**Editor’s Note: Register now for the Channel Partners Conference & Expo, the gathering place for the technology services community, April 10-13, at Mandalay Bay in Las Vegas.**

The global managed security services market will reach nearly $30 billion by 2020, as enterprises and SMBs alike turn to managed security services as their preferred cybersecurity deployment model, according to Allied Market Research.

After all, it’s not like they can hire. During this Channel Partners Conference & Expo concurrent education session titled, “Managed Security Services: The Next Opportunity,” Tina Gravel, Cryptzone’s senior vice president; Bill Gauthier, Armor’s director of strategic alliances; Cameron Tousley, ESET North America’s partner community manager; and David Venable, Masergy’s vice president of cybersecurity, will tell partners how they can capitalize on this increasing demand.

In a Q&A with Channel Partners, Gravel, Gauthier, Tousley and Venable give a sneak peek into the information they’ll share with partners.

Channel Partners: What is fueling the growth in the managed security services market?

Tina Gravel: Managed security services are growing because cybersecurity is a fast-moving target. Very often it makes sense to outsource due to the requirement for specialized knowledge and the overall shortage in skilled personnel that can do the work. You need the resources but may not be able to attract and/or hire yourself.

Bill Gauthier: The growth of the public cloud, in addition to the shared responsibility matrix for security in the cloud, are significant drivers. Plus, with the cybersecurity skill gap having more than 2 million openings globally, organizations need help managing security because experts are difficult to recruit and retain.{ad}

Cameron Tousley: a) Financial flexibility/increased cash flow for end-user customers: having a fixed monthly payment versus spending an entire yearly budget upfront is attractive for end users who would rather allocate larger portions of their total budget to help grow their business all year long.

Also: b) convenience; and c) expertise.

David Venable: Companies of all sizes are finding it hard to attract and retain security talent. That’s compounded by ever rising salaries. A managed security service lets IT teams bolster their security posture with 24×7 human monitoring, the latest technologies to detect and defend corporate networks, and predictable operating expenses. Some managed services also work with the existing security solutions companies have in place such as firewalls and intrusion detection systems.

CP: How does a partner stand out in this increasingly competitive market?

TG: As with any market, sellers that stay abreast of the latest trends and exploits, as well as how ,,,

{vpipagebreak}

… these things impact the end-customer’s business, will be ahead of those that sell product features and functions only.

BG: To differentiate in this increasingly crowded space, partners need to demonstrate the capability to be a trusted, experienced adviser with proven security talent from the military (National Security Agency, Department of Defense) or other demanding fields. They must also show that they can deliver strong return on investment for customers who might try to take security in-house. Finally, there must be measurable outcomes on performance, such as positive metrics on “dwell time,” which calculates the amount of time a network has been compromised. This number needs to remain small in terms of days before a threat is remediated.

CT: a) Sell a complete solution: When putting together a managed services offering, offer a basic package, but also a more advanced and complete solution for customers who have additional IT/security needs. Offer basics like networking, web, email plus basic security (firewall, spam filtering, antivirus), but also include a more advanced package that includes additional security layers like encryption, two-factor authentication, (and) periodic physical/digital security testing with employees to ensure the tools and end user education are present for a more holistic solution.

Also: b) focus on a niche; c) become an authority; and d) engage with clients consistently.

DV: A partner will stand out if they have developed some core competencies around managed security that allow them to speak with authority to customers and core prospects. They should also demonstrate an understanding of the unique security requirements of customers in particular vertical industries. For instance, health-care organizations have been besieged by a variety of multifaceted threats and are subject to specific government regulations around patient privacy.

CP: What are some of the top traits of successful MSP and reseller partners in this market?

TG: Tenacity: understanding the long game, not trying to crush it in the first conversation and methodically keeping at it. Generosity: offering help without expectation, and trust … all the things you learned in grade school are still effective.{ad}

CT: a) Ability to free up resources to provide more services: find ways to automate a consistent, effective and secure IT solution that works for large- and small-size clients. MSPs who use tools to partially/fully automate tasks like device management, monitoring, helpdesk ticket monitoring and billing will free up time they can use to provide services that can yield great returns with high-profit margins.

Also: b) provide more add-on services; and c) (the) ability to communicate value effectively.

DV: Successful MSPs and reseller partners will understand what customers are trying to accomplish, see their strengths and weaknesses, and help them develop a …

{vpipagebreak}

… 360-degree security implementation that will work just for them.

CP: What are some of the potential pitfalls to avoid when formulating a managed security service?

TG: Understanding the market and picking your spot is very important. The market for cybersecurity is so complex; you will not be able to be all things to all people. Carefully choose your target market and optimal solution to address it, and stick to it. You may be seduced by those asking you to make changes and add things to your services, but you can’t do it all and do it all well. In order to become a “trusted adviser,” you need to become proficient in something. Grow, but grow optimally with solutions that are complementary to what you are doing. Your clients will have respect for your ability to say no if the fit isn’t right as well.

BG: Challenges that loom for managed security providers boil down to having adequate talent in place with sufficient security knowledge to put forth the appropriate security solutions. And there are inherent costs to initiate and integrate solutions, which must be understood. Additionally, there is a drawback to treating every customer like a “snowflake” rather than putting forth standardized processes and services that can be scaled appropriately without overinvesting with headcount, etc.

CT: a) Not defining goals, customer targets and a business plan: Before you start down the road of launching an MSP practice, analyze and define (on paper), what your business goals are, what business profile you will focus on (and can be realistically effective in), what client size your business model and resources can accommodate, and devise a business plan that encapsulates all of this.{ad}

Also: b) not developing awareness that all businesses are different; c) selling versus knowing; and d) automation according to scaling the business.

DV: When formulating a managed security service, it’s important not to rely on a limited selection of security solutions like firewalls, intrusion detection systems or signature-based security systems. A behavioral-based security service will help block against new signatures that come in as opposed to a signature-based security system that will only block against a set of predetermined signatures. You need to consider your security coverage and sensors because you could have malware threats or insiders who are trying to harm the network.