Going from MSP to MSSP: 3 Security and Compliance Services to Offer

Help your customers, and capitalize on this mounting business opportunity, by adding security services to your MSP portfolio.

Security Services

As managed services providers (MSPs), security is top of mind for us all, particularly in the wake of recent ransomware attacks impacting MSP solution developers such as Kaseya and IT management software developers, including SolarWinds. But, moving from MSP to a managed security services provider (MSSP) takes more than adding a security layer to your services portfolio. Instead, it requires a measured and strategic application of technology and best practices to ensure you can adequately deliver the protection your customers need without tapping out your resources.

We’ve learned this first-hand. When an insurance company client became infected with ransomware, we had to assess the damage quickly and get our client back up and running as soon as possible, but not before we could validate all systems had a clean bill of health. The infection, which had spread from its parent company due to domain trusts and network integration issues, had encrypted 80% of the organization’s servers, so all services were entirely down. The ransomware event was resolved using fast and effective incident assessment technology and best practices for detection, remediation and recovery, and we could get their business back running with minimal downtime.

This ransomware event has underscored the value of core technologies and practices for our MSSP business. If you are considering evolving your MSP practice to deliver managed security solutions, here are three top services we found to be the most valuable:

Automate IT Risk Assessments – One of the fastest ways to grow a security managed service is to offer regular assessments to mitigate IT risks in your customers’ environment. By providing automated monitoring and scoring, you can improve your clients’ security posture and reduce the likelihood of breaches. While IT risk assessments are a high-value ongoing practice for existing customers, they are also a great way to get a footprint in a new account. They are additionally powerful tools in the event of a breach. For example, effective risk assessments can identify all compromised accounts and track ransomware actions almost step-by-step by quickly delivering detailed reports on unusual behavior.

Pro Tip: Be sure to use a rapid assessment tool that can identify the root cause of the breach in as little as 30 minutes. And test your selected tool thoroughly. Some products may take up to a week to properly diagnose a problem which can put your remediation in a critical spot and your customers at significant risk.

Provide Incident Monitoring and Management – Once an IT risk assessment has helped you to land a new MSSP customer, offer a continuous detection, investigation and response service to monitor their environment for suspicious activity. This service provides very high customer value and can build your recurring managed service revenue meaningfully. Research has found that MSPs that added security managed services increased customer satisfaction by 51% and improved their reputation by 44%.

Pro Tip: Select a security product that can help you streamline processes for detection, investigation and contextual reporting in one tool to minimize your team’s effort and limit the number of disjointed products they need to use. We’ve been able to simplify what was once performed by up to six different tools with hours of manual intervention into a single source of truth using Netwrix Auditor for risk assessments and incident monitoring and management.

Offer Continuous IT Compliance – To deliver additional value for your managed security services, consider helping your customers reduce the time and effort required to prepare for and pass compliance audits. Compliance demands have never been greater, and increasing requirements for regulations such as CCPA, GDPR, CMMC and more create an opportunity for MSPs to deliver new value. This opportunity is growing as IT infrastructure becomes more complex and compliance fines more costly. By helping your customers implement and validate the necessary internal controls across their IT infrastructure, you can ensure they are compliant and prepared before the auditors call.

Pro Tip: Use a compliance solution that can compile evidence in an easy-to-read format and supports compliance with critical frameworks and regulations. By generating compliance reports for your customers, you can help them slash preparation time for audits and deliver a complete audit trail for security investigations. This is a high-value service to further pad your recurring revenue opportunity.

Security threats are a genuine and costly challenge for today’s business. Help your customers, and capitalize on this mounting business opportunity by adding security services to your MSP portfolio. It will accelerate your business and give your customers greater peace of mind.