Too often, companies have the misconception that when they dump everything onto the cloud or a SaaS provider, they are absolved of the security duties they traditionally carry out for on-premises infrastructure. Microsoft 365, for example, provides a wide range of security and data replication features to ensure the availability of data. However, data protection is not part of the service, covered instead by Microsoft’s model of shared responsibility between customers and their service providers.
This gap in Microsoft 365 data protection coverage offers a revenue growth opportunity for managed service providers (MSPs). Smaller MSPs also have the opportunity here to team up with an experienced partner to provide data protection services.
There is a significant upside here: data protection is part of a larger cybersecurity market that McKinsey& Company notes is basically there for the taking: “As a result, the gap today between the $150 billion vended market and a fully addressable market is huge. At approximately 10 percent penetration of security solutions today, the total opportunity amounts to a staggering $1.5 trillion to $2.0 trillion addressable market.”
McKinsey sees the mid-market segment as a great opportunity for MSPs and encourages vendors to adopt a clear partnership strategy with MSPs, the expected results are a more robust service layer, better customer outcomes, more revenue for all in the channel and stronger collaboration in creating “mid-market friendly solutions.”
Adding Microsoft 365 Data Protection
With Microsoft 365 in widespread use in businesses, there are plentiful opportunities for cyberattacks. Ransomware can enter an organization through emails, website corruption, Excel, and popular applications like OneDrive and SharePoint. Basically, if data is flowing within the organization, there can be the opportunity for a breach, with any number of applications or cloud services as the entry point.
To add data protection services, an MSP can begin with an assessment of threat points in a customer’s 365 deployment, then develop a data protection strategy, and provide advanced backup and recovery services to help customers improve their threat defense.
A multi-dimensional threat assessment can include:
- The level of cyberhygiene, i.e., Zero trust, multi-factor authentication, privilege management, access controls
- Whether sufficient automation exists to identify anomalous behavior on the network and to quickly contain the threat as needed
- Weakest threat points; highest vulnerabilities
- History of any data breaches
- Current assets stored on-premises versus in the cloud
- The scope and user environment of 365 applications
- Structure of the workforce – whether hybrid, on-premises or remote
- Endpoint security – use of personal devices; protection of user profiles, up-to-date monitoring of employee roles and responsibilities with an eye toward correct application access
Backup and Recovery
This portrait of threat vulnerabilities, existing security processes in play, and where and how a workforce uses assets gives MSPs the details to create a 365-threat defense strategy. Customers may question whether improved backup and recovery should be provided by an MSP. The reality is, given the shortage of qualified security personnel and the 24×7 complexity of executing a solid backup and recovery system capable of handling a hybrid cloud and hybrid workforce, an MSP is a preferred solution. Rather than relying on hard-to-find backup administrators, customers can benefit from a team of data protection experts managing the business’s security posture.
The types of backup and recovery services MSPs can offer include:
- Microsoft 365 Backup-as-a-Service (M365 BaaS) delivers end-to-end data protection for the Microsoft productivity environment to provide compliant backup of data and applications so users can remain productive and businesses can ensure continuity. Benefits of the service include customization services, specialized compliance optimizations, 24×7 data protection and managed backup security.
- Backup-as-a-Service (BaaS) backs up to the cloud and eliminates the on-premises storage capacity discussion entirely, as scale can be easily accommodated using cloud resources.
- Disaster Recovery-as-a-Service (DRaaS) has the benefits of less cost, more flexible recovery, and the ability to do threat testing by spinning up scenarios in the cloud. It also cancels the need for local backup storage.
The as-a-service options appeal to customers since they can control costs, bypassing the high cost of on-premises storage and backup cost; testing and updates are automated and handled by the MSP; deployment is quick and less complex than a local solution, and staff IT admin time is comparatively minimal.
Protection + Revenue = Market Position
The popularity of Microsoft 365, and the gaps in data protection, create an excellent opportunity for MSPs to capture more of the underserved cybersecurity market. MSPs can partner with vendors, and even other MSPs, to offer enterprises as-a-service backup and recovery for all the 365 apps and platforms. It can be their entry into the $2 trillion untapped market and provide competitive differentiation as enterprises contend with IT staffing challenges and more budget pressures.