MSPs: Security a must-have

Managed service providers (MSPs) will lose out on business if they fail to provide customers with a security offering, according to two UK MSPs.

Mark Matthews, CEO at West Midlands-based ATG IT, said security was “the only door opener and the only differentiator nowadays”.

Speaking to MicroScope at MSP software vendor Continuum’s Navigate user event in Boston, Matthews said: “Traditional IT support has been done and talked about. When I say I can fix your computer, I can only do it cheaper or quicker than somebody else, whereas there aren’t that many players looking at security.”

However, he added that the path to acquiring the right security skills and certification, such as Cyber Essentials, wasn’t easy or cheap, so “not a lot of MSPs” were taking advantage of the opportunity.

This view was backed up by Mostyn Thomas, managing director of South Wales-based Astrix, which sold off its IT support and maintenance division earlier this year to focus solely on supplying security and compliance services to small IT firms, which then repackage them as their own.

“MSPs can be good at what they do, but it’s expensive to be in security, it’s a hard road,” said Thomas. “We’re supplying certification, compliance and risk management – it’s a different skillset. It’s a niche we’re developing, but it’s going really well.”

Matthews maintained that MSPs would have no choice but to offer security to customers, on top of any basic services such as antivirus (AV) and firewalls.

“If you don’t [offer security], the first time you have a breach, the customer is going to blame you. They’re going to ask, ‘Why haven’t you offered me this?’,” he said, going so far as to add: “You’d lose your business.”

Going one step further, Continuum CEO Michael George warned that failing to provide managed security could open MSPs up to legal action.

He said customers were suing their IT providers following cyber attacks, “because they thought they had security”.

“The customer doesn’t understand. They see AV and malware [protection] provided on their itemised bill, but they don’t understand how vulnerable they really are, or the sophistication of hacks,” he told MicroScope.

If the MSP isn’t sued, he said, “they will certainly lose the customer”.

Security was high on the agenda at the Continuum event, which has just expanded its newly released Continuum Security offering into Europe with support for the General Data Protection Regulation (GDPR).

IDC’s Worldwide Semiannual Security Spending Guide forecast that managed security would be the largest technology category in 2018, with firms spending nearly $18bn on it. In addition, managed security topped the list of technology categories likely to see the fastest spending growth this year.

Continuum believes its differentiator in a crowded market is providing MSPs with the tools and services required to deliver on the security and compliance needs of their SME customers, despite the current skills shortage and the associated costs of building a security practice.