MSP or MSSP? Part 1: What To Know About MSP Security Before You Make the Leap


Yet another wave of high-profile cybersecurity data breaches (including EasyJetDeloitte, and Home Chef) underscore what all MSPs already know: security is one of the most important key functions in the information technology industry, no matter the size of your business or number of employees. If you’ve considered moving your Managed Service Provider (MSP) into the Managed Security Service Provider (MSSP) realm, both the opportunity and the stakes are higher than ever and require careful consideration.

Managed Security Services and Guidelines for MSPs

Utilize Email Authentication

Today there are many different options out there for ensuring email authentication. Email security is crucial, considering how frequently malicious emails pop up. Utilizing email authentication services can help to close any cyber security gaps you may have. These managed services help to keep your corporate network secure from possible viruses, malware, and hacking.

Ensure Employees Are Properly Trained

Human error is the leading cause of data breaches. Data breaches can vary in scale and severity, but regardless of how small or large a data breach is, they can create headaches for you, your employees, and your clients. Suppose a client’s data is compromised due to a security breach; not only can that hurt your business at large, but it can also create tension with your client. With highly skilled and adequately trained employees, managed detection systems become easier to implement, and data breaches become less likely to occur.

Perform Consistent Cyber Security Audits

The role of an MSP business in cyber security is vital. Not only do MSP businesses need to understand lateral movements and ever-changing client systems, but they also need to have a firm comprehension of onboarding and offboarding protocols. Cyber resilience is not easy, but it is absolutely necessary. With consistent cyber security audits, you can help to ensure high levels of endpoint security are maintained.

Detect And Neutralize Threats

The best way to detect and neutralize threats is to be proactive. Rather than waiting for malicious activity and then responding to it, MSPs can utilize endpoint detection systems and patch management systems to get ahead of the problem before it arises. Consider installing firewalls and managed security services like antivirus scanning systems to keep things secure.

Adding Security to the MSP Experience

Back in December, before the coronavirus pandemic registered on anyone’s radar, Liongard founder and CEO Joe Alapat predicted that 2020 would be the year that many managed service providers would decide whether they would offer increased security measures or continue to outsource to a third party. Now that COVID-19 has abruptly forced a mass migration to telecommuting, keeping employees’ additional personal devices and home networks secure has added more cybersecurity surface area to cover and another layer of complexity to the Managed Service Provider and Managed Security Service Provider spaces.

From a customer standpoint, expectations are on the rise. Of course, there’s a certain baseline expectation that exists already that your Managed Service Provider will be able to handle your business’s customer data responsibly. (If you’re not baking security into your product offerings as an MSP, you’re putting your customers and yourself at risk.) But now, many customers who sign up would like their MSP to become a one-stop-shop for all information technology support, including MSP security services that protect hackers from accessing sensitive data.

To meet these growing demands, some Managed Service Providers have chosen to branch out into the Managed Security Service Provider space with tiered offerings or package deals that include information security expertise for specific clients. This leads to additional sales opportunities for MSPs but also comes with additional responsibilities and liabilities.

Cyberattacks increasing since the COVID-19 pandemic began, coupled with higher customer expectations, give MSPs something to think about moving forward. With an estimated 68% of major organizations (public and private) planning to increase cybersecurity spending in response to the pandemic, there is undoubtedly an opportunity for MSPs to expand their global cybersecurity services. But it’s not a decision to take lightly.

Operating Procedures for MSSP Success

Prior to joining Liongard, I worked at IT Freedom for 11 years. From the start, our MSP felt we could only serve our customers effectively with standardized endpoint antivirus and off-site cloud backup solutions. Those offerings were non-negotiable in order to cover the unavoidable risks that come with delivering information technology services. As we grew, we gained additional customers in the financial and medical spaces, as well as a number of successful startups. Each of those verticals came with unique security challenges. That’s what drove our growth into the MSSP realm. As security threats got more sophisticated, we knew we had to increase our capabilities, so adding more advanced firewall solutions, endpoint protection, and monitoring to our MSP security services was just a natural progression.

The transition went well, but there were certainly challenges along the way—and that’s to be expected for any MSP expanding into more advanced security offerings. Over the years, we ended up building out several of our own security-focused tools simply because packaged solutions didn’t exist at that time.

Fortunately, MSPs today have much richer options for platforms that offer advanced monitoring, change detection, and more—and that’s where Liongard makes an impact. Its automated documentation, custom alert generation, and reporting capabilities eliminate manual tasks, proactively address critical changes and allow MSPs streamlined management of their myriad clients’ environments. And for MSSPs, it provides that solid foundation of visibility and auditability as to how systems are configured and what changed when.

Plan Your Work, Then Work Your Plan

Bottom line: Being an MSSP can mean a lot of different things. Don’t just sign up and jump on the bandwagon because an opportunity exists—FOMO can’t be your business’s driving force. Instead, focus on your MSP’s goals, the specific outcome that you want to deliver to customers, and what will be uniquely compelling about it—then validate that with your MSP’s customer base. The type of customers your company serves—or those you want to serve in the future—will play a large part in your decision as to whether to become an MSSP. Ask yourself, “Will not being an MSSP become a liability for your clients in industries with high data security needs like healthcare, government, and finance?”

Fully Utilized Resources

Creating a solid plan and an even firmer foundation will be the keys to your MSP’s success if you want to make the leap into the MSSP space. If you’re still on the fence about your next move, stay tuned for MSP or MSSP? Part 2: How to Decide if You’re Ready. I’ll cover the pros and cons of making this transition from MSP to MSSP, as well as how to solidify your security foundation for your customers, regardless of whether you stick to your MSP’s core competencies or branch out further.

Until then, visit our Trust Center to learn more about how Liongard’s got your back when it comes to global security, privacy, and compliance standards.


Get The Latest Insights Delivered To Your Inbox

Liongard needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. To review our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.