A surprisingly high percentage of participants in our latest reader survey say they offer managed security services or plan to, but it’s hard to tell if they define that term the same way experts do.By Rich Freeman
The security market is hot. Global outlays on security hardware, software, and services will grow from $73.7 billion last year to $101.6 billion in 2020, according to IDC. That’s an 8.3 percent CAGR, and over twice the rate of overall IT spending growth during the same period.
The managed security market is even hotter. Worldwide sales of managed security services will climb to $40.97 billion in 2022, according to Allied Market Research. That’s a 16.6 percent CAGR, or precisely twice the rate of overall security spending growth.
So it goes without saying that MSPs are scrambling to get in on managed security, right?
Yup. Or so it certainly seems, based on the results of our latest reader survey. After filtering out people who don’t offer managed services at present, we asked channel pros whether they provide managed security services now or plan to in the future. And get this:
Exactly half the respondents to our poll are managed security service providers already, and that figure edges past 59 percent when you factor in people planning to become MSSPs soon. Tack on the nearly one-third of channel pros who have definite plans to add a managed security practice eventually and you get to an utterly overwhelming 90+ percent, leaving just a tiny sliver of the MSP universe that doesn’t see the point.
The eagle-eyed among you have probably noticed a problem with this data by now though: The question we asked was worded kinda broadly. When the MSPs participating in our study say they’re offering managed security are they referring to proactive, remote, subscription-based services aimed at preventing data breaches from occurring and responding quickly when they do, which is what we had in mind? Or do they just mean that they make sure their clients all have firewalls?
“In the past, we have seen MSPs that would install a firewall and then setup an RMM [system] to poll it, much like they poll other network gear, and class that as managed,” says Ron Culler, CTO of Secure Designs Inc., a Greensboro, N.C.-based SMB security specialist.
A real managed service provider, however, not only monitors firewalls but keeps them patched and configured in accordance with the latest best practices too. They should probably ensure that backup, intrusion prevention, email encryption, and secure remote access solutions are all present as well, that logs are being maintained and reports generated for compliance purposes, and that employee security training programs are in place.
Can the self-identified MSSPs in our poll clear that bar? We’ll have to find out in a future survey.