Cybercrime is on the rise, and the number and variety of security threats is continuously expanding. Cybercrime damage could cost as much as $6 trillion annually by 2021, per research from Cybersecurity Ventures.
All businesses, regardless of size, need IT security and data protection to help combat the heightened threat landscape. And yet, according to a recent study by Barracuda MSP and The 2112 Group, only 15 percent of MSPs surveyed said they sell security services, while 62 percent were considering adding security to their services portfolio.
At the same time, many small to midsize businesses (SMBs) are relying on their MSPs to provide the type of security needed to avoid a data breach because they don’t have the expertise or staffing to handle it themselves.'Not only is there a growing demand for security services; many of your customers already assume you have all their security and data protection needs covered.' ~ Neal Bradbury, Barracuda MSPClick To Tweet
As many MSPs can attest, even if they don’t yet offer managed security services, there is a perception among their SMB customers that the MSP has everything covered when it comes to security and data protection. The fact is, some SMBs believe that simply by engaging with an MSP, all facets of their IT requirements will be met, yet this isn’t always the case. The gap between SMBs’ expectations and the reality of some MSPs’ services portfolio has resulted in some dangerous security vulnerabilities.
There is a clear need for managed security services for these smaller companies as the fear of data breaches increases. Gartner expects worldwide cybersecurity spending to reach $96 billion in 2018, an 8-percent increase over last year.
This highlights the need for MSPs to offer a well-rounded security portfolio. Not only is the demand there; many of your customers already think you’re providing these services.
Clarify Security Responsibilities
As an MSP, what can you do to ensure your customers’ needs and expectations are being met when it comes to security?
To begin with, it’s important to have frequent discussions with your customers about what services are being provided to them and how these services map to the scope of their managed services agreements.
Additionally, MSPs should assess their customers’ requirements regularly to ensure each one is receiving the level of managed security and data protection services needed to keep their data and applications safe from cyberthreats such as ransomware, malware, and phishing.
Security deployments are often driven by fear of a data breach or the experience of already having one. But, when it comes to security services, internal customer dynamics are also a major driver. In our survey, the inability to staff security was the second most frequent purchase trigger for security services (behind fear of a security breach). The fact that security was too complex to handle in-house was the fourth most common purchase trigger.
Move Beyond Simple Security Solutions
To truly succeed in managed security services, MSPs will need to expand their offerings beyond simple services like firewall protection, data loss prevention, backup, and antivirus. Clients are looking for more sophisticated services like incident response, cloud access services, security policy management, and identity management.
Those more advanced services will require a greater degree of investment on the part of the MSP than firewall or back up and data recovery services. For those hoping to transition to a managed security services provider (MSSP), simply buying a suite of security tools isn’t enough. You’ll need the right staff to take charge of the security offerings, establish repeatable processes to ensure you are providing a reliable service to your clients, and a sufficient level of automation for sustainability.
For MSPs that can’t make that investment, there are plenty of opportunities to partner with existing MSSPs or other providers to bundle services. Just make sure that your clients are fully aware of what you are (and aren’t) providing when it comes to security. That conversation can uncover new opportunities with your customers.
Whether an MSP ultimately transitions to an MSSP, builds a separate practice, or partners with another firm to offer managed security services — all are valid paths to achieving the goal of protecting their customers. Companies are already looking to their MSPs for help when it comes to security. If MSPs can expand their services portfolio to meet those needs, everyone benefits.
Neal Bradbury is Senior Director of Business Development for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for generating greater business value for the company’s MSP partner community and alliance partners.