Datto Execs to MSPs: It’s a Mistake to Try and ‘Evolve’ into an MSSP

… the partner side. We’ve all heard it: If you don’t evolve to an MSSP, there’s no future for you. We heard the same thing about MRR, cloud and IoT. A lot of people like to predict the end of traditional managed services.

Rae says that’s a massive mistake.

Datto’s Rob Rae

“MSSP is a whole different animal because you’re now literally on the hook for security and recovery compliance laws,” explains Rae. “There’s so much more to being an MSSP than there is to being an MSP. MSPs are going to handle 90% of what an end user actually needs. MSSP is that little 10% — and they have to be super, super diligent.”

Managed security is not a quick and easy business to spin up or run. MSSPs need a CISO, quality security engineers and an intelligent approach to SMB security. While a majority of MSPs make their bread and butter on SMB IT infrastructure, which includes some managed services that could be considered security such as antivirus and firewalls, there still isn’t a lot of demand for advanced security, which isn’t yet commoditized enough for a traditional MSP to scale.

What sense does it make to evolve into an MSSP when the resources needed to do it are colossal and the current need for it is so small?

“Technology moves really quickly and they’re all small businesses without enough time in the day,” posits Emily Glass, chief product officer at Datto. “So keeping on top of the latest trend, the latest threat, the latest info, whether it’s the move to the cloud or a security thing is just challenging with everything else going on.”

Datto’s Emily Glass

On the MSSP side, the way Rae talks about their pain points is reminiscent of the agent model versus MSP model that the channel has been debating for years. MSSPs do security, but in order to break into that SMB market that’s so reluctant to sign on, they’re the ones that have to devote massive resources into finding and cultivating those relationships. It’s the inverse of the MSP problem. How will an MSSP make decent margins if only one out of every 10 sales calls they make turns out to be a go? MSPs occasionally need advanced security for select clients. MSSPs need the relationships their IT infrastructure brothers and sisters possess.

“In fact, [partnering] is one of the things that I recommend to MSPs all the time,” says Weeks. “If you don’t have the expertise in something, it doesn’t mean that you can’t get it, but just the amount of knowledge and ramp that it takes to become an expert in some of these controls or some of these processes, or to adopt some framework, it takes years to become proficient.”

Spinning up an MSSP business is a giant undertaking, and Weeks says the best way to mature along that path is to find a partner that’s already there and have them help accelerate your growth into that area. There’s also an opportunity to evolve managed security expertise simply by working hand in hand with a security specialist. When an MSP and MSSP co-manage an environment, they’ll each learn what it looks like to provide other services, all without the risk of buying the solution, risking that it won’t work, implementing an incorrect configuration and dealing with all the other complexity that advanced security solutions bring.

It isn’t a problem that’s going to be solved in the short term, Weeks admits.

Don’t get Datto wrong. MSPs should absolutely be evolving their security know-how, and it says tools like those released at DattoCon will help make crafting a solid, baseline cyberdefense easier. But when it comes to advanced security solutions, they should seriously think about whether or not they’re worth the investment to provide and maintain. Because there are a slew of MSSPs out there eager to partner with traditional managed service providers — it’s a win-win, at least until security becomes commoditized and easier to wrangle.