SaaS Security: MSP Opportunities, Challenges Explained

Six SaaS security software startups have a raised a combined $71.2 million in venture capital funding from mid-2020 through April 2021, according to MSSP Alert. The funding wave — which includes investment dollars from MSP industry veterans and security giants like CrowdStrike — may trigger a rising-tide opportunity for first-mover MSPs in the cloud market.

Indeed, SaaS security tools allow IT managers, MSPs and MSSPs to discover, properly configure, lock down and monitor SaaS applications such as Microsoft 365, Google Workspace (formerly Google Apps), Salesforce, Workday, Box, Dropbox and more.

No doubt, plenty of MSPs resell Office 365 and its successor Microsoft 365. Thousands of MSPs also wrap third-party email, data protection, backup and disaster recovery (BDR) services around Microsoft 365 and other SaaS applications. But very few MSPs actually monitor, manage and specifically lock down SaaS applications for customers.

SaaS Security Tools: Startups That Received Funding

That’s where¬†SaaS security software startups enter the picture. And that picture is growing rapidly. Startups in the market that have raised funding in recent months include:

  1. Adaptive Shield ($4 million seed);
  2. AppOmni ($40 million Series B);
  3. DoControl ($10 million Series A);
  4. Grip Security ($6 million seed);
  5. SaaS Alerts ($1.2 million early stage); and
  6. Torii ($10 million early stage).

Although the SaaS security management market is in its infancy, M&A deals have already started. One prime example: SailPoint Technologies acquired Intello in February 2021. Intello, ahead of the deal, was an early-stage SaaS management company that helps organizations to discover, manage, and secure SaaS applications.

It’s a safe bet the major MSP technology platform providers — names like Barracuda, ConnectWise, Datto, Kaseya and N-able — are keeping close tabs on this emerging market.

Also of note: MSP-friendly security companies such as Sophos have introduced Cloud Security Posture Management (CSPM) tools. But in most cases, I believe, CSPM tools focus on public cloud infrastructure (IaaS) like Amazon Web Services, Microsoft Azure and Google Cloud Platform — rather than SaaS-level applications.

SaaS Security Tools and MSPs: Emerging Options

Take a closer look at the funding list above, and only SaaS Alerts has “bet the business” on a pure MSP go-to-market sales model.

Derik Belair, CEO and co-founder, Augment

Jim Lippie, CEO, SaaS Alerts

The SaaS Alerts commitment to MSPs appears authentic. Indeed, CEO Jim Lippie is a Kaseya veteran who previously led a well-known MSP (now simply called Thrive). Moreover, multiple MSP industry veterans — including TruMethods CEO Gary Pica and former ConnectWise President David Bellini — have invested in SaaS Alerts.

Still, SaaS Alerts isn’t alone in the MSP market. Another startup, called Augmentt, has designed a platform for MSPs to “discover, optimize and fully manage SaaS applications.” Unlike the companies above, Augmentt has not formally announced any funding rounds. But the company has MSP leadership in its DNA. Co-founders Derik Belair (CEO) and Gavin Garbutt (chairman) are N-able veterans who helped to pioneer the RMM (remote monitoring and management) software market and associated MSP recurring revenue models more than a decade ago.

Another startup, called Zerotek, also is navigating the MSP market. Led by former Level Platforms CEO Peter Sandiford, Zerotek “makes it easy for MSPs to deliver profitable Identity and SaaS management services,” the company asserts. Zerotek’s technology is powered by Okta’s identity management engine.

Sandiford saw the SaaS management opportunity before most SMBs had embraced Office 365. During several conversations with me a decade ago, he described how the MSP market would ultimately evolve toward SaaS management tools that reduce business risk and improve customer experiences (CX). Fast forward to present day, and Zerotek aligns with that vision.

SaaS Security Tools: MSP Challenges, Opportunities

Despite all that MSP experience, the success of Augmentt, SaaS Alerts, Zerotek and other MSP-friendly tools is not guaranteed. Among the challenges ahead: In some cases, MSPs have software tool indigestion. In addition to RMM and PSA (professional services automation),  the typical MSP now juggles multiple cybersecurity, data protection, documentation, and automation tools. Each new tool involves potential complexity as well as a new recurring cost that MSPs need to pass on to customers.

