Full-time chief information security officers, virtual CISOs and associated technology startups are popping up across the MSP software industry — leading a multi-year journey that is starting to deliver improved MSP industry security and enhanced risk mitigation.

The backdrop: As ChannelE2E warned in 2019, the MSP industry was facing a Judgment Day amid supply chain cyberattacks against software companies and their MSP partners. Things got worse before they got better — as exemplified by the SolarWinds Orion and Kaseya VSA ransomware attack disclosures of December 2020 and July 2021, respectively.

Still, we’re seeing real progress in the MSP cyber market. The evidence:

On the technology front: Two-factor authentication (2FA) is increasingly the norm for MSP-oriented software platforms. Also, cyber resilience platforms increasingly blend security and data protection. And endpoint security has evolved from traditional anti-virus toward Endpoint Detection and Response (EDR). Next up, MSPs are embracing Managed Detection and Response (MDR) and perhaps even eXtended Detection and Response (XDR) — though partners should be careful of the XDR hype wave, which continues to build. On the people and process front – CISO Impact Expands: Meanwhile, MSP software companies are hiring and/or naming CISOs to oversee overall cyber-protection and risk mitigation. The effort extends from infrastructure, data and employee security all the way to software development best practices.

MSP Software Gets Serious About Chief Information Security Officers

Virtual CISOs: MSPs, MSSPs and Software Companies

Meanwhile, the virtual CISO trend is also taking hold across the MSP market. Interestingly, the trend involves people as well as technology.

On the people side, it’s safe to say vCISOs are close cousins to the long-established vCIO trend in the MSP sector. Experts like Gary Pica of TruMethods have long evangelized the need for MSPs to offer virtual CIO services to end-customers — essentially, a trusted advisor to help SMB customers align their business and technology strategies for growth.

Yes, MSPs and MSSPs increasingly have vCISOs. For instance, Trusted Internet — a Top 250 MSSP for 2021 —aligns its project managers with vCISOs to scale its own business.

Meanwhile software startups are jumping on the vCISO trend. For instance, Cynomi has launched a Virtual CISO Platform for service providers and SMBs and $3.5 million in seed funding. The company plans to engage MSPs and MSSPs that want to safeguard SMB customer systems.

Where do we go from here? We’ll be seeking the next round of MSP security questions and answers at the Right of Boom 2022 conference in Tampa, which runs February 9-11.