Going from MSP to MSSP: 3 Security and Compliance Services to Offer

Help your customers and capitalize on this mounting business opportunity by adding security services to your MSP portfolio.

Security Services

As managed services providers (MSPs), security is top of mind for us all, particularly in the wake of recent ransomware attacks impacting MSP solution developers such as Kaseya and IT management software developers including SolarWinds. But, going from MSP to a managed security services provider (MSSP) takes more than simply adding a security layer on top of your services portfolio. It requires a measured and strategic application of technology and best practices to ensure you can properly deliver the protection your customers need, without tapping out your own resources.

We’ve learned this first-hand. When an insurance company client became infected with ransomware, we had to assess the damage quickly and get our client back up and running as soon as possible, but not before we could validate all systems had a clean bill of health. The infection, which had spread from its parent company due to domain trusts and network integration issues, had encrypted 80% of the organization’s servers, so all services were completely down. Using fast and effective incident assessment technology and best practices for detection, remediation and recovery, the ransomware event was resolved, and we were able to get their business back running with minimal downtime.

This ransomware event has underscored the value of core technologies and practices for our MSSP business. If you are considering evolving your MSP practice to deliver managed security solutions, here are three top services we found to be the most valuable:

Automate IT Risk Assessments—One of the fastest ways to grow a security managed service is to offer regular assessments to mitigate IT risks in your customers’ environment. By providing automated monitoring and scoring, you can improve your clients’ security posture and reduce the likelihood of breaches. While IT risk assessments are a high-value ongoing practice for existing customers, they are also a great way to get a footprint in a new account. They are additionally powerful tools in the event of a breach. By quickly delivering detailed reports on unusual behavior, effective risk assessments can identify all compromised accounts and track ransomware actions, almost step-by-step.

Pro Tip: Be sure to use a rapid assessment tool that can identify the root cause of the breach in as little as 30 minutes. And test your selected tool thoroughly. Some products may take up to a week to properly diagnose a problem which can put your remediation in a critical spot and your customers at significant risk.

Provide Incident Monitoring and Management—Once an IT risk assessment has helped you to land a new MSSP customer, offer a continuous detection, investigation and response service to monitor their environment for suspicious activity. This service offers very high customer value and can meaningfully build your recurring managed service revenue. Research has found that MSPs that added security managed services increased customer satisfaction by 51% and improved their reputation 44%.

Pro Tip: Select a security product that can help you streamline processes for detection, investigation and contextual reporting in one tool to minimize your team’s effort and limit the number of disjointed products they need to use. We’ve been able to simplify what was once performed by up to six different tools with hours of manual intervention into a single source of truth using Netwrix Auditor for risk assessments as well as incident monitoring and management.

Offer Continuous IT Compliance—To deliver further value for your managed security services, consider helping your customers reduce the time and effort required to prepare for and pass compliance audits. Compliance demands have never been greater and increasing requirements for regulations such as CCPA, GDPR, CMMC and more are creating an open opportunity for MSPs to deliver new value. This opportunity is growing as IT infrastructure becomes more complex and compliance fines more costly. By helping your customers implement and validate the necessary internal controls across their IT infrastructure you can ensure they are compliant and prepared before the auditors come to call.

Pro Tip: Use a compliance solution that can compile evidence in an easy-to-read format and supports compliance for key frameworks and regulations. By generating compliance reports for your customers, you can help them slash preparation time for audits and deliver a complete audit trail for security investigations. This is a high-value service you can use to further pad your recurring revenue opportunity.

Security threats are a very real and costly challenge for today’s business. Help your customers and capitalize on this mounting business opportunity by adding security services to your MSP portfolio. It will not only accelerate your business but also give your customers greater peace of mind.