A report published this week by ReportLinker forecasts that the global managed security services provider (MSSP) market will grow 17.5 percent on a compound annual basis through 2025 to be worth more than $18 billion. As impressive as that sounds, however, there’s reason to believe that $18 billion does not represent the full scope of the managed security services opportunity.
Most new IT projects being implemented today have more stringent security requirements. Although a recent study conducted by Barracuda MSP and The 2112 Group found that 85 percent of managed service providers don’t offer security services today, it’s only a matter of time before most of them need to manage and secure their customers’ environments. They may not have customers looking for a full portfolio of security services, but there will be an expectation that fundamentals such as managing firewalls and endpoint security are now table stakes.
Rethinking your approach to security
That expectation will lead to shift in how managed security services are delivered. While the average MSP could master managing firewalls and endpoints, there are a broad range of other security technologies that may prove too costly for the average MSP to master. To provide those capabilities, many MSPs will opt to resell the services of an MSSP that has the deep pockets needed to develop expertise across a much broader range of security technologies. In fact, it’s those MSSPs that will be driving investments in advanced security technologies based on machine learning algorithms. After all, the one thing those algorithms require to be successful is access to lots of data.
Going into 2018, most MSPs will need to reevaluate their approach to security. There isn’t a new customer opportunity that doesn’t include a security and compliance requirement. As such, most MSPs will be forced to improve their security game. The challenge will be to what degree an MSP will be able to pay a premium for those additional services.
Historically, security services have tended to be sold separately. Increasingly, security services will be bundled with the core managed service offering. Once a technology becomes part of a larger service, it’s usually not too long before the pressure on the margins attached to the service start to increase. Savvy MSPs will start thinking in terms of tiers of security services. Some of those services will be bundled in their core offering. But, those base-level security services should spur demand for higher-margin premium security services.
From a management perspective, security is a major challenge. There are events and incidents that need to be investigated daily. Finding and retaining IT professionals with IT security expertise also remains difficult. The simple fact of the matter is that every IT professional that works for an MSP now needs additional security training. The only way to rise to the IT security challenge is to increase the level of security expertise of the existing staff because cybersecurity expertise is already in chronic short supply. There is no IT security cavalry coming over the hill to save the industry. Instead, each MSP will be expected to save both themselves and their customers.