Alexandru Chiriac / Shutterstock
show image

How to transition from being an MSP to an MSSP

The managed service provider (MSP) sector is in a state of flux. Around the world, clients are demanding ever more of their MSPs, particularly when it comes to security, and it’s inspiring providers to transform how they do business.

A recent survey by Barracuda MSP revealed that more than a third of providers say network security is now one of their top ranking managed services. In order to meet this demand, many MSPs are transitioning to a different model focused on security.

But being a managed security service provider (MSSP) brings with it its own set of challenges. Last month, we spoke to Rob Anderson, Barracuda MSP’s Solutions Engineering Manager, EMEA & APAC, to discuss the key issues at hand and how they can be overcome.

Hi Rob, thanks for joining us. What do you see as the key distinctions between a managed service provider (MSP) and a managed security service provider (MSSP)?

I see an MSSP as a service provider who tailors their offering to be security focused. This could be across a wide range of services from Email Security, Perimeter security like Firewall, Web Security and Application Security. Everything an MSSP does is focused on a ‘security first’ approach and they often focus on integrations between their security offerings to help automate their processes, while an MSP typically focuses on infrastructure and core services like remote management and monitoring, patching and AV deployment/support. 

What are the biggest challenges MSPs face as they transition to the MSSP model, and how can they be overcome?

Selecting the technology they want to offer and educating their team to sell, manage and support those products. There are multiple threat vectors that end users should be looking to protect and finding the right service to deliver that can be confusing. 

There is also a growing requirement for 24/7 response and support when it comes to security, choosing products that can help you make that step is really important. It’s very difficult for a smaller service provider to scale their offerings to meet these demands, if they partner with the right technology they can often leverage fully managed services to help scale their security offering. 

How does this visibility over data help them transition? What does it do differently, from a security aspect, to help simplify the transition?

Data governance is a growing concern for a lot of businesses today. The biggest challenge as IT teams go through digital transformation is keeping visibility on their data, not just understanding where the data resides but also what that data is and who has access to it.

There are technologies designed to automate your data governance in SaaS services like Office 365, allowing you to scan for specific data classifiers like payment card information, personal info, proprietary data and more. You can also run automated remediation to notify a user who is breaching your data governance policy, quarantine or even delete the data. 

What kind of training should be provided to MSP employees who are taking on new responsibilities as part of the transition?

The initial training for a product should be delivered by the vendor, giving the MSP the confidence to speak to their customers about the product. This could be for the sales team, pre-sales, support or marketing. 

Different people absorb information in a variety of ways. This could be video content, written documentation or self-paced learning. It’s important that service providers understand their teams’ requirements when it comes to education to drive the best results. 

Certified training can be a very positive process for an MSP. This often comes with added benefits from their chosen vendor and their employees feel the accomplishment of being officially certified with that specific technology. 

One of the biggest challenges with training employees is keeping it up to date and relevant. It shouldn’t be a case of completing the training just to say it’s done; this should be monitored on a regular basis and any opportunity to refresh that education should be taken.

We’re seeing a number of MSPs transitioning to the MSSP model. Clearly this trend predates the pandemic, but has it been accelerated by the recent rise in remote working and the associated security demands?

Although this has been an incredibly challenging time for everyone, I do believe it has accelerated digital transformation – opening up considerable opportunities for the MSSP community.

The initial demand that we saw back in March was the implementation of secure, remote working services for businesses to continue to function during lockdown. Over the last six months we have seen this change, companies are now migrating from on-premise infrastructure into hosted services faster than ever before and more companies are leveraging SaaS offerings, like Office 365, to transform the way their businesses function. 

With that migration to cloud services there are a different set of challenges businesses face – this is no longer a perimeter security problem and stretches much further. We have seen rapid adoption for SaaS data protection services, advanced email security offerings and zero trust technologies to ensure that wherever their staff are working, whatever device they use to access corporate services, they are secure.