WHAT’S NEXT FOR MSPS? It’s a question that many ask and which I prefer explaining in eras. Not geological periods thousands of years in length, but specific times in the evolution of managed services.
The Birth of the Managed Services Era
The idea of managed versus traditional break-fix services dates back to the early ’90s. Consider it the “Monitor All Things Era.” From 1995 to 2005, it defined most MSPs’ service offerings as many focused on providing a rapid response to outages. For the most part, monitoring included basic tools that simply told providers whether devices were on or off.
In those days, few businesses thought they needed protection from cybercriminals. There were a handful of massive-scale outbreaks like Code Red and Nimda, but the internet seemed to be a less hostile place. Powering off the dial-up modem was all the defense companies needed to stop an external attack, and firewalls were relatively rare and expensive.
The worst situation MSPs typically encountered was an inability to get customers up and running—mainly due to supply chain challenges, limited parts availability, and system failures.
The Managed Services Revolution Era
Like most uprisings, casualties are to be expected. Between 2005 and 2015, security and increasingly hostile internet threats emerged to alter MSP and IT services strategies. Monitoring was no longer sufficient. It became the “Secure All Things Era.”
As I like to point out in presentations, there is not a single MSP who isn’t providing security services—from adjusting firewalls to managing anti-virus. Everyone is in the security services game today.
Behind this revolution was the rapid deployment of “always on” internet delivery via DSL and cable modems. As speeds improved and businesses jumped online at a rapid rate, MSPs were forced to expand their discussions around firewalls and security services.
Dark criminal forces also began to assemble at a global level, targeting anything with an internet connection. It’s fair to say that MSPs and their customers, and even enterprise businesses, were unprepared for the cybercrime explosion. Suddenly, coordinated (or so it would seem) strikes and data breaches of all sizes were making front-page news.
For MSPs who were on the front lines during the birth of cybercrime, there appeared to be no easy solution—and there still isn’t. Customer praises had shifted to, “We haven’t experienced a security breach—our MSP is awesome!” Others were not as generous and fired their providers. And monitoring went from being a great advantage to a customer expectation.
Security was the story, the classic good cops (MSPs) versus the bad guys (cybercriminals). IT professionals feared seeing a customer end up on the front page of the local newspaper because a data breach took place on their watch.
The Managed Services Evolution Era
Since 2015, some MSPs and IT service providers have become extinct while others are continuing to thrive. I call this the “Defend All Things Era.” The industry that emerged had to deal with nitrous oxide-powered cybercrime, which created a hostile business environment for channel partners.
We now have “cybercrime as a service,” where Trojans, exploits, and ransomware payloads are prolific and available in subscription-based models mimicking the SaaS tools provided by legitimate vendors. MSPs are now forced to battle daily on behalf of their customers; one wrong click and a missed backup and they could lose that client.
The Managed Services Extinction Era?
I don’t think MSPs will die out anytime soon. With Gartner predicting that information security spending will reach $93 billion in 2018 and Zion Market Research estimating a 9.5 percent CAGR driving global cybersecurity outlays to $181.77 billion in 2021, vendors and providers have room to soldier on.
The low point may have come during the “Evolution Era” when channel risks peaked. Today, the survival instincts of MSPs, combined with greater channel support from vendors, are fueling a renewed fight against cybercrime. I’ve seen encouraging signs as suppliers step up their support programs and help MSPs upgrade customer education programs to counter these escalating threats. As they say, “Never give up; never surrender.”
IAN THORNTON-TRUMP is chief technology officer for Octopi Managed Services Inc., a Canadian managed security service provider and a cyberthreat research lab in the U.K. His extensive research and experience have made him a sought-after cybersecurity consultant specializing in cyber threat intelligence programs for small, medium, and enterprise organizations. Trump is also an executive council member of the CompTIA IT Security Community and the author of a forthcoming book on protecting SMBs from past, present, and future threats.
Opening Image: Pixabay