IT Security: Find Profitability in a Service No One Wants to Use

Investing in IT security has moved from optional to recommended to mandatory in short order.

Kaseya Guest Blogger

October 8, 2020

5 Min Read
IT security lifeboats
Getty Images

No one likes paying for things they hope they will never use. Whether it’s car insurance or fire alarms or life vests, our objective is to let those items collect dust, because the alternative means something bad has happened. IT security is no different.

No organization wants to be hacked, unauthorized access is never fun, and we all wish the only phishing activities we’d witness was a jam band from Vermont. But just as it would be irresponsible to hit the high seas without enough life jackets for everyone aboard, it’s equally foolish and shortsighted to leave the virtual gates of an organization’s computing environment unguarded.

And there is much to guard against these days. Bad actors are pummeling the IT infrastructures of companies of all shapes and sizes. They test and probe for weaknesses to exploit. Once inside they can wreak havoc, steal data, cripple essential systems and literally hold organizations hostage.

The cost of cybercrime-related damage is expected to reach $6 trillion in 2021, doubling the annual bill for such activities since it hit $3 trillion in 2015. Data breaches via hacking, malware, phishing, and social engineering are rampant and increasing, with billions of records, passwords, credit card numbers, and more being divulged or sold on the dark web.

Simultaneously, existing and newly introduced regulations are raising the bar on how companies that collect and store personal data handle and protect it. From GDPR in Europe to the California Consumer Privacy Act, management and safekeeping of personal information is a more difficult and onerous proposition than ever before. The stakes couldn’t be higher.

These paradigm shifts are driving worldwide spending on preventative measures to reach more than $130 billion by 2022. And while CIOs may be reluctantly allocating these funds and executive teams grudgingly approve them, investing in IT security has moved from optional to recommended to mandatory in short order.

Capitalizing on the Opportunity

For MSPs, this adjustment in market conditions requires a corresponding switch in how they approach their own customers and targets. Their sales strategy and messaging may have once focused on topics such as endpoint management and cloud migration, tacking on security services as an ancillary afterthought.

But, today, keeping data safe and being able to recover from a data breach or cyberattack-driven outage may be more top-of-mind for buyers than ever before. It’s a prime opportunity for MSPs to lead with security rather than relegating it to the tail-end of the sales cycle.

MSPs are uniquely positioned for this moment. Organizations considering outsourcing any aspect of their IT know cybersecurity is a vital issue for their survival, and they also likely realize they’re ill-equipped to handle this challenge on their own.

As trusted advisors, MSPs can educate customers and prospects on which defenses they should (if not must) put in place to adhere to applicable regulatory requirements and properly prepare for inevitable attacks. Fortifying these firms for 21st century threats isn’t just a value-add; it can be the primary reason for engaging with an MSP.

To fully monetize this moment, MSPs must stop thinking of cybersecurity as a bonus revenue opportunity and begin considering it a vital pillar of their profitability. It is a premium service that in many ways offers a bigger ROI to customers than anything else in an MSP’s portfolio, given the possibilities of hefty fines, ransoms, or lost business that could accompany a breach or denial of service attack.

And while this may not have been the original business MSPs thought they were getting into, it’s the business they’re now in. Like it or not, you can’t effectively manage an organization’s IT needs without taking on the responsibilities of maintaining an effective cybersecurity infrastructure, as well. Embracing this new reality and adjusting pricing, packaging and messaging accordingly is the savvy move for today and the future.

Building out Your Offering

To offer a robust suite of cybersecurity offerings, MSPs must offer all the standard solutions a customer might want. Leaving out a critical defense component could make a prospect select another vendor with a full arsenal on offer, or leave them open to a future breach they will inevitably blame their MSP for allowing.

At this point, the table stakes include:

  • Malware detection

  • Software version and patch updates

  • Advanced persistent threat (APT) and foothold detection

  • Activity logging and monitoring for unusual access and data transfers

  • Dark web monitoring for compromised credentials

  • Security identity and access management

  • Password management tools

  • Two-factor authentication

  • Back-up and disaster recovery services

  • Phishing protection

Each of these IT security solutions is complex and varied, built to take on different entry points that cyberattacks might exploit. For example, to combat phishing attacks, MSPs must be on the lookout for everything from spoofed URLs to malicious email attachments to social engineering scams, quarantining suspicious emails and heading off any account takeover activities that might be in the works.

And, when it comes to identity and access management, ensuring that users have access to the systems they need (and can’t get into those they don’t) can be an administrative nightmare without the right tool to configure things across thousands of potential in-house and third-party applications.

With so many different services to offer and support, MSPs can’t take this on alone. That’s why so many wisely turn to vendors that can furnish them with tools and software built for the challenge.

This might initially be driven by specific customer requests for a particular security initiative versus a wholesale strategic approach to the situation. But MSPs taking that route are missing the forest for the trees.

Cobbling together a web of disparate point solutions isn’t the best way to go and can drastically eat into profit margins. Each individual cybersecurity tool comes with its own set of credentials, unique user interface and learning curve, which makes training and usage a labor-intensive chore. Plus, a piecemeal approach will inevitably leave some gaps in the armor that cybercriminals will be all too happy to gain entry through.

That’s why a comprehensive, integrated cybersecurity management suite purpose-built for MSPs is a no-brainer for companies looking to make security services a cornerstone of their offering. Flatten the (learning) curve and offer an all-encompassing menu for customers to choose from, all managed from a single pane of glass.

At Kaseya, our portfolio of solutions keeps expanding. We’ve recently added Passly’s access management tools and Graphus’ anti-phishing defenses to our security suite, which is custom built for MSPs. Learn more about how you can add more customer value and increase your recurring revenue with security services.

Jim Lippie is GM & SVP Partner Development.

This guest blog is part of a Channel Futures sponsorship.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like