The idea that there are distinctly different business models around managed services and managed security services is somewhat misleading. Attempts to distinguish managed security as something wholly different from routine managed services offerings unnecessarily confuses the public and minimizes everyday MSPs and the work they do.
Modern Managed Security
It is sometimes easy to forget how far and fast technology advances. Just 25 years into the managed services profession and most of the technology has gone through several distinct advancements.
One great example is the SIEM as a service (sometimes referred to as SOC as a Service). Once a service only available to mid-market and enterprise customers, these SIEM solutions are rapidly becoming available to even the smallest of customers through their MSPs.
Now, most MSPs do not have an internal SIEM practice and will instead resell it from another provider. This is an excellent example of how previously enterprise-class security solutions are now becoming accessible to SMB customers through their MSPs. However, it would be a mistake to assume that the only security solution being offered by the MSP is the SIEM solution. There are many other services delivered by MSPs that impact security for the client.
Legacy Managed Services Always Involved Security
It is impossible to look back at 25 years of managed services and not see the unique way MSPs have delivered inherent security along with their core managed services. Even small MSPs would frequently manage Small Business Exchange servers bundled with cloud-based email filtering and security solutions during the early days of managed services. These same small MSPs would also commonly recommend, sell, provision, and manage security devices such as firewalls to protect office infrastructure.
Whether these services were marketed and sold as security is irrelevant. The point is, MSPs have always involved security in their core services, whether it was firewall management or the advisory services offered to clients.
The managed services profession is now at the point where SIEM as a service may not be sufficient by itself. MSPs dealing with rapidly changing users working from home can no longer rely solely on traditional firewall and SIEM solutions to protect customers. New security methods such as SASE are being embraced amongst enterprise clients and will soon be making their way down to SMB through the MSP community.
The point is this: MSPs do not need to be branded as “MSSPs” or Managed Security Service Providers” to be taken seriously. Each MSP will make a decision based on their internal expertise and the needs of the clients. If the MSP cannot fulfill everything internally, they will seek assistance from external sources, just as they have always done.