With new cyberattack vectors and new bad actors continually increasing, managed security — and skilled managed security services providers (MSSPs) are in demand. Verizon’s 2020 Data Breach Investigations Report states that web application breaches now account for 43 percent of data breaches, twice as much as last year, and ransomware attacks are on the rise, now making up 27 percent of all malware incidents. Furthermore, 17 percent of breaches can be traced to human errors — that’s twice as many as last year.
The Verizon report also confirms that virtually every industry is a target, including financial, healthcare, restaurants and hospitality, entertainment, construction, education, IT, manufacturing, and mining, energy and utilities. Regardless of its size, the business or organization may lack in-house resources to address cybersecurity — and they are looking for help.
Challenges New Managed Security Providers Must Overcome
Chris Crellin, Senior Director of Product Management for Barracuda MSP, points out that many managed services providers (MSPs) and value-added resellers (VARs) are expanding their businesses to provide security solutions and services to meet that widespread need. As they evolve their businesses, they often face four challenges:
It takes knowledge and skill to provide security solutions or Security as a Service, and learning takes time.
“Security is not just about prevention. It’s about the ability to oversee and remediate threats, as well. In some cases, there’s a compliance angle that needs to be covered. MSPs also need to know how to put together a security framework that includes the right tools, policies and expert oversight to effectively protect their customers,” says Crellin. “That type of knowledge and experience isn’t achieved overnight.”
He points out, however, “While it is always good to have some security expertise in-house to be able to have in-depth conversations about security with customers, a dedicated security vendor can offer a sophisticated security management and monitoring service that can give both the MSP — and its customers — peace of mind from both a business and a security perspective.”
“This can also enable an MSP to further scale their business, as it frees them up to focus on other areas of IT management for their customers,” he says.
Crellin says if you plan to hire security resources, be aware that expert staff may be difficult to find and “are in such demand that they’re even harder to keep.”
Also, don’t attempt to assign staff to security services part-time. Dedicated staff, says Crellin, is absolutely necessary. “In today’s landscape, businesses of all sizes are frequently under attack (whether they know it or not), and managing dozens or hundreds of customers means an MSP is always going to have to manage those threats. This includes, for example, monitoring, policy updates, and attack remediation. Additionally, the threat landscape is always evolving, and requires dedicated efforts to ensure staff are up to speed on the latest threats and avoidance techniques.”
MSPs and VARs new to providing managed security need to plan how to invest in and implement tools designed to protect and manage their customers’ systems. “The thought of securing, training on, and managing those tools and potential new vendors can be daunting to some MSPs,” Crellin says.
As you weigh your options, you may want to consider tools that automate some of the workload that you would otherwise have to fulfill. MSPs can use tools to automate forensics and incident response in the wake of an attack.
Crellin says security-centric remote monitoring and management (RMM) platforms, like Barracuda Managed Workplace, can help automate some areas of security such as patch management and endpoint security management.
“MSPs should ensure that security tools work well with the management and monitoring tools,” Crellin comments. “These solutions will need to work together to provide a clear picture of what’s happening in any given customer’s environment, at any moment in time.”
Crellin says another challenge that MSPs and VARs face when beginning to offer securing solutions or managed security is learning how to sell it: “MSPs need to understand how important security is and use it as a differentiator against their competitors. When possible, MSPs should work with vendors to articulate that value proposition.”
Mastering how to communicate the value of the security solutions you provide, as well as growing in knowledge, hiring skilled resources, and investing in the right tools, are challenging, but, Crellin says, aren’t optional.
“More and more MSPs are moving into security out of necessity, and their customers expect it from them. Those that don’t find a way to fill that need will probably not survive unless they’re in a special niche,” he says.