The Pressure to Transform MSPs into MSSPs
Introduction
There is no doubt that the pressure to transform Managed Service Providers (MSPs) into Managed Security Service Providers (MSSPs) is mounting. Beyond the discussions around this “so-called” transformation, MSPs must address the growing need for managed security services in an era where cybersecurity threats are on the rise.
A SOC is a NOC
There are several schools of thought about how a Security Operation Center (SOC) should factor into an MSSP practice. At its core, a SOC serves a similar function to a Network Operation Center (NOC), providing the MSP with valuable insights about customer environments.
SOCs, like NOCs, are part software and part human. While the disciplines required to analyze security data may differ from other managed services offerings, if your MSP practice already has a NOC, you may be surprised at how straightforward it is to develop a SOC.
Build vs. Partner
Some of you may remember the widespread debate about whether MSPs should build or partner when developing a NOC. Common arguments for partnering include a lack of resources, the inability to staff it for the necessary hours, or a general lack of experience with a centralized, one-to-many services distribution model.
At one point, the pressure to become an MSP was so great that VARs, IT consultants, and other business models found it easier to partner with another MSP and use their NOC rather than invest the time and money to build their own.
You’re Doing it Already
Most MSPs are already offering some form of managed security solution. Whether it is traditional consulting, managing a firewall, providing antivirus, web filtering, or other security software, MSPs have long been involved in delivering security solutions, regardless of whether they consider themselves MSSPs.
Contrary to some claims, MSPs do not need a SOC to be considered MSSPs. Such designations are primarily based on marketing and not on any official naming convention.
Security is NOT a New Managed Services Business Model
Unlike the transformation from break/fix IT management to proactive managed IT services, incorporating security into your MSP practice does not require a fundamental restructuring of your business model. Offering security as a service remains a one-to-many concept. Managed security utilizes the same best practices as other managed offerings; it is simply focused on security.
MSPs should take a moment to step back from the hype and realize that entering the managed security sector is easier than it may seem.