Content, MSP, Networking, Small business

Can ConnectWise CEO Solve Managed Security Business Model for MSPs?

It's the two-part question of the year: How can MSPs build successful, profitable managed security services practices -- while helping SMB customers to mitigate risk across their businesses?

ConnectWise CEO Arnie Bellini
ConnectWise CEO Arnie Bellini

ChannelE2E suspects ConnectWise CEO Arnie Bellini and various cybersecurity industry leaders will attempt to solve that two-part riddle during various content sessions here at IT Nation Connect 2018 in Orlando.

The Background: No doubt, thousands of MSPs already sell endpoint security-type offerings. Endpoint security plus proper patch management, monitoring and business continuity services can go a long way toward mitigating numerous risks for MSPs and their SMB customers.

But the cyberthreat landscape is now filled with widely available hacker tools and state-sponsored threat actors. That means every SMB network and every MSP monitoring system is now a potential target. As a result, MSPs need to up their games. And that introduces a range of business model, talent and technology challenges.

Will All MSPs Become MSSPs? (Nope)

Some pundits believe all MSPs will become MSSPs. I don't fully subscribe to that mindset, despite the fact that ChannelE2E has a sister site aptly called MSSP Alert. Instead, I firmly believe that all MSPs need to push deeper into security -- but most won't become true MSSPs.

Why not? The simple reason involves economics: To build out a dedicated security operations center (SOC) and deep MSSP expertise, the typical MSP would need to spend a combined $3 million on talent and tools, ChannelE2E estimates. Since the average MSP at IT Nation generates about $4 million or so in annual revenues (I think...), there's no way we should expect those companies to invest $3 million into a complete MSSP practice and associated cyber-service build outs.

Simply put: Traditional MSPs in the SMB sector can't afford to keep up with the world's Top 100 MSSPs, and thousands of additional MSSPs worldwide.

ConnectWise's Managed Security Services Answer

So how will ConnectWise help MSPs and technology solutions providers go deeper into security? The two-part answer likely involves partnering and automation through APIs. Bellini has been dropping hints about the emerging strategy for about a year. And recent ConnectWise business moves begin to paint a promising picture for MSPs.

Among the clues so far:

A Cybersecurity Framework for MSPs?

Ultimately, ConnectWise wants to promote a cybersecurity framework for its ecosystem partners.

Leverage the framework, and you essentially gain a Rosetta Stone that allows you to speak a common language with your customers. The common language, by the way, doesn't involve jargon acronyms like MSP-to-MSSP. Instead, it's all discussing risk management with your customers.

What About the Financial Math? Bellini knows MSPs and technology solutions providers, for the most part, can't afford to go hire a bunch of security analysts. Nor can those businesses buy $1 million or more in security technology. Instead, he wants to work with a range of SMB-centric security tools that plug into ConnectWise Manage and ConnectWise Automate. Then, he wants to deliver those offerings in a consumable, affordable way for partners.

That's my thesis about ConnectWise's security strategy so far. But of course, I've left our major details -- simply because I really don't know them.

I don't know how the pricing model and associated margins will work. I don't know which third-party SOC services will emerge as industry standards for MSPs. And frankly, I really don't know what Bellini will say on stage during his keynote on Thursday.

I'm sure he'll touch on a range of topics -- and security is bound to pop up somewhere in the presentation. (Fingers crossed...)

ConnectWise Competitors

New VeriShip CEO Michael George

Of course, ConnectWise isn't the only company trying to solve the technology and business riddles that challenge so many MSPs in the security market. Among the major moves over the past year:

  • Continuum CEO Michael George has bet his business on a portfolio of managed security services designed for MSPs. Numerous talent hires, a tuck-in CARVIR acquisition, plus relationships with SentinelOne and EventTracker essentially transformed Continuum into a master MSSP with SOC services that MSPs can leverage. Plus, the company has already built a cybersecurity business guide for MSPs to leverage.
  • SolarWinds MSP, in stark contrast, isn't trying to become a SOC provider or MSSP. Instead, the company acquired Trusted Metrics -- and now owns SOC and threat monitoring software technology. Armed with that software, SolarWinds is now training a handful of MSSPs as threat monitoring service providers. Over time, SolarWinds will call on its smaller MSP partners to potentially partner with those larger, more established MSSPs.
  • No doubt, Kaseya and Datto also have various security and data protection solutions. But so far, I don't believe those companies have announced a formalized go-to-market effort that plugs MSPs into SOC technologies, SIEM systems or third-party MSSPs.

The Larger MSSP Landscape

The thoughts I've shared above focus mainly on how MSPs in the SMB sector will tackle managed security services -- hopefully, in a profitable manner. But that's only one piece of the much larger MSSP pie. Dozens of software and hardware vendors are now chasing that pie.

A few examples:

CyberArk CEO Udi Mokady

The challenge? Many of those products have enterprise-class price tags and complexity. Few were designed with small business MSPs and the associated economics in mind. Companies like ConnectWise, Continuum and SolarWinds MSP, among others, are working to change that.

I suspect Bellini and cybersecurity sources here at IT Nation will touch on those very points during their sessions in a few hours. Stay tuned.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.