Five things to consider before becoming a Managed Security Services Provider

 

If you’re involved in the world of IT security, it’s highly likely you’ve never been busier. With both the number and sophistication of malicious cyberattacks on the rise, keeping IT infrastructures and resources protected is an unrelenting task.

According to recent research by WatchGuard[1], network attacks surged more than 20% in the first quarter of 2021 alone. In this situation, finding the right solution for the right problem can seem overwhelming.

Increasingly, complexity seems to be a significant problem when working to obtain security efficacy. When that’s combined with a systemic shortage of security personnel, it’s somewhat of a perfect storm.

The rise of the MSSP

Those very same market dynamics are also driving the need and hyper-growth of Managed Security Service Providers (MSSPs). During the past two years, channel professionals have recognised these opportunities and have been working to build such business models.

It’s easy to understand why when you consider that the rewards of getting it right are significant, both from a security efficacy and efficiency perspective as well as from a financial one.

However, it’s important to realise that making the shift from being a Managed Service Provider (MSP) to an MSSP can involve some potential challenges. Here are five tips to help avoid them:

  1. Don’t promise the world:
    IT security is a complex and rapidly evolving area. For this reason, it is unwise for an MSSP to offer more than they can be confident of delivering. Focus on an intentionally discrete set of managed security services that your current customer base can benefit from. In addition, take a hard look into cash flow management and make sales commission adjustments to best meet the needs of the business.
  2. Understand how to add real business value:
    Satisfactory IT security outcomes sit at the intersection of people, processes, and technology, and these three vectors need to be completely understood to deliver true business value. Take time to understand how your firm delivers value in the choice of relevant technologies, how they work together, and how people will use them.

    Defining this clearly from the outset is critical. One advantage of partnering with an established MSSP is the exposure they have to a variety of customers and situations, which can help them drive best practices for others.

  3. Remember that cost is a critical factor:
    While great security is clearly important, it’s also vital that services are delivered in a more cost-effective way than competitors or even a customer’s own security department. Operational efficiency is at the crux of this business model, and MSSPs need to deliver better service, at a better price point, while still managing profitability.

    Areas to focus on include flexibility to buy, ease of management, and a single vendor to support your customer base. Look for vendors that understand revenue shifts cannot happen overnight when transitioning to a new model.

  4. Understand that MSSPs are not outsourcing companies:
    An MSSP is not the same as a company that does security outsourcing deals. The economics are different, the differentiations are different, and the expected profitability is different.

    MSSPs need to envision, operate, and deliver a service under the “one-to-many model”. That means there needs to be a high degree of replicability and transportability, which helps find the value-add, differentiation, and operational efficiency. This does not mean you can’t adapt to different customer situations, but it does mean you need to hone the model.

  5. Realise that every action has an impact:
    Few companies can put people, processes, and technologies together in a compelling format. When migrating to an MSSP model, having the right vendors matters. You need to be sure they have the technology portfolio to support your managed service, and that those products have been designed with the MSSP’s needs in mind.

    Products need to be multitenant-capable and deliver easy and centralised services together with enhanced manageability. A vendor also should have a business model that supports the MSSP business model, such as subscription-based billing, pay-as-you-go, and service provisioning elasticity.

In the Australian market, there are significant and increasing opportunities to grow a successful and profitable MSSP business. However, to achieve this, it is vital to have a clear understanding of the technologies you will be offering and how your services can be successfully scaled to match growth in customer numbers. Consider how an MSSP strategy could work for your company in 2022.

[1] https://www.watchguard.com/wgrd-resource-center/security-report-q1-2021

Anthony Daniel is Regional Director – Australia, New Zealand and Pacific Islands at WatchGuard Technologies. He has more than 15 years’ sales and senior account experience in the IT and telecommunications industry and is responsible for leading WatchGuard Technologies’ regional sales growth and business expansion while overseeing all aspects of management, including channel partner development, distribution strategy and revenue growth. He was previously Senior Regional Sales Manager for Australia, New Zealand and the Pacific Islands at SolarWinds and has also worked in senior sales management positions at Oracle, Vocus and Vodafone.