There is no doubt that there is a lot of pressure today around turning managed service providers into managed security service providers. Beyond the discussions around this “so-called” transformation (more on this later), MSPs need to address the need for managed security services in an age where cyber-security is unmistakably on the rise. Here are a few topics to be presented at the next MSPWorld Conference, all designed to help MSPs enter the managed security sector.
A SOC is a NOC
There are several schools of thought about how a Security Operation Center (SOC) should factor into an MSSP practice. At its most basic element, a SOC serves a similar function to a Network Operation Center (NOC), providing the MSP with valuable about a customer object.
SOCs are part software and part human, just like a NOC, although the disciplines required to analyze security data may be different from other managed services offerings. If your MSP practice does have a NOC, you may be surprised at how easy it is to develop a SOC.
Build vs. Partner
Some of you are old enough to remember the widespread debate some years back about whether MSPs should build or partner when developing a NOC. Obvious arguments for partnering for a NOC (or SOC) include lack of resources, inability to staff it for the hours needed, or general lack of experience to understand the mechanisms of a centralized, one-to-many services distribution model.
At one point, the pressure to become an MSP was so great that VARs, IT consultants, and other business models decided it was easier to partner with another MSP and use their NOC rather than spend the time and money and do it themselves.
You’re Doing it Already
Most MSPs are already offering some form of managed security solution. Whether it is traditional consulting, managing a firewall, providing some anti-virus, web filtering or other security software, MSPs have long been involved in delivering security solutions, regardless of whether they consider themselves to be MSSPs or not.
Claims to the contrary aside, MSPs do not have to have a SOC to be an MSSP. SUch designations are primarily based on marketing anyway, and not on some official naming convention.
Security is NOT a New Managed Services Business Model
Unlike the transformation from break/fix IT management to proactive managed IT services, incorporating security into your MSP practice does not require a fundamental restructuring of your business model. Offering security as a service is still a one-to-many concept. Managed security utilizes the same best practices as other managed offerings; it’s just focused on security.
MSPs should take a moment and back away from all the hype and realize that getting into the managed security game is a lot easier than you may think.
Attend MSPWorld to learn more about developing your managed security practice.