Cybersecurity has become the latest battleground where business is won and lost, according to SolarWinds MSP.
Speaking at the software company’s Empower MSP customer event in Amsterdam, general manager John Pagliuca, predicted a much greater level of churn among MSPs as the impact of a potential security breach creates friction with customers.
“SMBs are turning over managed service providers (MSPs) at a faster pace than ever before. In fact, the number one reason MSP loses a client is through a security breach. When an event happens, if the MSP isn’t providing a fully-layered security offering, they will be out the door,” he said.
“An MSP might agree to just offer basic break-fix services [for a customer] but if they have an event, then they assume it’s the MSP’s fault,” added Tim Brown, vice president, security architecture at SolarWinds MSP.
“[They think] ‘oh the MSP mustn’t be any good, I’m moving on. Why didn’t you protect me?’ As soon as something occurs, they lose trust in that provider and they switch.
Another scenario, Brown told Microscope, is that “if an MSP isn’t talking to their client about security, someone else will come in and take that business…If they’re not proactively talking to their clients about it, they’re going to get superseded by somebody that is.”
However, MSPs are as likely to sever any relationships with customers that don’t take up a full security offering, according to Pagliuca, due to the potential risk their reputations as a security provider.
“We’re going to see a split between the good MSP and the bad MSP. The good MSP is going to standardise and not compromise with the security offering they are giving folks,” he said. “If you’re an MSP and you’re not going to provide a full layered approach, you’re going to fire your customer.”
Addressing the skills shortage impacting the cybersecurity space, Pagliuca said some MSPs didn’t realise they are already offering many of the security services required by customers.
“MSPs…almost have an allergic reaction [to security]: ‘Well, I don’t have the skills set for it’. You’re confusing an MSP with a managed security service provider (MSSP). What are you doing to secure the network? Are you doing anti-virus? Backup / disaster recovery? Do you have a web filtering tool? Are you looking at the different vectors? Do you have a web filtering or an anti-spam product? If you’re providing those five things you are providing a level of security,” he said.
The difference between an MSP and an MSSP, he said, is an MSSP does more forensics and early threat detection. Pagliuca said SolarWinds MSP wants to help MSPs enter this by developing a light security information and event management (SIEM) product that will provide them with alerts.
“The MSP doesn’t have the skills set to manage a heavy SIEM, and it’s cumbersome. They would like something that’s dialled back, that’s in a pre-configured box that will give them the alerts, versus having to manage it,” he said.
“We’re actually looking at how we can extract some of that technology to leverage for the MSP.”
SolarWinds currently serves around 25,000 MSP customers worldwide – by far the largest customer base among the top MSP platform providers – after it acquired N-able’s on premise-based RMM platform in 2013 and cloud-based LogicNow three years later.
In his keynote address to customers, Pagliuca quoted figures from Gartner that estimate the SMB segment represents 44 percent of global IT spend.
He said a combination of cloud computing, the rise of the subscription economy and growth of free open source software has “democratised technology”.
“It’s lowered the floor for SMBs now. Where some might have spent €50,000, €100 000 on a piece of software, they can now get it for a couple of thousand dollars a month and demand the same kind of service a Fortune 1000 company would have,” he said.
He noted that the good news for MSPs however, was that the biggest problem for SMBs is IT scarcity, and that with those firms consuming more services than ever before “the need for an IT professional to help bridge that gap is more than ever.”
Get tips on vetting cybersecurity vendors
MSPAlliance launches a cyber risk rating system for MSPs