In the last three years or so, the channel has seen the total addressable market for managed-security services grow by leaps and bounds. By 2022, it will be more than a $40 billion market, and a big portion of that spend will be driven by SMBs.
Historically, pure-play managed security service providers (MSSPs) didn’t have the appetite or budget to deal with satisfying numerous SMB clients, which, let’s face it, can be a bit of a headache. They preferred instead to sell larger enterprise accounts and have fewer solutions to manage. But recently, these SMBs have begun turning to their longtime traditional VARs and MSPs – the good old “trusted advisors” – to satisfy their security needs, which in turn drives a lot of these partners to push into managed security services.
Today, everyone wants a piece of the MSSP pie. Really, everyone. There are a few broad approaches partners are taking to get into the space. Some shops are going full force into security. Yeah, it's all they do, and they devote considerable resources to internal development of security technology and customization of existing tools. It’s go big or go home with these partners, which are betting all their chips on the future of cybersecurity market demand (a gamble so sure it’s barely a bet at all).
Others are traditional telco and internet monitors that are easing into the market with things like managed firewalls, knowing they need to protect not only their clients, but also their own businesses. If an SMB customer watches its business go down in flames because their security provider failed in protection duty, you can be sure they’ll do their best to take that MSSP down with them. Security can’t sit in the background anymore; partners have to make sure that the network, endpoints and users are all protected, so relying solely on a firewall isn’t going to cut it any longer. MSPs need comprehensive solutions, oftentimes cobbled together out of offerings from multiple vendor partners that don’t exactly play well together.
The customer demand for managed security services is also driving convergence of traditional resellers and agents, which are used to selling products that are licensed for a few years from a “set and forget” mindset, with traditional MSPs that default to wrapping everything into a monthly service component. Kevin Willette, CEO of MSSP Verus Corp., says that managed security platforms are bringing those two models together, making sure the hardware and network are taken care of while also creating a more consistent flow and operating budget. If not exactly a Kumbaya moment, it’s kinda sweet to see partners borrowing from each others’ business models.
“Most partners are well-versed in sourcing products or solutions from multiple vendors and reselling those cloud services or software-as-a-service (SaaS) applications to the customer,” says Himanshu Verma, director of product management at security solution provider Watchguard Technologies. “But today, they need to make these multiple vendor solutions work together to provide a true security solution rather than just satisfying a break-fix SLA or counting on gross product resale margins.”
Devoting resources to packaging those solutions together can mean a real hit to the total cost of ownership, so many MSPs – especially those looking to transition to full managed security services practices – are increasingly demanding out-of-the-box solutions that provide capabilities like closed-loop ticketing and asset synchronization, remote reporting and remote-management capabilities. Savvy vendors are prioritizing integration with PSA and RMM tools, which MSPs almost universally already have.
Managing multiple platforms from different vendors can create complexity around keeping customers segmented and up to date with their solutions, too.
“You definitely can’t have an offering that would have any potential for configuration sharing between multiple customers,” says Willette. “You look at the overall picture of how the manufacturers have looked at putting together a program, and [they all have] different ways of deploying, supporting and pushing out patches across a wide range of MSP customers with different needs and different hardware appliances and software subscriptions.”
Cloud-based, automated solutions are key to managing that complexity, says Verma. Partners are increasingly feeling the pressure to do more with the same resources because of the massive demand from SMBs, and they’re turning to automated tools to help with some of the heavy lifting.
Verma says there are three main tools that its MSSP partners consistently clamor for in order to help them drive efficiencies.
- Automated Detection and Response Tools — MSSPs leverage various visibility tools to ensure they are fully aware of ongoing security changes. But detection alone is not enough, as MSSPs also need to respond to these threats. In addition to detection, MSSPs also need to provide their customers with proactive or reactive response services for security incidents. Tools that can help automate these responses in the form of an appropriate remediation are definitely high on the MSSP's “most wanted” list because not only do they ensure MSSPs effectively meet their SLAs, but they also eliminate the need for manual intervention when responding to and fixing unexpected security incidents.
- Zero-Touch and Scalable Remote Deployment Tools — MSSPs often provide solutions to multiple customers, with multiple sites and locations. For certain verticals, where regulations drive the need for certain security services, MSSPs need to repeat similar policies and configurations across multiple clients. This can add to tasks that need to be repeated often. Automated deployment tools – especially in the form of remote services that allow for such initial configurations and policies to be defined once and deployed automatically on multiple remote sites – eliminate the need for on-site deployment and help reduce the required overhead for MSSPs.
- Subscription Management and Tracking Tools — In addition to technology tools from multiple vendors, most MSSPs require the ability to stay on top of their service contracts and ensure that the security subscriptions offered as a package by these vendors are licensed and up to date. This calls for tools that provide visibility and control when managing vendor security services on-demand, as well as flexibility to stop and start, and use alerts/notifications for expiring services. These tools allow MSSPs to tailor to their customers’ packaged security protections instantly and provide uninterrupted SLAs.