MSPs have spent years building security practices around endpoints, networks, and the SOC. That model still matters, but not on its own.
At the RSA Conference in San Francisco, vendors told ChannelPro that cybersecurity risks are spreading. It’s not just confined to devices or networks. Risk now lives in users, data, identities, and places MSPs may not even be looking.
The shift is already underway, but the bigger question is whether MSPs are ready.
Security Is No Longer Tied to a Location
Murat Balaban
The idea of a fixed perimeter is fading fast. Work happens everywhere. So does risk. That locale shift is forcing vendors to rethink how to deliver security solutions.
Take Zenarmor. The network firewall solution provider aims to secure distributed environments without forcing traffic through centralized infrastructure.
“Every single organization right now, whether a large enterprise or a small business, they’re all distributed. They’re all mobile,” said Zenarmor Founder and CEO Murat Balaban. “Gone are the days when everybody was fixed in an office location. Today, when an organization ships a laptop to one of its employees, that organization instantly becomes a distributed organization.”
Asha Kalyur
Asha Kalyur, Zenarmor vice president of marketing, added: “Now the partners can run our entire SASE stack in their own infrastructure, unlike other SASE solutions today, where they have to depend on a vendor’s infrastructure.”
That change has real implications for MSPs. Traditional network security models don’t always fit a workforce that is constantly moving.
Nord Security is taking a similar view, but from a different angle. The company is expanding beyond its consumer roots into a broader security platform that includes identity, access, and now the browser itself. This is a real challenge, since companies often don’t know every application, tool, or website their employees are using for work or personal purposes.
Mantas Ulozas
“The secure browser gives visibility to all of these,” said Mantas Ulozas, chief business development officer of Nord Security. “Then, the admin and the owner of the company can feel more secure in knowing what is happening inside the tool or application where employees spend most of their day.”
These methods extend security beyond protecting endpoints or networks to how users interact with everything in between.
Identity, Data, and Humans Take Center Stage
Marco Muto
As the perimeter fades, new control points are emerging. Among them: identity, data, and the human element — that latter being the most unpredictable of all.
KnowBe4 is betting heavily on that last piece as it has expanded beyond security awareness training. It is now a leader in what it calls “human risk management,” explained Marco Muto, senior vice president of strategy at KnowBe4. “It’s everything from training to prevention to simulation testing to risk scoring. Then, tied into that is e-mail security, communication security, and anything that touches the human.”
Tim Freestone
Though that’s not a new reality, the stakes are rising as environments become more complex.
Kiteworks is seeing the same shift from a data perspective, especially as agentic AI enters the picture. The platform is positioning itself as a governance layer for how data is accessed and used. “It’s a completely new revenue line as far as I can tell,” revealed Chief Strategy Officer Tim Freestone. “Risk is driving action that wasn’t there before, and that risk-driving action is going to drive new revenue for the MSPs.”
That also means more responsibility. As agents introduce new risks, new guardrails are necessary. “We will train, enable, and provide white-glove treatment to all the MSPs that want to become trained and certified,” said Dave Byrnes, vice president of channels and alliances at Kiteworks.
David Byrnes
This shifts the model for MSPs. More than blocking threats, security governs how people, systems, and now agents interact with sensitive data.
Digital Risk Extends Beyond the Firewall
Security exposure is also expanding outward from the organization.
Mark Stevens
This is where ZeroFox enters the scene, with a focus on that external layer. The company has evolved into a broader digital risk protection platform, according to Mark Stevens, senior vice president of channels and alliances at ZeroFox. “We’ve moved from just social media and dark web monitoring to takedown services. We can take down anything that’s related to any malicious reputational harm globally and at scale.”
That capability is creating new service opportunities for MSPs and MSSPs, especially as threats become more targeted, Stevens shared.
“We do a lot of prioritization and human curation. That’s really critical because we’re ingesting 12 billion signals a day. That’s massive amounts of data,” he said. “To support our MSSP customers, it is really important that we lower the noise in terms of the alerts that they’re going to end up providing out to their customer base.”
This new type of security conversation is about people, reputation, and brand exposure.
What It Means for MSPs
The takeaway from RSAC is that endpoints still matter, but they are no longer the center of the story. Security is expanding in every direction into:
- Identity
- Data
- User behavior
- Far beyond the traditional network
For MSPs, that creates both pressure and opportunity. New services are emerging and additional revenue streams are forming, as are new expectations.
The challenge is to understand where security is going next, then develop services around it.
More ChannelPro coverage of RSAC 2026
➡️ MSPs Can’t Scale Without AI, Vendors Say at RSAC
➡️ Forget More Tools, MSPs Need More Margin and Vendors Are Listening
Featured image: Best — stock.adobe.com
