Worawut - stock.adobe.com

MSPs caught between the risks and rewards of protecting customers

Managed service players are seen by some customers as the weak link but have the potential to strengthen user defences

Risk is becoming one of the key areas that could both benefit and hinder managed service providers as customers look to ensure suppliers are not creating any weak links.

On the one hand MSPs are in the firing line if a customer gets hit by a cyber attack and loses data in a breach but on the other those that are able to help protect data could well be more attractive to customers.

Both sides of the issue are on display with research from Gurucul revealing the fears customers have and a significant investment from Kaseya indicating the importance of helping MSPs reduce risk and deliver compliance for their customers.

Starting with the concerning findings from security player Gurucul, the firm’s research discovered that three quarters of firms are taking active steps to try to reduce risks posed by third party vendors.

When asked, 34% of IT security professionals highlighted MSPs as their main concern, viewing them as the potentially biggest risk to the organisation. System integrators and developers are second and third on the list.

With most MSPs managing a varied and wide customer base they make a prime target for cyber criminals and that fears around those risks are filtering down to customers.

“What’s most concerning is how reliant we are on third party vendors and how frequently they seem to be letting us down,” said Nilesh Dherange, CTO of Gurucul. "The fact that companies are having to take proactive steps against what should be a trusted partner is extremely concerning and, with breaches showing no sign of slowing down, it further highlights the dangers they pose for organisations.”

“With insider threats still one of the biggest and most concerning causes of data breaches, organisations need to account for an often-forgotten type of insider threat - third party vendors," he added.

The idea that MSPs could be blamed for breaches has already appeared as an issue with some managed service players getting fingered by customers that had been victims of ransomware attacks.

But there is clearly an opportunity for those MSPs that stake a claim to be data compliance experts and can talk to customers with authority about risk and data protection.

Kaseya has decided that this area is the next big opportunity and worth putting some serious money behind it.

The firm is dedicating $10m to set up a compliance business unit and has reached out to former CloudJumper staffer Max Pruger to take up the role of senior vice president and general manager of compliance.

“It has become increasingly apparent that compliance is the ‘Next Big Managed Service’ rapidly becoming a necessity for MSPs who want to remain competitive,” said Fred Voccola, CEO, Kaseya.

“Every MSP should offer compliance services. This is a blue ocean market that is ripe to be tapped and any MSP that doesn’t get into this game will sorely miss out. With Max Pruger at the helm of our compliance division, Kaseya and our customers are poised to take full advantage of this massive market opportunity,” he added.

Read more on Managed IT Services