Peter Sandiford, CEO, Zerotek

Amid that reality, startups must clearly show how SaaS security tools provide value to MSPs and the associated MSP end-customers.

Among the potential starting points for MSPs:

  • Build SaaS application audits into your quarterly business reviews (QBRs).
  • Show your customers all of the SaaS applications their company and employees are running; make sure you include the total number of seat subscriptions, and the associated SaaS subscription costs.
  • Determine each customer’s risk tolerance for the associated SaaS applications. For instance: Are mission-critical documents stored and shared across Microsoft 365, Google Workplace, Box and/or Dropbox?
  • What’s the cost to the business if those SaaS-based documents are lost, stolen, leaked — or ransomwared?

SaaS Security: Cost Saver, Risk Reducer vs. Cost Center

The journey toward effective SaaS application and security management may involve additional hurdles. For instance, you may discover that customers are running dozens of SaaS applications that you don’t care to support.

Still, that complexity also is an opportunity: Through SaaS management tools, you’ll likely discover that your customers are overspending for SaaS applications — paying for too many seats/subscriptions, when some of those SaaS seats are idle or dark every month. Armed with that information:

  • Eliminate wasted seat subscriptions for your customers;
  • consolidate your customers onto fewer SaaS platforms; and
  • pass the potential per-seat monthly savings onto your customers.

The net result: You’ll show your customers that SaaS security and SaaS application management are cost savers and risk reducers — rather than cost centers.

Return Home



    Jim Lippie:

    The coverage of this emerging category is so important for the MSP community because of the technology transition their customers have made to SaaS applications. MSPs need to be thinking about how they win on this transition instead of falling victim to it. It’s also important for MSPs realize that these new solutions should not be seen as a cost center, but rather an evolution of their revenue generating offering. The key paradigm shifts that are necessary:

    1) Use of SaaS cyber assessments just like “Network Assessments” have been used in the past to identify gaps and opportunity
    2) Use of time, reprioritizing the allocation of time/labor. If every customer is using SaaS applications, if every customer is now storing some of their most sensitive corporate data in SaaS apps, then shouldn’t it be a priority to monitor and protect access to these applications?

    Gavin Garbutt:

    Great article Joe,
    As IT moves to the cloud, almost every SMB needs help choosing the right stack of SaaS applications to maximize employee and corporate performance. This is a massive and exciting new opportunity for MSPs SaaS services: *Consulting, *Audit, *Monitoring, *Security & Compliance, *Admin (on-board / off-board / change management), *License Management, and *Business Process Optimization Services. What will MSPs look like in 5 years?

    Peter Sandiford:

    Thanks for that excellent summary of SaaS and its growing impact on MSPs.

    Some of the biggest immediate MSP opportunities we see are rooted in security. Stolen credentials are at the heart of 80% of security breaches.

    With the growth of SaaS, controlling password and now authentication chaos are immediate opportunities. And passwordless solutions are coming to market this year.

    Helping SMBs control who has access to which SaaS applications is central to security and the foundation for all SaaS management solutions. Managing key processes including secure onboarding and offboarding both workers and applications represent another core SaaS management service that is urgently needed by MSP customers.

    John Harden:

    I love your thoughts here @Joe. SaaS Ops is a whole beast that needs un-raveled, and it’s really going to be great to watch fantastic companies, like yours & Gavin’s, unpack and solve areas of it for the next-generation MSPs.

    @Gavin, I completely agree with your thoughts here. I think that the definition of a “modern MSP” is rapidly changing. Satya Nadella’s comments with his recent CRN interview stating that the world’s GDP for tech is going to double is such good news for partners that embrace Managed SaaS Ops (effectively). No doubt a lot of that growth will be in SaaS tools & automation to drive business growth.

    Customers expect MSPs to solve the biggest & toughest challenges, and as the years have rolled on SaaS Security & Compliance, License/Cost Management, and traditional SaaS Ops needs have cropped up in the SMB/Mid-Market. It’s really exciting times to see Managed Service Providers have an opportunity to not only reduce waste but increase business efficiencies with Managed SaaS Ops!

Leave a Reply

Your email address will not be published.