Though their views differed in multiple respects, speakers at the latest quarterly SMB TechFest event in Anaheim, Calif., last week agreed wholeheartedly on this: The time to make security a specialty is now.
“There’s never been a better time to sell security,” said Karl Palachuk, owner of consultancy and MSP community operator Small Biz Thoughts, during a panel session at the show, which targets managed service providers and VARs serving small and midsize businesses.
Indeed, IDC expects businesses worldwide to spend $103.1 billion on security this year, and $133.8 billion in 2022. That makes it one of the hottest opportunities around at present, according to Dave Seibert, CIO of IT Innovators Inc., an MSP and solution provider in Irvine, Calif., and creator of the SMB TechFest series.
“Security is a model/discipline everyone needs to embrace to provide protection as our industry continues to grow,” he says. “I feel strongly on this need, and thus focused several sessions on this area.”
With businesses worldwide set to spend $21 billion this year specifically on managed security, according to IDC, Seibert dedicated a morning panel session at his Q3 event to best practices for transitioning from managed service provider (MSP) to managed security service provider (MSSP).
“Everyone is going to have to develop an MSSP practice, if you’re not already doing it,” said panelist Joshua Liberman, president of Net Sciences Inc., an MSP and managed security provider in Albuquerque, N.M.
What it means to be an MSSP was a subject of discussion during the session, though. According to Palachuk, most channel pros who call themselves MSSPs will in fact be MSPs offering white-label security services through a third-party vendor with deep security know-how. True MSSPs maintain state-of-the-art security operations centers staffed with high-priced cybersecurity experts.
“There are people in here who will do that, but probably only one or two,” Palachuk said.
Palachuk advised genuine MSSPs and managed security outsourcers alike to steer clear of the MSSP label, which he believes will more likely confuse end users than attract them. Fellow panelist Erick Simpson, a business transformation and improvement consultant for IT providers (and co-host of ChannelPro’s 5 Minute Roundup video podcast series), disagreed.
“There is value to using these acronyms, especially in marketing,” he said, noting that businesses are searching the web for MSSPs in growing numbers these days. Showing up among the results can help channel pros set themselves apart from the growing ranks of their peers as well.
“You need to establish how you are different and distinct than everyone else,” Simpson said.
Multiple Techfest speakers noted that there is risk as well as reward to launching a security practice. “Nothing you do right will matter if you do security wrong,” Liberman stated.
With cybercriminals increasingly targeting MSPs and the end user passwords they possess, Seibert notes, getting security right begins with putting your own tools and processes in order.
“There are several news stories during the last few months where MSPs were the successful target of hackers. This includes large and very large national MSPs where the result was the actual encryption of all their clients’ data,” he says. “We collectively need to secure our own MSP businesses.”