Guest Column | January 25, 2021

How To Scale Your Security Business As An MSP


The need for cybersecurity is increasing and has become a crucial part of the MSP offering. This article provides ideas on how to scale your MSP’s security business, differentiate your offering, and enable higher margins – including more value for your customers, and less workload for you.

Client cybersecurity is the #1 issue keeping MSPs up at night – followed by economic uncertainty, work/life balance, hiring, and sales and marketing challenges.

As more businesses move to the cloud, the need for professional security solutions keeps growing. This affects MSPs serving SMEs (a study from insurance carrier Hiscox showed that 50% of SMEs had a breach last year, and 40% had multiple security-related incidents) as well as MSSPs offering more comprehensive solutions. To address the entire market, many MSPs add security services and technologies to their offering, and by that enter the MSSP market – which is expected to exceed $64 billion by 2025, according to MSP Market: Entering the Golden Age by William Blair.

Today, however, both enterprise-sized companies and the smallest businesses need a powerful security solution. With employees of organizations of all sizes are working from home (WFH), this need has been further accelerated.

This presents both a challenge and an opportunity for MSPs. And that opportunity is massive: for those MSPs targeting SMEs, this market will have grown to $200 billion in 2023, with a five-year CAGR of around 11%, according to the same study by William Blair. The question is, how to add security solutions effectively?

The “Must-Haves”

As an MSP looking to start or accelerate your cybersecurity initiative, you first need to focus on the cybersecurity “must-haves”. These are the foundation upon which your (and your clients’) cybersecurity is based, and are non-negotiables: firewalls for network protection, endpoint protection, and anti-spam for email – and recently an Advanced Threat Protection, (ATP) – layer has become a “must-have”, too. Gartner, for example, suggests that “With the rise of business email compromise (BEC)-type phishing, no secure email gateway (SEG) is 100% effective in blocking all attacks. This increase requires an additional email security solution for organizations with stringent email security needs.” Most SMEs for example, have the basic email security from Office 365 (EOP) which is insufficient, so they have to add an ATP layer on top of it. These products form the basis of an MSP’s cybersecurity strategy.

Creating Your Competitive Advantage

With many MSPs offering a similar bundle of products and services, the next question is: “How do I stand out?” How do you differentiate yourself from competitors, and where should your focus be? Some suggestions include:

  • Upgrade one of the “must-have” layers to offer something better than competitors
  • Offer an extremely competitive and advanced technology for one of these layers which provides exceptional value – far beyond the industry standard
  • Offer an advanced layer, solution, or service that your competitors don't offer, and charge a premium for that advanced layer. For example:
    • SIEM integration or orchestration
    • Alerting and reporting
    • Advanced Threat Protection (ATP) of additional communication channels such as enterprise chat, cloud storage, or video conferencing; each channel managed could be charged incrementally per unique channel
    • ATP services based on a country's unique privacy and end user monitoring laws; for example, using a solution based in EMEA versus the U.S to allow for data privacy constraints

With many MSP offerings becoming commoditized (more Office 365, anyone?), and with the increased challenge of standing out and offering value, carving out a niche in one of these areas is a great way to build a sustainable competitive advantage for your business.

The Impact Of Change

When considering the strategic moves your business can make, it’s important to assess their future impact across several metrics (such as revenue) but also on value-add for your clients and your employees’ day-to-day lives.

Consider the following questions when planning out your next cybersecurity-related steps and product offerings:

  • Will it add value to end users?
  • Will it increase or decrease my workload?
  • How simple is the deployment?
  • How much maintenance will it require?
  • Do I need any special in-house capabilities to support this?
  • Can I upsell, providing services that are easy for me to produce?
  • Does it allow a recurring revenue model?
  • Would it help grow my business in the long term?
  • Would it help reduce my risk?
  • Will it help in terms of compliance?

Perhaps most important is the question, “Will this solution or offering be a key differentiator for my company?” With much of the industry being commoditized in a sense – that is, offering a similar set of tools and products and therefore essentially competing on price – this value-adding impact becomes critical as a key differentiating factor. What’s more, when you take these next cybersecurity steps in a considered manner, you’ll find a positively reinforcing cycle of value add, happier clients, a reduction in stress, revenue growth, and business expansion.

Tips And Tools

Generally speaking, there are proven ways to ensure that the decisions you make regarding positioning your business are likely to pay off.

For example, select technologies that are flexible and scalable, and preferably SaaS-based, that can be added and removed easily. Stick to products that are easy to manage for you as an MSP. Some products are built to be “MSP-friendly”, by offering features like seeing the status of multiple customers at a glance. And ensure that products are easy to deploy, require minimal training, and make use of easy-to-use APIs. No one wants to be spending hours of frustration trying to implement a solution for a client, incurring their wrath as you disrupt their business, to install a technology that they can’t even see.

Products should offer basic reporting, keeping track of additions, moves, changes, and deletions, who has viewed, and value realization are important, too. You want to make sure it will be easy for you to manage and see what happens in each account and for the customer to realize the value of the product and your service and keep paying happily.

Scaling Your Security Business As An MSP

There are around 100,000 MSPs worldwide, and 20,000 to 40,000 in the U.S. alone, according to William Blair Equity Research of June 2020 and augmented by Gartner. Standing out is critical. The good news is that these researchers predict a “Golden Age” for MSPs over the next ten years – and with the right product strategy in place, now is the perfect time to scale your security business.

MSPi Liron Barak, BitDam 1220About The Author

Liron Barak is CEO and Co-Founder of BitDam.