IT and Business Insights for SMB Solution Providers

MSP Versus MSSP

How can managed service providers turn booming demand for security expertise into a lucrative business opportunity by becoming managed security service providers? By Ellen Muraskin
Reader ROI: 
SECURITY DEBACLES like the Equifax breach spell opportunity for channel pros with specialized security expertise.
MANAGED SECURITY SERVICE PROVIDERS perform core tasks like capturing log data, performing routine backups, and patching.
TO BECOME AN MSSP, Computer Solutions East created an initial framework and gradually added services.
“MASTER” MSSPS LIKE SECURE DESIGNS INC. provide 24/7 NOC services on top of other core functions.

SEPTEMBER’S EQUIFAX BREACH is just the latest data security debacle to set records in size and scope. As we’ve heard so many times before, the company’s vulnerability lay not in breakthrough criminal technology, but in its failure to practice diligent patching and enforce established security measures.

That spells opportunity for channel pros willing to step up to address their clients’ security challenges and to assume patching and policing responsibilities. To those already in the service provider space, the move from MSP to MSSP may be well worth the additional certification requirements, new hires, and partnerships.

A managed security service provider, at a minimum, captures log data, understands how to read it, and sends it off to advanced specialist partners who complete more sophisticated forensics while taking responsibility for routine backups, anti-virus, patching, and user access and firewall management, as many MSPs already do. It also addresses the weakest security link in a typical organization by conducting end-user training.

Here’s a look at how two companies, using different springboards, are making the leap from MSP to MSSP.

Computer Solutions East: Differentiating Through Security

Luke Celente, managing partner of Computer Solutions East (CSE) Inc. in New Rochelle, N.Y., was feeling the pinch of managed services price wars. So, he decided to pull away from the pack racing to the bottom by becoming an MSSP.

The first step in that venture? Rebranding the firm’s services. “A lot of what we’ve been doing all along has been security-focused. It’s just not labeled that way,” says Celente, echoing a sentiment expressed by many MSPs. Starting in January, he intends to bundle backup, anti-virus, patch management, and other existing services; attach a name; and sell them as an MSSP offering.

He recognizes that current providers deliver other pieces of the security puzzle, so the next step will involve assessing the gaps. “As a big Microsoft partner, we’ll look at their enterprise security, Active Directory, mobility, and conditional access offerings.” Then he will decide what certifications and training his engineers need, and where they must partner with other providers.

The first gap to address will be filling the weakest link in clients’ security chain: employee education. “Part of meeting compliance requirements is conducting quarterly end-user training,” Celente notes. He would like to expand his team to provide that support, hopefully within the year, but will partner with others to offer that training at first.

Another gap Celente wants to pursue is log tracking and general IT forensics to supply the data for audits following a breach or breach attempt. After all, no channel pro can prevent every attack. “As an MSSP, we need to be able to capture the data, understand how to read the trail, and send it to an advanced security company that focuses on it full time,” Celente says.

He also intends to deploy mobile device management, starting with the introduction of Microsoft’s Intune product to his Office 365 customers who have implemented BYOD. “I use Microsoft as a great positioner to get that conversation started and shrink that attack surface,” Celente says, who emphasizes that providers need not do it all themselves. Penetration testing, intrusion prevention, and web proxy monitoring are three functions they can farm out to other experts.

“It’s a matter of creating your own framework and filling in the pieces internally or with partnerships, especially in the early stages. But you can make money along the way,” says Celente. “I find you become more profitable the more you partner.”

About the Author

Ellen Muraskin is a freelance writer based in Morris Plains, N.J.

 

ChannelPro SMB Magazine
SUBSCRIBE FREE!

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.