What MSPs Need to Know to Succeed in Cloud Security

Written by Derek Handova
December 3, 2018

Cloud services have gone mainstream, but MSPs need to integrate them with security and not provide a standalone offering.

As cloud computing enters its second decade, it’s no longer just a place to experiment. It’s now ready for wider scale investment, says Gartner. However, experts believe that effective cloud security needs to be a part of an overall managed-service-provider (MSP) strategy and not something that can be treated as a separate practice.

“As an IT service provider managing performance and availability for our customers who work in the world of nonstop business – including SaaS providers, operators of ATM networks, midsize global companies and North American companies running multiple shifts – we have been pulled into the security market,” says Oli Thordarson, founder and CEO of Alvaka Networks, an MSP of cloud and on-premises IT and network solutions. “A good IT service provider can’t help but build a security practice to address all the threats facing customers daily. Everything security needs to be addressed from the time we start system design, as we manage the system day to day as well as when we address a security incident.”

By pursuing an integrated approach to cloud security, MSPs can keep the big picture in mind and get a leg up on the competition. In that vein, let’s explore some industry best practices for MSPs interested in growing their presence in the cloud-security market.

Why MSPs Should Offer Cloud Security

With all the services already offered by MSPs in the cloud computing space, some may ask how much sense it makes to layer a complex solution like security on top. And while platform providers like AWS offer customer cloud security on the outside of the cloud, security between instances is the responsibility of the customer or the MSP on behalf of the customer. And when the MSP provides cloud security on behalf of its customers, the per “unit” cost can be significantly lower.

Bitdefender’s Liviu Arsene

“Organizations of all sizes are seeing the benefits of cost savings, agility and simplified operations by turning to cloud providers to host their desktops, servers, or applications, with 94 percent of all workloads estimated to be processed by cloud data centers in 2021,” says Liviu Arsene, Bitdefender global cybersecurity analyst. “Service providers have a significant opportunity in helping their customers transition and adopt cloud services, realizing the business benefits associated with this cloud paradigm.”

The fact of the matter is that cloud security is badly needed as evidenced by data breaches at Yahoo, Dropbox, Equifax, Facebook, LinkedIn, and more.

“Cloud security has become a necessity, due to HIPAA, GDPR and other regulatory and compliance reasons,” says Sharad Suthar, CEO and founder, Strategic Response Systems, provider of IT services to midsize businesses, professional services firms and entrepreneurial ventures. “By not having adequate security, companies can be subject to huge fines and damage to their reputation.”

The Cloud Security Market Opportunity for MSPs

According to a recent Gartner report, the managed security services market is growing at a healthy rate — in 2016, the market grew 10 percent, to reach $9.4 billion in revenue. Gartner found similar results for 2017. The lack of IT expertise to secure cloud applications and other business innovations involving the internet of things (IoT) is helping to fuel this growth in managed security services, experts say.

“To succeed in this growing market, MSPs must provide a one-stop shop for their customers helping them scale and rapidly ramp up cloud security, network access control, mobility management and visibility capabilities,” says Dan Dearing, senior director of product marketing at Pulse Secure, a provider of integrated and flexible hybrid IT secure access solutions. “Such a security platform helps MSPs differentiate their security offerings for enterprises of all sizes by helping defeat the latest cyberthreats and providing a single security standard that tackles the security roadblocks that hinder business use of the cloud, mobile devices and IoT.”

And for use cases like micro segmentation and real-time threat detection and response, expectations are also that demand for managed security services will continue to rise and adoption will be driven by …