Guest Column | March 13, 2020

4 Predictions About Managed Security

By Jennifer Bleam, MSP Sales Revolution

security computer msp

In the year ahead, cybersecurity will continue to impact the channel in new ways. Some of these changes will be exciting and will represent significant revenue opportunities for the early adopters. Other changes are downright frightening, for the community and the global economy.

  1. Additional MSP-Focused Cyber Incidents. Within the past several months, we have seen an increase in MSP attacks. Sometimes the only victim is the IT company itself; other times, the client base (in part or in total) is impacted. These threats are growing in frequency and sophistication and sometimes leverage vulnerabilities in the tools the channel uses to run our companies. Within the next year, I foresee a single attack that impacts dozens (or even hundreds) of IT companies simultaneously.

    It’s very easy to imagine this scenario: a vulnerability is discovered (by bad actors) inside of a channel-based software solution. News of that vulnerability spreads through the dark web like wildfire — likely before the channel vendor can even verify that the vulnerability is legitimate.

    Three companies begin discussions and decide to form a loose joint venture. One company maintains an exhaustive database of MSPs, tied to which tools they currently use. They carefully curated this data over the past six months by scraping MSP websites and posing as IT companies on various social media communities. They estimate at least 2,000 companies use the affected piece of software and likely 1,500 have (at best) basic security stacks installed.

    Company number two is between projects, so they willingly dedicate their large team (with multiple skillsets) to the project. Company number three has a few genius coders. They have created a brand-new strain of ransomware, and they just found the perfect victims to test it on. They’re thrilled at the prospect of an enormous ransomware payout (split evenly) and the chance to ruin the reputation of an entire industry.

    This is not a far-fetched scenario, and the impact on our industry would be tremendous! It is crucial to get ahead of this threat and put layers of protection in place, not only to protect your company but your clients’ companies as well.
     
  2. Increased Cybersecurity Adoption. Now that the early adopters have demonstrated that cybersecurity can be sold to the SMB community, many IT companies realize that security isn’t merely a distraction from the day-to-day but that it represents the new normal. The increase in cyberthreats, growing commoditization in the MSP market, and channel- (and SMB-friendly) solutions create the perfect environment for more moderate MSPs to comfortably pursue the cybersecurity opportunity. We will see even more IT service providers begin to adopt security solutions and take security to market.

    This increased adoption trend will lead to even more solutions and vendors in the already crowded, confusing marketplace. However, IT service providers who can sort through the chaos will become more operationally mature, which is a significant point of differentiation in the marketplace.

    ​Vendors in this space will have several challenges related to this growth trend:
  • Sales teams, especially those who enter the channel after selling in the enterprise space, must learn to articulate the value proposition to service providers without using technical terms that only a seasoned security professional understands. The enterprise sale is vastly different from selling to the average MSP. Vendors who perfect their channel-centric messaging have a significant edge over those vendors who cannot translate their message.
     
  • IT service providers struggle to articulate the value of cybersecurity to their SMB clients. Unless vendors want to see significant churn (or are satisfied with their MSP partners deploying their security solutions to a small percentage of their base,) vendors must provide partner enablement resources. In short, the vendor has two sales to make: one to the channel partner, and one to the partner’s clients. A choice to focus on only one of these two sales is shortsighted.
  1. MSP-Specific Frameworks (And Maybe Requirements). The National Institute of Standards and Technology (NIST) is finalizing a recommended framework for MSPs. This makes sense since all governments are highly focused on protecting their nation’s infrastructure, supply chain, and economy. However, it’s not a stretch to see how this recommendation could be used as a foundation for dictating what is required. It would be an easy task to build a scoring system over this framework to illustrate a service provider’s cybersecurity maturity (and therefore its ability to deliver a quality security solution.) What better way to force service providers to get serious about cybersecurity — and help companies choose the best provider — than an independent scoring model based on an industry standard?
     
  2. Incident Response. Just a few years ago, many MSPs believed they had built a bulletproof stack. Today, the reality that threats can get through even the best defenses is widely known, often firsthand. And after an incident, companies must control the situation, discover what happened, and complete the cleanup effort. Delivering this type of service falls under IR (Incident Response.)

The savviest providers realize that the need for this type of service will only increase as our adversaries become more effective, likely faster than the channel will adopt security solutions. In addition, this service is needed urgently. Rarely does a company shop around; their primary goal is to get back up and running, which means that price becomes almost a non-issue, especially if there is an insurance company involved to cover the bill.

Until now, most IR firms weren’t willing to deal with small companies. There has been a shift in the marketplace over the past several months. Several vendors have IR offerings, and a handful of MSSPs are adding this level of service as an optional component of their stack.

The remainder of this year will certainly see some major changes in managed security. Time will tell whether the above predictions come true but no matter what happens, some companies will see explosive growth by leveraging the cybersecurity trends. And other companies will inevitably close due to security threats impacting their business.

About The Author

Jennifer Bleam is the owner and founder of MSP Sales Revolution.