The MSP+ Cybersecurity Framework, and its supporting playbooks, are designed to educate MSPs from newbies to very mature how to position cybersecurity with a strategy best attuned to their own maturity, using a vendor-neutral approach.
ConnectWise’s big announcement at the ConnectWise IT Explore partner conference today is the MSP+ Cybersecurity Framework, a cybersecurity framework created for MSPs. The MSP+ Cybersecurity Framework, and a supporting triad of playbooks, are designed to educate MSPs about cybersecurity and to position comprehensive security solutions to their customers. The framework and playbooks are designed to be vendor neutral and globally applicable, so they can be used by MSPs who don’t use ConnectWise as well.
The MSP+ Cybersecurity Framework is a compilation of the best-in-class, MSP-specific guidance from other well-known frameworks including NIST CSF, CIS 20, UK Cyber Essentials, and Australia’s Essential Eight.
“We looked at best practices across all the different frameworks,” said Jay Ryerse, VP, Cybersecurity Initiatives, ConnectWise. “None were designed specifically for MSPs. We created a model for MSPs based on those best practices.
“We then built a good better best model – for MSPs new to cybersecurity at one end through borderline MSSPs on the other, and showed them what a proper maturity model should look like, based on their stage of business,” he added.
The idea behind this is to provide a common framework for MSPs to both understand cybersecurity and position it effectively to customers.
“This is designed to highlight the need for our industry to deliver secure solutions,” Ryerse said. “Only 13% of MSPs are talking to their customers about cybersecurity – defined as talking about security above the level of a product problem. They don’t have the confidence to talk to clients about cybersecurity. This framework is designed to build that confidence, and drive cybersecurity revenue.”
There are three playbooks, at a Good, Better and Best level, and they cover 96 critical areas. Yellow is the ‘Good’ level, the fundamentals and is being announced at the event. Green, the ‘Better’ level, is out in August. Blue is the top level and is due in October at the latest
“The playbooks show them what privacy for example looks like, and how to implement it,” Ryerse said. “It allows standardizing on language and messaging around the delivery of secure services. There is nothing like it in our space.”
All the playbooks are free, and behind it within the framework, is education.
“We rolled out cybersecurity education earlier this year, which is the same as in the Yellow playbook,” Ryerse stated. “We put 3000 people through it this year with spectacular feedback from the MSPs.”
Ryerse emphasized that the MSP+ Cybersecurity Framework is designed to be vendor neutral, not to push ConnectWise offerings.
“We built this under IT Nation to maintain that vendor-agnostic view of the world, so the content applies if you are a partner of ours, or if you have never heard of us,” he said. “We don’t call out whose tech is the winner.”
Ryerse acknowledged that price is an objection when MSPs talk to SMB customers about more advanced security like SOCs, threat hunting and EDR, but said that the framework is specifically designed to address those issues.
“It’s about changing the conversation,” he said. “These items are expensive. But when you look at the cost of a cyberattack, the average one is $200,000. It’s all about how to coach MSPs how to have the right conversations with their end clients. Last year, our Vanson Bourne study showed that 93% of business owners would change MSPs to get the right cybersecurity – but most of them don’t know what the right cybersecurity is. This framework shows them the right cybersecurity.”
The MSP+ Cybersecurity Framework is part of a comprehensive new cybersecurity education and certification program called IT Nation Secure, an umbrella of offerings aligned to the framework that includes educational training and assets, thought leadership, information sharing, engagement and business building.
“IT Nation Secure, which we are launching today, brings you, your peers and industry experts together to talk security, said Craig Fulton, ConnectWise’s Chief Customer Officer. “We are demystifying that for you.”
“Our industry needs a common language for cybersecurity,” Ryerse concluded. “This allows MSPs to align under one set of goalposts regardless of whether they are new to security or have been delivering cybersecurity for years.”