Ask an MSP Expert

Q: In 2018, we want to grow our MSP business by adding managed security solutions to our portfolio. How can we make the move strategically, and what solutions should we add first?

Growing your portfolio can be challenging, but it can help you take your MSP business to the next level. In a study conducted by The 2112 Group and Barracuda MSP, only 15 percent of respondents offer some sort of security service today, but 62 percent are looking to add security services to their portfolio in the next 12 months. Today’s complex security landscape presents a tremendous opportunity for MSPs that are prepared to provide the security services customers need.

To get you advice on how you can strategically enter the managed security services space, we spoke to Neal Bradbury, the senior director of business development at Barracuda MSP, and a few of your MSP peers. Currently, Neal is vice chair on CompTIA’s IT Security Community, which shares content, tools, and best practices to help IT service providers successfully protect their customers against today’s evolving threats. He shared his thoughts on which security services MSPs should add to their portfolios first.

Security services your MSP peers are already offering

Every MSP is different in what they offer in their solution stack. According to The 2112 Group’s report, though, the top five security services that MSPs are already offering include, firewall or perimeter security, help desk, data loss prevention, backup and disaster recovery, and endpoint security/antivirus.

In a recent post Brent Fairbanks of Electronic and Computer Specialties Inc. said MSPs looking to add security services to their portfolios should “find a group of products that you are comfortable with and that are needed by all clients.” This allows you to maximize your time and your resources when you’re training technicians and onboarding new customers. 

Subscribe to

During a recent webinar, panelist Eric Wakkuri, the vice president of DS Tech, shared that when they bring on new customers their package typically includes 24/7 SOC monitoring, remote monitoring and management, mobile device management, cloud anti-virus, DNS threat protection, content filtering, firewall, malware scanning, intrusion prevention, daily network security audits, phishing and security awareness training, and dark web monitoring.

“When we meet with a customer, we show them a list of all their leaked usernames and passwords,” Wakkuri said. ””It’s a great way for them to start thinking about security, and we’re just showing them what hackers already have.” He explained this is different way to point out that their systems might not currently be protected as well as they think.

Security solutions you may already have in place

Adding security services to your portfolio might not be as challenging as you think, Neal said. It may surprise you to see that you already have some foundational security elements in place, like backup and disaster recovery. IT service providers often fail to think of BDR as a security product, but it’s really an extension of their security offerings, Neal explained. With today’s sophisticated threat landscape, backups could be the essential solution (and sometimes an SMB’s last chance) to save their business-critical data. The 2112 report found that only 29 percent of channel companies offer backup to their customers, though, showing that there is still a lot of room for MSP growth in this area.

To help illustrate the different stages of security, the CompTIA IT security community developed the chart below; this is not set in stone, but it is a great reference to see where you stand in regards to your security offering. As you get more involved in security you may find yourself having more offerings listed in comprehensive and advanced stages.  MSPs that are more vertically focused on Healthcare or Financial industries may find themselves already in both the foundational or advanced security stages.  As you contemplate which services to add to your portfolio, use this chart as a reference to make sure you are covering the basics in these areas.

3 security services that can make your portfolio standout

When you’re looking for security services to add to your portfolio, look for the solutions that will be the easiest to sell and will offer your SMB customers the most protection. Here are three security opportunities that MSPs should take advantage of:

Email security. Email-borne threats are more prevalent than ever before. In fact, 91 percent of cyberattacks start with a phishing email. So, not only is it important to educate your customers and their employees on email best practices, but you should also put security solutions in place to help prevent the attacks from happening in the first place. For example, instead of delivering an email with an embedded zero-day attack to a customer’s inbox, a solution with advanced threat protection sends the email to a sandbox environment to test malicious activity—and only safe messages and attachments will be sent to the end user. 

Subscribe to

Firewalls. Next-generation firewalls are an essential part of protecting today’s networks from sophisticated threats. While many SMBs may believe they are too small to be victim target, a recent Ponemon Institute report found that 61 percent of small businesses had fallen  victim to a cyberattack in the past 12 months. MSPs should offer a layered approach to security so they can protect SMBs’ networks from threats entering different vectors.

Dark Web monitoring tool. A dark web monitoring tool is an interesting way to offer your SMB prospects value up front. As Eric Wakkuri pointed out, this can help you show how their accounts have been compromised previously and what they can do to improve security moving forward. For example, individuals use variations of the same password for different accounts, so knowing which ones have been compromised can help you better protect the business. In conjunction with dark web monitoring, consider adding a password management tool to your portfolio.

Cybersecurity threats will continue to evolve over time, so it’s important as a managed service provider to continually assess what your SMB customers’ business needs will be. By starting with these three services, though, you can protect your SMBs across a variety of threat vectors and strategically set your MSP up for success.


Photo:  sdecoret / Shutterstock.

Lauren Beliveau

Posted by Lauren Beliveau

Lauren is a content and product marketer with several years of experience in the IT channel. She has created and developed content that helps managed service providers grow their business, and has written many articles featured in SmarterMSP’s The MSP’s Bookshelf and Ask an MSP Expert series.

Leave a reply

Your email address will not be published. Required fields are marked *