Prior to joining Liongard, I worked at IT Freedom for 11 years. From the start, our MSP felt we could only serve our customers effectively with standardized endpoint antivirus and off-site cloud backup solutions. Those offerings were non-negotiable in order to cover the unavoidable risks that come with delivering IT services. As we grew, we gained additional customers in the financial and medical spaces, as well as a number of successful startups. Each of those verticals came with unique security challenges. That’s what drove our growth into the MSSP realm. As security threats got more sophisticated, we knew we had to increase our capabilities, so adding more advanced firewall solutions, endpoint protection and monitoring to our services was just a natural progression.
The transition went well, but there were certainly challenges along the way—and that’s to be expected for any MSP expanding into more advanced security offerings. Over the years, we ended up building out several of our own security-focused tools simply because packaged solutions didn’t exist at that time.
Fortunately, MSPs today have much richer options for platforms that offer advanced monitoring, change detection and more—and that’s where Liongard Roar makes an impact. Its automated documentation, custom alert generation and reporting capabilities eliminate manual tasks, proactively address critical changes and allow MSPs to stay on top of their myriad clients’ environments. And for MSSPs, it provides that solid foundation of visibility and auditability as to how systems are configured and what changed when.
Plan Your Work, Then Work Your Plan
Bottom line: Being an MSSP can mean a lot of different things. Don’t just jump on the bandwagon because an opportunity exists—FOMO can’t be your driving force. Instead, focus on your MSP’s goals, the specific outcome that you want to deliver to customers and what will be uniquely compelling about it—then validate that with your customer base. The type of customers you serve—or those you want to serve in the future—will play a large part in your decision to become an MSSP. Will not being an MSSP become a liability for your clients in industries with high security needs like healthcare, government and finance?
A solid plan and an even firmer foundation will be the keys to your MSP’s success if you want to make the leap into the MSSP space. If you’re still on the fence about your next move, stay tuned for MSP or MSSP? Part 2: How to Decide if You’re Ready. I’ll cover the pros and cons of making this transition, as well as how to solidify your security foundation for your customers, regardless of whether you stick to your MSP’s core competencies or branch out further.
Until then, visit our Trust Center to learn more about how Liongard’s got your back when it comes to security, privacy and compliance standards.
Author Matt Miller is director of product management at Liongard. Read more Liongard guest blogs here.