From MSP to MSSP Transition: Beware Managed Security Services Hype
Buy the right cybersecurity tool and you can transform your business from an MSP into an MSSP. Three cybersecurity companies — BlackStratus CyberShark, ESET and Kaspersky Lab — each delivered that specific message during Autotask Community Live 2017 yesterday in Hollywood, Florida.
If only it were that easy. Yes, I know thousands of MSPs trust and depend on CyberShark, ESET and Kaspersky for various cybersecurity functions. But the lofty aspirational promise — easing and/or automating the journey from MSP to MSSP — is fraught with challenges. Buying the right tool doesn’t guarantee success. In reality, you’ll need a healthy dose of talent people, repeatable processes and automation.
What True MSSPs and vCISOs Say
Just ask MKACyber, a Top 100 MSSP in Fairfax, Virginia. Roughly 30 of the company’s 50 employees are analysts who work in MKACyber’s security operations center (SOC), CEO Mischel Kwon tells MSSP Alert. Through proper documentation of business processes, MKACyber has continued to scale its business, she adds. (We’ll share more thoughts from Kwon soon).
Another key example: Apex IT Group, an MSP in Mount Laurel, New Jersey, is pursuing the MSSP opportunity from a c-suite mindset, rather than a tools and technologies mindset. CEO George Mach believes virtual Chief Information Security Officer (vCISO) services are a key opportunity going forward. Much in the way that many MSPs behave as vCIOs, the vCISO wave will allow MSPs to perform cyber risk analysis. Without that analysis in hand, the MSP can’t properly pinpoint exactly how to address security for each customer, Mach tells MSSP Alert.
Webroot echoed those sentiments during an Autotask Community Live keynote earlier today. “When it comes to the journey from MSP to MSSP, make sure you know what you’re getting into,” says David Dufour, VP of engineering and cybersecurity at Webroot. “And understand what your customers are willing to pay.”
MSSP Land Grab: Like RMM All Over Again
A decade ago, RMM (remote monitoring and management) software vendors vowed that they could transform VARs into MSPs. The message was aspirational. And frankly, it did get thousands of break-fix resellers to begin the journey toward monthly recurring revenues.
Still, those early movers toward managed services learned a lot of hard, painful lessons. Chief among them: Tools alone can’t transform your business.
Fast forward to present day. Tool providers are vowing to assist MSP-to-MSSP business transformations. No doubt, most MSPs will push deeper into security. But perhaps the wisest first move likely involves a simple commitment to master the basics — say, like patch management. Also, we expect to see plenty of MSPs partnering up with top MSSPs.