Content, MSP, Networking, Venture capital

SaaS Security: MSP Opportunities, Challenges Explained

Six SaaS security software startups have a raised a combined $71.2 million in venture capital funding from mid-2020 through April 2021, according to MSSP Alert. The funding wave -- which includes investment dollars from MSP industry veterans and security giants like CrowdStrike -- may trigger a rising-tide opportunity for first-mover MSPs in the cloud market.

Indeed, SaaS security tools allow IT managers, MSPs and MSSPs to discover, properly configure, lock down and monitor SaaS applications such as Microsoft 365, Google Workspace (formerly Google Apps), Salesforce, Workday, Box, Dropbox and more.

No doubt, plenty of MSPs resell Office 365 and its successor Microsoft 365. Thousands of MSPs also wrap third-party email, data protection, backup and disaster recovery (BDR) services around Microsoft 365 and other SaaS applications. But very few MSPs actually monitor, manage and specifically lock down SaaS applications for customers.

SaaS Security Tools: Startups That Received Funding

That's where SaaS security software startups enter the picture. And that picture is growing rapidly. Startups in the market that have raised funding in recent months include:

  1. Adaptive Shield ($4 million seed);
  2. AppOmni ($40 million Series B);
  3. DoControl ($10 million Series A);
  4. Grip Security ($6 million seed);
  5. SaaS Alerts ($1.2 million early stage); and
  6. Torii ($10 million early stage).

Although the SaaS security management market is in its infancy, M&A deals have already started. One prime example: SailPoint Technologies acquired Intello in February 2021. Intello, ahead of the deal, was an early-stage SaaS management company that helps organizations to discover, manage, and secure SaaS applications.

It's a safe bet the major MSP technology platform providers -- names like Barracuda, ConnectWise, Datto, Kaseya and N-able -- are keeping close tabs on this emerging market.

Also of note: MSP-friendly security companies such as Sophos have introduced Cloud Security Posture Management (CSPM) tools. But in most cases, I believe, CSPM tools focus on public cloud infrastructure (IaaS) like Amazon Web Services, Microsoft Azure and Google Cloud Platform -- rather than SaaS-level applications.

SaaS Security Tools and MSPs: Emerging Options

Take a closer look at the funding list above, and only SaaS Alerts has "bet the business" on a pure MSP go-to-market sales model.

Derik Belair, CEO and co-founder, Augment
Derik Belair, CEO and co-founder, Augment
Jim Lippie, CEO, SaaS Alerts

The SaaS Alerts commitment to MSPs appears authentic. Indeed, CEO Jim Lippie is a Kaseya veteran who previously led a well-known MSP (now simply called Thrive). Moreover, multiple MSP industry veterans -- including TruMethods CEO Gary Pica and former ConnectWise President David Bellini -- have invested in SaaS Alerts.

Still, SaaS Alerts isn't alone in the MSP market. Another startup, called Augmentt, has designed a platform for MSPs to "discover, optimize and fully manage SaaS applications." Unlike the companies above, Augmentt has not formally announced any funding rounds. But the company has MSP leadership in its DNA. Co-founders Derik Belair (CEO) and Gavin Garbutt (chairman) are N-able veterans who helped to pioneer the RMM (remote monitoring and management) software market and associated MSP recurring revenue models more than a decade ago.

Another startup, called Zerotek, also is navigating the MSP market. Led by former Level Platforms CEO Peter Sandiford, Zerotek "makes it easy for MSPs to deliver profitable Identity and SaaS management services," the company asserts. Zerotek's technology is powered by Okta's identity management engine.

Sandiford saw the SaaS management opportunity before most SMBs had embraced Office 365. During several conversations with me a decade ago, he described how the MSP market would ultimately evolve toward SaaS management tools that reduce business risk and improve customer experiences (CX). Fast forward to present day, and Zerotek aligns with that vision.

SaaS Security Tools: MSP Challenges, Opportunities

Despite all that MSP experience, the success of Augmentt, SaaS Alerts, Zerotek and other MSP-friendly tools is not guaranteed. Among the challenges ahead: In some cases, MSPs have software tool indigestion. In addition to RMM and PSA (professional services automation),  the typical MSP now juggles multiple cybersecurity, data protection, documentation, and automation tools. Each new tool involves potential complexity as well as a new recurring cost that MSPs need to pass on to customers.

Peter Sandiford, CEO

Amid that reality, startups must clearly show how SaaS security tools provide value to MSPs and the associated MSP end-customers.

Among the potential starting points for MSPs:

  • Build SaaS application audits into your quarterly business reviews (QBRs).
  • Show your customers all of the SaaS applications their company and employees are running; make sure you include the total number of seat subscriptions, and the associated SaaS subscription costs.
  • Determine each customer's risk tolerance for the associated SaaS applications. For instance: Are mission-critical documents stored and shared across Microsoft 365, Google Workplace, Box and/or Dropbox?
  • What's the cost to the business if those SaaS-based documents are lost, stolen, leaked -- or ransomwared?

SaaS Security: Cost Saver, Risk Reducer vs. Cost Center

The journey toward effective SaaS application and security management may involve additional hurdles. For instance, you may discover that customers are running dozens of SaaS applications that you don't care to support.

Still, that complexity also is an opportunity: Through SaaS management tools, you'll likely discover that your customers are overspending for SaaS applications -- paying for too many seats/subscriptions, when some of those SaaS seats are idle or dark every month. Armed with that information:

  • Eliminate wasted seat subscriptions for your customers;
  • consolidate your customers onto fewer SaaS platforms; and
  • pass the potential per-seat monthly savings onto your customers.

The net result: You'll show your customers that SaaS security and SaaS application management are cost savers and risk reducers -- rather than cost centers.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.