Should You Become an MSSP?

December 19, 2016

If you have managed services customers in highly regulated markets, becoming a managed security services provider is a natural evolution you should consider.

In a climate of growing and evolving cyber threats, many businesses are outsourcing IT security to experts outside their organizations. The industry has recognized the opportunity to provide security services to the SMB market for some time, but a study released this year by Forrester for Masergy Communications revealed that 57 percent of enterprise companies are also seeking outside help for IT systems monitoring and 45 percent are outsourcing threat detection and intelligence.

Fueled by the constant struggle to stay one step ahead of the latest brand of cyberattacks, the North American market for managed security services is expected to reach nearly $20 billion by the end of 2016, according to Persistence Market Research.

The opportunity to provide managed security services is enticing, but you may be uncertain about where to begin to expand your MSP into a managed security services provider (MSSP). A good place to start is with your current client base and the markets you serve. Managed security not only helps organizations minimize cyberattack risks, it also helps businesses in verticals such as healthcare, financial services or retail stay compliant with industry regulations. If you serve clients in these markets, their need for compliance is a viable reason to expand your practice with managed security services. Here are some key steps to take to become a successful and profitable MSSP.

Find the Best Tools for the Job

A wide variety of security solutions are available for you to use to build your managed security offering. One of the foundational tools for an MSSP is security information and event management (SIEM). You will want to research the best SIEM systems to collect data to provide an overall view of IT security, as well as threat intelligence offerings that will help you interpret the data.

Look for solutions with a high degree of automation to reduce the labor required to run reports and identify security risks. Profit margins will be tied to your ability to control the time it takes to deliver services, so automating as much as possible is essential. Additionally, you will need basic tools such as a ticketing system and professional services automation (PSA) to track work in progress and billable time.

It’s also important to define the tools your clients must have in place for you to agree to take them on as managed security clients. If a business has substandard security technologies or policies, it will inevitably cost you more to manage. Don’t take on a client that won’t meet your standards—they will likely become a profit risk for your company.

Hire IT Security Experts

MSPs are well aware that IT talent is hard to find, and finding a security specialist can be even more challenging. Be realistic about the budget you will need to hire staff members with IT security expertise. Moreover, take your time with the hiring process and make good hires that have the skills you need and are likely to stay with your organization to minimize turnover and disruption to the delivery of services.

Choose the Right Vendor Partners

If security monitoring and threat detection is a new area for your business, working with the right vendor partners will be critical to your success. Look for partners that provide the tools you need and that will offer support as you build your offering, train your staff, and onboard clients.

In addition to top-of-the-line solutions, technical support, and training, the right partner will provide education on the types of cyberattacks most common to your market, the most prevalent attacks, and emerging threats. Your security vendor partner should also offer guidance as you build your service offerings, ensuring they will scale to meet changing market demands.

As you create your managed security services offerings, don’t lose sight of the unique value that defines and distinguishes your MSP practice. This value will continue to differentiate you from competitors and will help you command a price that will make your efforts worthwhile.

Right now is an opportune time to consider adding managed security services to your MSP. Research and careful planning, as well as forging smart partnerships, will help make the new direction for your business a successful one.

Chris Crellin is Senior Director of Product Management for Intronis MSP Solutions by Barracuda, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

Guest blogs such as this one are published monthly and are part of MSPmentor’s annual platinum sponsorship.