How to become a security-centric MSP

MSP should consider it to be a journey, rather than a destination

by Brian Babineau, Senior Vice President and General Manager, Barracuda MSP

Brian Babineau, senior vice president and general manager of Barracuda MSP

Managed-services providers (MSPs) who don’t put security at the center of their services offerings may be missing out on the opportunity to reap their full benefits. With both a rapidly evolving universe of cyberthreats and an accelerated transition to remote and hybrid work environments, all organizations need to take a renewed look at their security profile.

MSPs can service their customers better (and increase their market share) by taking a security-centric approach to their business. But what does that mean, and more importantly, how does an MSP successfully make the transition? 

In most cases, this shift should be pretty straightforward, provided the MSP is mindful that instead of a destination, a security-centric approach is a journey in and of itself.

Being security-centric means more than just offering a firewall or data recovery services. Instead, security-centric MSPs view all of their IT services, tools, and processes through the lens of security. And, it’s not something that is ever ‘done’ with. To be successful, MSPs must continuously assess their security postures, their customers’ security postures, and identify areas for improvement – then do it all again. 

There are a few key areas where small changes and improvements will significantly expand an MSP’s ability to protect their clients’ data and applications. 

Security must be pervasive. Cybersecurity used to be an externally focused exercise—keep the potential threats outside of the network. With remote work, mobile devices, and cloud computing, that approach is no longer effective. A security-centric MSP must provide solutions that protect devices and data no matter where they reside, using various tools and strategies (like multi-factor authentication, zero-trust, etc.), and utilize those same tools and techniques internally. MSPs are increasingly the target of cyber-attacks because they can provide a gateway into multiple networks. Security should be woven into every service and activity the MSP touches.

Take a holistic approach. To expand on the point above, security approaches must grow from just protecting devices and applications to also protecting users and the data they access. Users may be working from home or in the office, doing so on a combination of various company-owned and personal devices. To promote productivity, MSPs should offer solutions that enable data to be accessed from these locations and devices, but with security top of mind. For example, solutions can be implemented to verify the identity, appropriate permissions to information and applications, as well as the security compliance of the devices in use, to ensure that while keeping a remote workforce productive, they are preventing users from making critical security errors without impeding their ability to work.

Provide secure cloud services. Cloud use was already on the rise before COVID-19 and has continued to grow even faster as remote work becomes the norm. Very few companies have in-house experts on cloud security, and public cloud providers have minimal responsibility for securing customer data and apps. MSPs with a robust cloud security portfolio can win in this market, as clients will be looking for a trusted partner that can do the heavy lifting of securing this new environment.

Offer a security-centric RMM service. Remote management and monitoring (RMM) tools are more than just a way to automate workflows and streamline MSP operations. RMM makes it easier to monitor the health and security of client networks while your security tools detect and minimize threats and can do so with a much lower risk of human error.

Build security services for the next threat. Cyberattacks have grown increasingly complex, agile, and difficult to detect using traditional firewalls and filters. MSPs must stay on top of emerging threats, anticipate new vulnerabilities, and provide solutions that can keep clients protected against these emerging types of attacks. Offer regular security assessments for clients to help identify vulnerabilities, along with employee training and attack simulations. Security solutions that leverage artificial intelligence (AI), machine learning and zero-trust approaches will also be critical. These systems provide greater levels of protection and the ability to learn and adapt as potential new threats are identified.

Becoming a security-centric MSP requires more than just adding new security tools to your portfolio. Remember, it is a journey rather than a destination. When you invest in security services, technology, and training (for both clients and staff) you will reap the rewards that come from putting security front and center.

Brian Babineau is Senior Vice President and General Manager for Barracuda MSP. In this role, he is responsible for the company’s managed services business, a dedicated team focused on enabling partners to easily deliver affordable IT solutions to customers.