Circle of distrust: the security challenge for managed service providers

It can be tough being a managed services partner (MSP). I don’t see how anyone reading the following figure from a survey of 400 MSPs around the world can think anything else: 96% are concerned their organisation could suffer a cyber security breach through which their clients’ IT systems could be compromised in the next 12 months. To put it another way, only 4% aren’t concerned.

When you consider we’re talking about cyber security, that’s a very worrying figure. It’s taken from MSPs speak: cyber security and the future role of the MSP, a survey conducted by VansonBourne for Acronis, which also highlighted a lack of trust between clients and MSPs, and between MSPs and vendors.

According to the survey, 49% of MSPs believe their clients did not completely trust the security of the services they provided, and 53% of MSPs did not completely trust the vendors they used to provide cyber security services. Forget the circle of trust, this is more like the supply chain of distrust.

It’s worth pointing out that with MSPs using an average of four vendors to provide cyber security, backup and/or disaster recovery (DR) services, and 30% using more than five, the lack of trust is of some concern.

MSPs are also struggling to justify rising fees to clients on the back of an average 19% increase in the cost of providing cyber security, backup and/or DR services in the past two years. Only 28% had managed to implement the cost increase without any problem.

The report attributed some of the cost increases to the rise in remote working, with a large majority believing it would prove a challenge to providing their services cost effectively.

The survey also found that more than half of respondents were not satisfied with the margins they were making from selling a range of services, such as endpoint security, governance, SaaS protection, email security, DR services, network security, consulting services and backup.

“Many MSPs are not yet achieving the profit margins they would like to from the services they sell, and this is a situation likely to be exacerbated further by the rise in remote work,” the report noted.

Remote working is also presenting a number of other challenges for MSPs. As many as 43% complained of a limited number of tools available to manage remote environments, and 39% were struggling to learn how to best protect technologies used by remote employees. Just under 40% said it had raised the cost of protecting clients, but 25% said clients didn’t want to pay the increased fee.

Many MSPs (70%) have consolidated the number of vendors they work with for cyber security, backup and/or DR services in the past two years, with only 1% having no plans to do so going forward.

The impetus for the trend towards consolidation is savings of up to $229,159 from lower licensing costs, training costs and employee documentation costs, along with a reduction of five hours in the time spent recovering from a cyber security breach or data loss incident in a client’s IT network.

Among the other benefits, 50% of survey respondents claimed integration made it easier to deal with and recover from security breaches in clients’ IT networks, and 45% said it reduced the risk of a successful cyber security breach.

When only 4% of MSPs can profess to a blithe indifference to the threat of a cyber security breach, anything that reduces risk and strengthens trust is bound to be attractive. It’s worth bearing in mind, however, that consolidation only works if the vendor is up to the task.

The danger is that instead of spreading the risk among a number of vendors, the MSP becomes more vulnerable to a much wider attack if the vendor it consolidates to is compromised. Like I said, it can be tough being an MSP.