The buzz about digitization and cloud migration over the past few years might suggest that's where enterprises are spending all their IT dollars. Not so: 73 percent of 2018 MSP 501 listees rated security as their fastest growing service, with 71 percent zeroing in on network security. From there, it drops off markedly, with 55 percent choosing professional services, 52 percent selecting Office 365 and 51 percent pointing to consulting.
It's hardly a surprise that security is a major area of investment by customers, given the unrelenting pace of attacks. The dilemma for partners isn't whether to invest in security-as-a-service, but how to architect a service, bundle the various tools required to cover customer needs, then select a platform and handle the business end.
Oh, and don't forget staffing.
Security is one of four core components of Liberty Technology's (MSP 501 #242) portfolio, along with compute, connectivity and collaboration. Ben Johnson, founder and CEO of the Griffin, Georgia-based MSP said its primary clients are midsized organizations. Liberty Tech is using Cisco security for security information and event management (SIEM). For companies with fewer than 1,000 employees, "Cisco has a really strong security architecture," Johnson said.
Many of Liberty's clients have around 50 different security tools, most from different vendors, with little integration. Despite the plethora of tools, Johnson said there's a 66 percent chance an organization will be breached. "Not just once," he warned, "but five times. Spending all of that money is not effective."
Johnson recommends moving clients to a common security architecture, "Alll of those pieces fit together and work as one in an orchestrated fashion," he said.
Customers are warming to the idea.
Logicalis (MSP 501 #10) offers what it calls an architectural approach to security with services such as threat assessment, securing servers by ensuring DNS isn't enabled, offering secure mobility solutions and implementation of multifactor authentication (MFA). "We pick our swim lanes, we pick our areas that are most relevant to our skills, to our customers, and we make sure we have the disciplines and domain expertise to deliver against that," said Mike Houghton, Logicalis' chief sales officer.
Robert Moyer, president of Rochester, New York-based ComTec Solutions (MSP 501 #248) just hired a cybersecurity engineer who has extensive experience working on Department of Defense projects. ComTec is still in the exploratory phase of whether to build out a security operations center (SOC) and become an MSSP. However, Moyer said he's seeing managed security as a key area of growth. "We’re starting to add to our tool set and decide if we are going to actually bring up an MSSP or are we going to outsource a SOC service," he said.
Valiant Technology (MSP 501 #206) is also exploring its options for delivering a bundled managed security service. Tom Clancy, Valiant's CEO, said providing a bundle of offerings from different vendors that work well together is the most effective way for an MSP to retain its role as a trusted adviser.
"If you go to your customers and just say, 'Hey, buy AlienVault from me,' a savvy customer will go to AlienVault.com and see how much it costs to buy it direct and ask, 'Do I really need you to run this thing that is cloud-based and runs itself?'" Clancy said. "The clever MSPs are making a security package. They're bundling it all together and making it a tack-on" to other business services.
Clancy said he will offer the security service in a way few can refuse.
"Our plan is to have our security bundle as not optional," he said. "Our managed services plans will say, 'It costs this much per seat, and it's this much if you want the security package. And by the way, you really want the security package, otherwise here's my limitation of liability." And that, he indicated, could cost more in the long run.