As a managed IT services provider, you’ve served as the tech backbone of your clients for years, in a variety of ways. From RMM to BDR to security, your offerings provide small- and medium-sized businesses (SMBs) with the level of support, cost-efficiency and scalability they need to survive in the modern business world. Or so you hope.
"Putting the S in MSSP" is a weekly blog series that aims to set up MSPs to succeed as managed security services providers (MSSPs) by offering the insights and recommendations you need to profit from this new and important line of business. In part one of this series, we offered tips on how to properly define and deploy the three pillars of cybersecurity so you’re setting a solid foundation for your security services. In this post, we’ll highlight three major downsides to offering your clients security via a number of different vendors, and discuss best practices for implementing truly robust cybersecurity.
Traditionally, MSPs that offer security services have provided their clients with one-off solutions, such as proper password etiquette and anti-virus software. Unfortunately, this disparate approach to endpoint protection will no longer cut it in the rapidly evolving threat landscape. As you work to provide truly effective security services, the following points will help you understand what to avoid in order to keep your tactics modern and in your clients’ best interest. Here are three major downsides to managing multiple security vendors:
1. Barrier to Effective Training
The ideal managed security services offering will educate clients—through concentrated skills sets and services—on how to best combat cyber threats. The problem is, skilled information security professionals are costly and hard to come by today, leaving SMBs with security training barriers such as:
- 84 percent of employees are using personal email to send sensitive files and more than 50 percent expose company files or data by uploading to a cloud-based service such as Dropbox, according to this report from Ipswitch.
- 42 percent of employees would not know what to do if their business experienced a cyber attack and 41 percent do not fully understand cyber attacks (Nationwide Cybersecurity Survey).
- 19 percent of breaches are related to employee negligence (Cost of Data Breach Study).
- 47 percent of organizations do not have employee security-awareness and training programs (Global State of Information Security Survey 2017).
Without a fully managed security package that includes cybersecurity training support, you ultimately will be leaving your clients more vulnerable and unprepared for cyber attacks. Taking a disparate approach to security is different than finding one all-encompassing security provider. With the latter, you are supported with not only technology, but also cybersecurity education throughout the relationship. This level of security simply doesn’t exist when juggling multiple vendor relationships.
2. Lack of Flexibility
When MSPs have to manage multiple vendor relationships, transfer data between systems and attempt to price and package services that are being purchased and consumed differently, flexibility is nearly impossible.
It can be extremely difficult to find a formula that will allow you to effectively manage a variety of security environments. Using multiple security vendors will inevitably result in some clients having more security allocated than they need, and others not having enough or being priced out of the conversation due to costly hardware or hesitating to sign long-term agreements. Instead, MSPs should aim to offer one flexible solution that gets it “just right” for all endpoints being protected in order to enhance security capabilities.
3. Added Complexity
Since modern IT is more complex than ever before thanks to the explosion of the Internet of Things (IoT), the last thing MSSPs should do is add more complexity to the mix with their offering. Utilizing multiple security platforms will prevent your clients from being as efficient (and protected) as they could be. Becoming the fully managed security solution they truly need will garner key benefits, including:
- Faster and easier service delivery
- Decreased margin of error
- Simplified billing structure
- Cost savings
When it comes down to it, effective vulnerability management requires a comprehensive approach. Security fundamentally hinges on the way it is managed—and a noisy, inefficient security stack is just not a good look for today’s MSSP.
Click here to read part three of our series where we examine the lifecycle of a cyber attack from start to finish. Along the way, you’ll find key tips to help ensure your clients remain as protected as possible and can conduct business as usual.
By Lily Teplow
By Brian Downey
By Dave LeClair