MSPs Expand Security Practices to Meet Demand: Kaspersky

The dramatic transition to remote work is forcing businesses to adopt new technologies and solutions, and MSPs are key to supporting that transition by eliminating tech worries from customer minds, particularly at a time when there continues to be an ongoing skills shortage and concern among organizations about being able to ensure their security, the report found.

“More reliance on technology has also seen increased understanding by businesses of the need for airtight cybersecurity to safeguard their data,” according to the authors. “With technology underpinning mission critical processes, it is vital that the connection between IT security and digital dependency is not underestimated.”

They wrote that the “reliance on digital continuity and complex distributed infrastructures, coupled with a lack of resources and skills, has increased concern among businesses about their ability to ensure cybersecurity. Attacks resulting in downtime, particularly ransomware and cryptolocker type attacks, were frequently mentioned by respondents as a key concern affecting their business.”

The findings in Kaspersky’s report mirror what market research firm Channelnomics has seen in its own research, according to Chris Gonsalves, senior vice president of research for the company. More than 60 percent of MSPs tell Channelnomics that their number-one priority is spinning up managed security services because of increased interest in the market, Gonsalves told Channel Insider.

That interest among companies is real, he said. Research into businesses that are undergoing either digital or cloud transformation efforts found that a key feature that these organizations want is greater security.

On both sides of the equation, there’s absolutely this imperative for managed service providers to become managed security services providers and spin up these kinds of practices,” Gonsalves said.

Becoming an MSSP Isn’t Easy

However, he added, “just because you can do something doesn’t mean you should and security is the ultimate example of this. Most MSPs are not prepared to become managed security service providers, not good ones. There’s a tremendous amount of responsibility when you present yourself to clients now as a security services provider.”

MSPs are taking on the responsibility of safeguarding clients’ systems in the best ways possible. At the same time, MSPs are increasingly becoming a target themselves, as bad actors want to take advantage of such tools as remote monitoring and management (RMM) software used by managed service providers to watch over their clients’ IT environments. By compromising the MSP, hackers get entrée into those client systems.

Given that, MSPs first need to ask themselves if they are capable of filling the role of an MSSP. They need to ensure their own systems and networks are secure by complying with frameworks like NIST CSF, that they are using all the safeguards on their own systems that they would recommend to their clients, and that they know their clients’ businesses well enough to assess the risks that are inherent in their particular industries.

In addition, MSP have to ensure that they have the necessary skills and expertise in place for such jobs as risk assessment and vulnerability management. The yawning skills gap in the cybersecurity field has been well documented and it’s one of the reasons why the demand for MSPs and MSSPs is so high, Gonsalves said.

Yes, there is high demand for MSPs and MSSPs to deliver security services and that opportunity for service providers is large. However, it comes with a word of caution, he said.

“Security is serious business,” Gonsalves said. “Many MSPs are not prepared to do what it takes, and you have to do some soul searching if what you want to do is spin up a managed security services practice, because you’re going to be responsible for safeguarding your client and that’s different than saying, ‘I’ll keep your networks running’ or ‘I’ll keep your laptops up and running.’ This is a domain unto itself and a serious business.”

Read the entire article, MSPs Expand Security Practices to Meet Demand: Kaspersky, at