With cyber threats mounting, security is one of the top IT concerns for SMBs and large enterprises alike. And just as those businesses are turning to cloud providers to cut costs and simplify operations in other areas of IT, security increasingly is being outsourced to managed security service providers.
According to PWC’s 2016 Global State of Information Security Survey, 69% of enterprises today use cloud-based cybersecurity services. If as an MSP you are not already in the managed security business, your competitors likely are. So not only are you missing a major opportunity to grow a new revenue stream, but you could be challenged to compete against MSPs that already have made security a core part of their portfolios.
And security concerns are growing. More than 30% of organizations said they suffered a security breach in 2015, according to a recent survey by IT security specialist Foursys. Fifty percent of respondents said they are “not properly equipped” to handle such attacks. An outsourced, cloud-based security solution is particularly suited to such enterprises. They not only need security software, processes and expertise—they need it in short order and without the requirement (and cost) to bring those capabilities in-house.
So, the question is…
How can I best leverage this opportunity to become a managed security service provider?
Consider taking advantage of outsourced cloud economics yourself and resell another MSP’s managed security service.
A couple of approaches stand out. One option is reselling a branded service, taking advantage of your partner’s security reputation to jumpstart your own security offering. Alternatively, many managed security service providers offer white label options, which will allow an MSP to quickly offer cloud security services under their own name. In either case, partnering with another (often larger) MSP can be a good way to add a high-margin security service to your portfolio without having to make a major capital investment ahead of revenue.
If the goal is building your own cloud security capabilities, look for strong partners while also understanding the full costs—software, systems and people—required to deliver such a mission-critical service.
While straightforward hosting is driven by commodity economics, the security business is a specialized market. It requires sophisticated and often expensive IT infrastructure and tools to make a full go of it. And then, thanks to redundancy requirements, plan to buy two of everything. Staffing costs are higher too, as security specialists demand a premium versus typical IT admins.
Choose a security focus that fits with your core business.
If you are just starting in the managed security business, take a measured approach. Reselling managed firewalls or antivirus systems may be as simple as installing and running another box; delivering full-fledged intrusion detection and response is a multi-layered service driven by complex SLAs and, at times, minute-by-minute client interactions. While it may be tempting to bundle managed security services on a one-off basis for high value clients, that’s a dangerous approach.
Treat managed security services as just that—a service. Build the infrastructure, service features, and pricing to support it across your entire client base, not just a single customer.
Take these initial steps and you’ll be off to a good start in building a new and successful managed security revenue stream. Given how mission-critical security has become these days, these are not steps to be taken lightly. You’re about to become one of your client’s most important partners, crucial not only to IT but also its overall business success. That’s a weighty role—but one that brings with it potentially significant new revenue opportunities. That’s a path well worth taking.