NATIONAL HARBOR, MD — Security is a part of every managed service provider’s business. By the very nature of taking responsibility for a customer’s infrastructure, there’s an expectation that some sort of security consideration be included.

But at its Max 2015 conference here, RMM vendor LogicNow argued that not enough managed service providers are getting serious about security as a business and going to the next step of making security, itself, a managed service.

“Security is much more than antivirus on all their devices. We’ve moved way beyond that,” David Sobel, director of community at LogicNow, said in a conference keynote. “You need to be thinking about bundled security packaged as part of your overall solution, thinking about managed security.”

Managed security is increasingly viable because of increasing customer interest in security issues, and the tools for managed security are readily available, including as part of a stack from major RMM vendors, LogicNow included. Sobel suggested that customers will be expecting more and more security capabilities “either standalone or built into your existing offerings.”

Alistair Forbes, general manager for LogicNow, said that as an added bonus, having a true managed security practice — one advanced and complete enough that the MSSP delivers the fundamental managed services promise of taking ultimate liability for the asset being managed — also allows MSPs to move up-market. While a larger SMB or midmarket customer may have enough internal IT resources to manage desktop and network infrastructure, they may lack enough cycles, and enough specialized resources, to adequately address security, making them a target for managed security services, even if they’re not interested in device- or network-centric managed services.

Sobel suggested a three-point plan of attack for managed service provdiers to ramp up their security business.

First, he said, track everything — not just total revenue and revenue growth, but performance by service line. Understanding where the growth areas and the slowdown areas are allows MSPs to make more educated choices about where to invest time and energy.

Second, he suggested, take an agile development approach, and “offer new services on a rapid basis.”

“We find that the highest-performing solution providers get a service to the point where someone will buy it, get it in market, and then they refine in-market rather than waiting for it to be perfect,” he said.

Third, he advocated making specific people within the organization responsible for the security business. Not having people attached to the product means it won’t happen. But don’t go too far the other way, either. Make it everybody’s responsibility, and not much gets done either.

“We have to put actual people in charge to make sure it gets delivered,” Sobel said.

“By putting people specifically on managed security, getting it minimally-viable and getting in market, and closely tracking the growth, we’ll be more successful.”

The main-stage message on security was backed up by a breakout on the topic from LogicNow security chief Ian Trump that was voted as the one breakout to be repeated on the main stage during the final day’s keynote session. The presentation included advice on how to quickly stamp out the “low-hanging fruit” vulnerabilities in a client’s environment to focus time and effort on the harder-to-catch exploits.