Having a SOC, whether owned or outsourced, is a must to qualify as an MSSP.

Edward Gately, Senior News Editor

August 29, 2019

3 Min Read
MSSP
Shutterstock

It will come as no surprise that a full 100% of the 2019 MSP 501 reported offering some sort of cybersecurity offering, and 100% identified security as their topmost growth opportunity. 

But there’s security, and then there’s security.

We sit at a unique point in the maturation of a market where the opportunity is clear, but exactly what constitutes it is not. Remember 15 years ago when everyone with an RMM was proclaiming themselves a “cloud service provider”? Or just a few years ago when every solution utilized “advanced AI technology”? There’s a reason every company in the channel isn’t arbitrarily throwing those terms around today: Their definitions are much more defined in 2019.

But there’s a new descriptor that everyone wants to claim: that of managed security service provider. We see MSPs whose security “offerings” essentially consist of antivirus, antimalware and BDR claiming the MSSP title. While that’s clearly not accurate, we’re not far enough into the managed security market maturation for the industry to agree on a hard and fast definition of an MSSP.

Go here for access to the 2019 MSP 501, the world’s most comprehensive ranking of managed service providers. The MSSP list is here.

As we did last year, Channel Futures consulted cybersecurity channel chiefs, industry analysts, true MSSPs and our own security beat reporters to create a set of criteria that we think an MSSP should meet. Admittedly, this criteria is somewhat subjective, as is every attempt to decide what qualifies an MSP to earn the “extra S.” We then applied that criteria to the 2019 MSP 501 to come up with a list of winners that have definitely earned that designation. The results raised our eyebrows.

The criteria for our MSSP designation included: at least 35% revenue derived from managed services; working with a minimum of three security vendors; indicating that endpoint security and network security are growth areas; having a security operations center (SOC), either in-house or third party; having a security information and event management (SIEM), or at least a log management solution; and offering threat detection.

Having a SOC, whether owned or outsourced, is a must to qualify as an MSSP.

In addition, qualifying MSPs must offer the following on-premises security services and managed cloud security services.

On-premises security services include:

  • Endpoint security

  • Identity access management

  • Network security

  • Enhanced network monitoring

Managed cloud security services include:

  • Managed security

  • Patch management

  • Managed anti-spam

  • Network Operations Center Services

  • Help desk

  • Remote monitoring

Managed security services remain a challenge for MSPs, while the market is expected to accelerate at a CAGR of more than 14.5 percent by 2024, according to Market Research Engine.

Among the companies that earned a spot on our 2019 MSP 501 list, just 78 earned our MSSP designation, while their customers are increasingly demanding comprehensive managed security services. Some 77% of SMBs anticipate at least half of their cybersecurity needs will be outsourced in five years, and 78% plan to invest more in cybersecurity in the next 12 months, Continuum told Dark Reading.

This is good news for MSPs building a robust security practice, though to date, it’s still pretty nascent. The poll shows only 13% of our MSSPs’ annual revenue is derived from selling managed security services.

The standards for MSSPs are still high, both from a technology and a business strategy standpoint. We are proud to present the MSSP 51, the top 51 partners that met our criteria for inclusion in this group. Congratulations to you all for leading the pack in managed services.

Download the full list of MSSPs here.

Read more about:

MSPsMSP 501

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like