MSPs have to address the security dimension

MSPs need to ensure they can deliver effective security services and convince customers to take the issue seriously if they don’t want to lose clients in the event of a breach or incident.

Speaking at the SolarWinds MSP Empower MSP event in Amsterdam, Tim Brown, the vendor’s VP of security, warned that security was one of the main reasons why MSPs could lose customers.

“Security needs to be top of mind and MSPs need to get comfortable talking about it, managing it and taking it seriously for their clients because clients will leave if they don’t get it right,” he warned.

His comments came as the vendor sought to burnish its security credentials with the announcement of a partnership with Sentinel One, a fortnight after the acquisition of password management vendor PassPortal.

EVP John Pagliuca argued that as SMBs became a bigger target for cyber criminals, the onus would grow on MSPs to help prevent security incidents and protect their infrastructure.

SolarWinds MSP has also developed the Threat Monitoring Service Programme to enable MSPs to partner with MSSPs (managed security service partners) to help them deliver threat monitoring. “MSPs get it,” Pagliuca said. “Security is complicated, the model we have allows MSPs to retain customers and continue to be a trusted adviser.”

Senior director Dave Sobel described security as “a complicated topic”, adding that “in some cases, MSPs may not be comfortable building up in-house experience”. The TMSP programme allowed them to partner with “best of breed MSSPs…to help deliver services on your behalf but under your brand.”

He suggested there was a substantial need for the service. “We’re ramping up and signing up MSPs to help them out. We’re responding to the demand,” Sobel stated.

Brown claimed it was “a big differentiator” for SolarWinds MSP. “The MSP can focus on IT functions and the MSSP can focus on the security function, they can work together and share margin.”

Richard McDonald, CEO at NetConsult, which specialises in financial services businesses said it was “almost impossible” to get some clients to recognise the importance of security: “They think it’s just a sales pitch and they don’t really need it.”

But he stressed that security had to “be embedded into the culture” of MSPs and they needed to have an ethos and mentality of security inside their organisations.

Carl Henriksen, founder and director of OryxAlign, said that MSPs should always have a security focus in their business, irrespective of whether they took the further step of becoming a MSSP. “An MSP should be security oriented anyway,” he remarked. “I don’t think we need to take that step. Everything we do is secured.”

Brown likened IT security to fire insurance and said companies should spend a similar amount on cyber security. People paid for fire insurance even though they were not very likely to be affected by a fire, “but if you don’t have a password on your firewall, it’s extremely likely [you’ll be attacked]. Some clients won’t listen until they have an event.”