Should MSPS Become An MSSP
Should MSPs become an MSSP?
Should MSPs add an extra ‘S’ and become an MSSP?
Most MSPs these days offer some form of security, such as using their core RMM to provide anti-malware/anti-virus, manage patches, and mitigate attacks. Despite these critical security offerings, not all MSPs have or specifically promote specific security services and have a dedicated security practice.
However, with cyber threats ever on the rise, the move by MSPs to Managed Security Services Provider (MSSP) is a strong one. Before we explain why, let’s get our language straight, as there is a variety of definitions of MSSP floating around.
What is an MSSP?
Large enterprises often contract with MSSPs, and often these are the mega-players who initiated the concept, including IBM, AT&T, Verizon, BT and CenturyLink. In fact, many define MSSPs as these large (and often expensive) vendors that can offer a deep and broad swath of services – soup to nuts protection and security monitoring for the most demanding of enterprises.
Nowadays, there are new MSSPs that are not huge service providers, but smaller solutions providers building their own style of deep security practices.
Here are how MSP Alert sees it:
- “An MSP offers a range of services — typically managing on-premises and cloud services for customers. Somewhere within that service catalog, the MSP typically offers some security services — perhaps endpoint, network and/or cloud security.
- An MSSP goes the extra yard. They go all in on security. In the MSP’s case, it may involve building out a far more comprehensive security practice. It may involve building out a dedicated security practice or spinning off a business.”
Meanwhile, Gartner says that managed security services (MSSs) are "the remote monitoring of security events and security-related data sources, or the management of IT security technology along with security event monitoring, delivered via shared services from remote security operations centers (SOCs), not through personnel on-site nor remote services delivered on a one-one basis to a single customer."
Why do SMBs Need an MSSP?
Not all SMBs need the level of service from the IBMs and BTs, and few can afford them. Nevertheless, for SMBs, security has gotten too complex for their already stressed IT staffs to fully manage. They are at great risk as the threats from cybercriminals get worse every year, and the damage that they do is ever deeper.
Smart SMBs already have an MSP to provide essential security. Here is where you can upsell fuller richer sets of services as an MSSP. Moreover, once you become an MSSP; you can go after new clients that need both MSP and MSSP offerings.
The Economics of Managed Security Services
Managed Security Services are sold at a premium, so the fundamental economics are sound from the beginning. Adding to that is the fact that demand is growing. Here are some data points:
A recent CRN report noted that “Gartner said it now predicts the worldwide information security market will reach $86.4 billion by the end of 2017, up 7 percent year-over-year. That growth will continue in 2018, the report said, with the market hitting $93 billion. Gartner said there is a particular opportunity around security services, saying that area is the fastest growing segment of the security market,” CRN wrote. “The research firm said those services include IT outsourcing, consulting, and implementation services. Gartner also said there is a growing opportunity around managed security services as companies look to develop a more mature security program and look to outsource more of those capabilities. Gartner said 40 percent of all managed security services contracts will be bundled with other security services and IT outsourcing projects by 2020.”
CRN reached out to a solution provider to get their take, talking to Ted Clouser, executive vice president of Little Rock, Ark.-based PC Assistance. “He is "absolutely" seeing more opportunity around managed security services than ever before. He said his company fully embraced the MSSP model about a year and a half ago and it is "beginning to really take off,” CRN reported.