MSP vs. MSSP: What’s the Difference?

It’s been a long, strange trip for managed security services. When I stumbled into the market around 2008, most MSPs were just getting started with RMM (remote monitoring and management) services for PCs and servers.

Around the same time, big antivirus companies stumbled into — and out of — the market a few times. By 2012 or so, the market matured. MSPs had multiple endpoint security solutions from which to choose. Life was good. Or so it seemed.

Somewhere along the line, hackers moved the security cheese. Malware attacks extended from endpoints to networks and cloud services. Ransomware rose. Traditional managed services — PC and server monitoring — got commoditized.

MSPs Extend to MSSPs

Amid all those changes, the next major MSP opportunity emerged. Once again, it was security. But not your basic AV services. Throughout 2016 and early 2017, I suspect thousands of MSPs embarked on a mad dash to figure out their next-generation security services.

Lyf Wildenberg

In some cases, MSPs will fold those security services directly into their mainstream offerings. But in other cases, MSPs will launch dedicated MSSP practices, security operations centers (SOCs) and more. Among the companies to watch: Mytech Partners, an IT service provider in Minneapolis that has been building out MSSP capabilities over the past year.

MyTech President Lyf Wildenberg shared some of the early plans with me during HTG’s IT Channel Summit in September 2016. By the time MSSP Alert launches in mid-2017, I suspect I’ll have more updates from Wildenberg to share.

MSSPs: Specialized MSPs, Telcos, ISVs, CSPs & More

Scott Barlow

In the meantime, back to the core question: What’s the difference between an MSP and an MSSP? The definitions will spark plenty of debate but…

  • An MSP offers a range of services — typically managing on-premises and cloud services for customers. Somewhere within that service catalog, the MSP typically offers some security services — perhaps endpoint, network and/or cloud security.
  • An MSSP goes the extra yard. They go all in on security. In the MSP’s case, it may involve building out a far more comprehensive security practice. It may involve building out a dedicated security practice or spinning off a business.
  • But the MSSP discussion isn’t limited to the MSP journey. ISVs, CSPs and telcos also fit the MSSP definition in some cases. As Sophos VP Scott Barlow told me during CompTIA Annual Member Meeting (AMM) in March 2017, Sophos itself can be considered an MSSP — offering end-to-end security solutions to VARs, MSPs and other types of partners.

Perhaps the MSSP definition is in the eye of the beholder. But I think we can all agree: MSSPs are passionate about safeguarding customer assets, no matter where those assets reside.

PS: Stay tuned. We’ll be profiling MSSPs in the days and weeks ahead.

Return Home



    Brent Conroy:

    Amy and Joe,

    Thank you for granting me early access to MSSP Alert. In the spirit of building and participating in your community, here’s my question: Do you expect all MSPs to somehow become MSSPs?

    Brent C

      Joe Panettieri:

      Hi Brent: Thanks for the note. We expect the vast majority of MSPs to offer some sort of basic security services, such as traditional endpoint protection. Then, there will be a healthy number of MSPs that go a step further by plugging into larger MSSP networks. Either way, we think the managed security services discussion is a major inflection point for all types of partners and tech companies that are trying to safeguard customer assets.

    Casey Corcoran:

    Brent, a thought I have is that as security becomes intrinsic to operations, MSPs are incented into taking on more of the second security burden, effectively morphing into MSSPs. As a consumer of managed services, I want to know my service provider has the depth to extend my security stack; alternatively, I need a different provider which brings challenges of accountability and responsibility that I don’t want.

      Joe Panettieri:

      Hey Casey: Agreed. MSPs as a whole will expand their security services. But here again, I believe most MSPs will need to plug into larger third-party MSSP and SOC services.

Leave a Reply

Your email address will not be published.