From MSP To MSSP: Expectations Vs. Reality
By Dustin Statz, Infogressive
Are you struggling as an MSP owner to deliver security services to your clients?
I’ve been in your shoes. In my most recent position I was tasked as Director of Business Development for a startup that wanted to become a full-fledged MSSP to deliver security services to the sister MSP company, as well as net new clients. What I experienced was nothing short of a seemingly endless hill climb into the elevation where Oxygen would be needed but had none. At the time, our MSP was servicing clients in multiple verticals with very important PII at stake including law firms, corporate real estate, title companies, pharmaceutical, and so on.
Clients were asking for security, heck, they were demanding it of us. While at the time it seemed simple: Purchase product and licensing from a large InfoSec company and build it from the ground up. How hard could it be? In short, very, very difficult, time consuming, and much more expensive than you as an MSP owner are ready to take on.
I realized very quickly this was going to take years of effort to build, and a much different strategy than the owners were willing to pivot to or invest in. Months later, after meeting Infogressive’s CEO Justin Kallhoff at an IoTSSA event, it became quite clear. Justin made the statement during a round table discussion that really hit home: “You as MSP owners, or anyone tasked with addressing the elephant in the room of security, have three options.”
- Build an MSSP. This has taken Infogressive 12 years through a journey of growth and development, SUBSTANTIAL investment in tools, resources, and expensive talent that has an industry-wide, 0 percent rate of unemployment. I know, I tried to do this first hand, and let me tell you, it sucks.
- Buy an MSSP. Perhaps you are one of the more successful MSP owners or serial entrepreneurs in the field and have the cash or investors needed to acquire such a company that is already operationally mature enough to add that value to your business portfolio. Do you then have the stomach to pay three to four times revenue (or higher, if they have Intellectual Property)?
- Partner with an MSSP. This to me is the most obvious choice. Managed Security Services Providers focus on one thing, and one thing alone: Security. By partnering with an industry expert firm you gain access to all the enterprise grade tools, intellectual talent, and experience needed to service your client base. You also are then able to retain the relationships with your clients and even the revenue/margin from the delivery of security services while maintaining a “separation of church and state,” or at least avoiding the perception that you as the MSP are “grading your own homework.”
Now that you’ve arrived at your three choices, it’s up to you to determine your next step. As someone who has been in your shoes, I arrived at the obvious solution, to partner with an MSSP. As a “Master Managed Security Services Provider,” we’ve gone through the painstaking process of identifying which security services are best in breed, worked hand in hand with the vendors/manufacturers to scale pricing to the SMB level, all while delivering enterprise level solutions that MSP’s can leverage to their clients down market.
About The Author
Dustin Statz is a Channel Account Manager at Infogressive Inc., a Master MSSP established in 2006 in Lincoln, NE. Prior to joining Infogressive, Dustin spent nearly a decade in the channel with varying roles in sales & leadership at an HPE Distributor, Director of Sales for a cloud & automation services startup, and two MSP’s while most recently being tasked with building an MSSP from the ground up.
Infogressive Inc. is a cybersecurity provider that provides it’s MSP partners an effective and scalable full-suite of security services to protect their clients, the tools and resources to grow their reoccurring revenue and a direct line to highly trained engineers. Infogressive’s focus is their partners’ success by adding value to their clients with security, moving to a proactive state to save time from repairing compromises and staying on top of the ever-changing threat landscape so you don't have to.