What SaaS Companies Thinking About an MSSP Model Need to Consider

Companies must know cybersecurity and their customers to make the move from MSP to MSSP.

Ayesha Prakash, Director of Global Channels

March 26, 2019

4 Min Read
SaaS Apps


Ayesha Prakash

As technology becomes increasingly important to companies of all sizes and in all industries, managed service providers play a vital role in the business landscape. By providing the IT knowledge and capabilities their clients don’t have, MSPs enable even the most Luddite organization to benefit from the latest tech developments.

Still, the digital revolution of recent years has also made companies more vulnerable by exposing their IT infrastructure to potential hacks and data breaches. The more dependent companies become on digital technology, the more catastrophic an attack would be and the more important it is to protect their resources.

According to a 2017 survey, three-fourths of CEOs said they planned to make “significant” investments in cybersecurity over the next several years. Seeing a large and lucrative audience, many MSPs are looking to add IT security to their suite of service offerings, which would make them a managed security service provider (MSSP) as well.

Software-as-a-service companies are uniquely positioned to take advantage of the coming MSSP boom. The SaaS business model involves licensing on-demand subscriptions to software that is delivered to clients over the internet.

Because MSPs deliver much of their work via proprietary software, many SaaS companies can already be considered part of the MSP space. Going from MSP to MSSP requires both a greater knowledge of the cybersecurity landscape and greater familiarity with your customers.

How to Begin Offering MSSP Services

In light of the growing preoccupation with IT security, SaaS businesses would be wise to add “security as a service” to their offerings. However, the MSSP transition won’t be easy, and can’t happen overnight, for most SaaS companies.

The first piece of advice that SaaS companies should follow when building an MSSP model is the classic business maxim: “know your customer.” Clients usually hire the services of MSPs and MSSPs because they don’t have the time, money or skill set required to solve IT problems on their own. To evaluate potential partners, a client may be looking at a number of criteria, such as vetting key technology platforms, subject matter expertise, architecture, processes and workflow automation, cost savings and scalability.

Making the final decision among several MSPs/MSSPs often comes down to the right fit, culture and experience. Clients need to feel that their choice of partner understands their unique business situation, and is able to provide the right advice for that situation.

MSSP Strategies: Cross-Selling and Upselling

For your SaaS company to start dipping its toe in the MSSP waters, you should first analyze the security concerns and pain points that your existing SaaS clients are experiencing. According to marketing professor Paul Farris, it’s 50 percent easier to cross-sell and up-sell to existing customers than it is to convert new prospects. The first step on the MSSP journey for SaaS companies should therefore be an additional SaaS product, focused on IT security, that serves the needs of their clients.

Doing this well means that you’ll need to take a good look at exactly who your SaaS clients are. If many of your customers are in the health care industry, for example, then you should be aware that …

… health care organizations need to abide by the data protection regulations in HIPAA (the Health Insurance Portability and Accountability Act). On the other hand, retail and e-commerce companies that store customers’ credit card information must follow the PCI-DSS standards for protecting their personal data.

MSSP Strategies: Land and Expand

Once you get your foot in the door with security services, it becomes much easier to use a “land and expand” marketing strategy. Clients who see the value in the security products you offer are more likely to purchase more services and convert to higher payment tiers. For example, after launching your first software as an MSSP, you might charge a higher price for customized metrics and KPIs that are tailored for the situation of each individual client.

As senior director, head of worldwide channels and partnerships at Flashpoint, Ayesha Prakash leverages her extensive experience driving business development and marketing efforts in the IT sector to build Flashpoint’s global channel program. Follow Ayesha on Twitter @yoursocialnerd and @FlashpointIntel.

Read more about:


About the Author(s)

Ayesha Prakash

Director of Global Channels

As vice president of global channels and alliances at KELA, Ayesha incorporates more than 15 years of experience across IT and cybersecurity industries. She has extensive experience driving global business development and marketing efforts in the cybersecurity space, previously holding prestigious positions, such as head of global channels and partnerships and chief revenue officer at leading cyber intelligence firms. She was awarded a Top Gun 51 designation from Channel Partners Online. Ayesha serves on the board for the cybersecurity program for Pace University, Ithaca College and Rutgers University. She is also an active participant in the Information Systems Audit and Control Association (ISACA), Women in Cyber (WiSys), and the Alliance of Channel Women.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like