Security is everywhere these days. At the MSPWorld Spring 2019 Conference in Austin, TX, there was a lot of discussion surrounding managed security and how MSPs can successfully enter this vertical market. In my opinion, it is not a question about whether MSPs should be in security, but rather how they should do it. Not participating in the managed security discussion is not an option for the MSP community.

Can MSPs Ignore Security?

The short answer is no. Ignoring security is almost unforgivable, and would destroy the trust a customer has in the MSP. If an MSP cannot provide some measure of guidance to a customer around security, that customer will seek out a different MSP who can render advice.

Not only is there revenue to be made in managed security, but there is also a more significant issue of being a general practitioner and knowing enough about security to help customers seek out the appropriate solutions, even if the MSP isn’t directly involved in delivering it.

MSPs Have Been Delivering Security For Years

Whether it has been managing firewalls, IDS/IPS systems, anti-virus, patching, MSPs have been involved in consulting and delivering managed security solutions to customers for a long time. As security has become more commonplace in recent years, the pressure for MSPs to become more involved in security solutions has also grown. And yet, there are still many ways MSPs can remain involved in delivering managed security offerings to customers without having to “sub-source” to another provider.

There are obvious solutions which most MSPs should not attempt on their own, like developing a SIEM. There are plenty of options related to outsourcing SIEM as a service products where MSPs can offer the solution but not be responsible for its delivery.

Security Does Not Mean Assuming Unnecessary Risk

As times and technology change, I believe MSPs have become less comfortable to assist customers unwilling to take appropriate steps to safeguard their IT assets, and instead look at MSPs as a means of offloading those risks; a practice I do not condone.

There is nothing inherently more risky about delivering managed security solutions today than a decade ago. What has changed is more people are talking about security, and more customers want to shift that responsibility to the MSP. MSPs need to make necessary changes to their operations and communicate with their clients to evaluate where the risk is.

Ultimately, customers are responsible for their IT environments. There is only so much liability they can outsource without being negligent.

Last week at MSPWorld we discussed a lot about the liability of managed security. There has always been liability associated with managed services, especially amongst the regulated markets. In an age where security discussions are happening all around us, MSPs need to step up and re-assert their role as guardians of data and security for their customers. If MSPs don’t do it, someone else will!

Tags : managed security,MSPs,MSPWorld

Post A Comment
YouTube Logo | MSPAlliance

Subscribe to MSPAlliance on YouTube!

Explore a world of valuable content, including full-length podcast episodes and clips, thought-provoking special interviews, immersive events, enriching webinars, live streams, and more.

Join our community on YouTube, subscribe to our channel, and elevate your MSP journey!

Mobile and Laptop device image of YouTube MSPAlliance Channel | MSPAlliance

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

First Name *
Last Name: *
Contact Email: *
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.





Contact us


510 Meadowmont Village Cir, #289 | Chapel Hill, NC 27517

MSP News

Sign up for MSP News, the weekly newsletter bringing you news and analysis from the managed services industry.