Is It Time for MSPs to Become MSSPs?

In the current cybersecurity and regulatory climate, it may be time to expand your security offerings into a full-blown security practice.

Just about every managed services provider (MSPs) offers some type of security service. It’s common to offer patch management and antivirus, and many provide managed firewall and email security. In the growing climate of cyberthreats, however, is that enough to address what many of your customers and prospects consider their number one risk?

Enterprise risk management (ERM) software provider LogicManager surveyed governance, risk and compliance professionals, and 72 percent responded that cybersecurity is their company’s greatest vulnerability. Cybersecurity also takes top priority due to the high costs associated with data breaches. Taking tech repairs and upgrades, legal fees, settlements and penalties into account, the average cost rose from $3.62 million in 2017 to $8 million in 2018. Moreover, that cost is likely to take a big jump in 2019. Fines imposed under the EU’s General Data Protection Regulation (GDPR) are up to nine digits. Marriott International received a $123 million fine for its 2018 data breach, and British Airways received a $230 million fine under GDPR.

Meet the Demand

Wayne Hunter, CEO of AvTek Solutions, Inc., and member of The ASCII Group, says, “For MSPs that are looking to scale their businesses both financially and in customer demographics, they must educate themselves and continue expanding the security offerings.”

He says AvTek began with research: “We educated ourselves and our sales team on what the security solution market is and what customers are looking for in a solution.”

Hunter says the next step was to determine how to enter the market with a plan to scale services. He adds that AvTek partnered to have access to a white-label platform that included tools and expert resources. “Smaller MSPs don’t have the resources to approach security without some type of white label service behind them or the knowledge to upsell the security operations center (SOC) platform. Combined with our resources, that allowed us to deliver a solution to our customers.”

The Key to Becoming an MSSP

According to Hunter, education is paramount when an MSP builds a security practice. “This may seem like an obvious statement, but it is the type of education that is required for the MSP to be successful that must be well-defined.  The vendors know the technical side very well, and technical training is fairly easy to achieve. However, how to market, generate leads and close business for security is where MSPs need the most help.”

He adds, “During our research, we found joining a community such as The ASCII Group helped us tremendously! The ASCII Group gave us access to vendors that were already vetted that focus on the success of MSPs.  However, the best thing that came out of it was getting to speak with a large community of MSP owners and staff that are either established or in the process of establishing security offerings and learning from them.”

Get Your House in Order Before Addressing Your Clients’ Security

Hunter stresses that while you are learning how to provide effective security solutions for your clients, you also need to evaluate security for your own operations. “An MSP should first look at their own company and determine what is required to protect themselves from the human errors and hackers that can put them out of business. That can provide a road map for what it means to be an MSSP customer and how they rely on you to do the same for them,” he says.

About The ASCII Group, Inc.
The ASCII Group is the premier community of North American MSPs, VARs and solution providers. The group has over 1,300 members located throughout the U.S. and Canada, and membership encompasses everyone from credentialed MSPs serving the SMB community to multi-location solution providers with a national reach. Founded in 1984, ASCII provides services to members including leveraged purchasing programs, education and training, marketing assistance, extensive peer interaction and more.  ASCII works with a vibrant ecosystem of major technology vendors that complement the ASCII community and support the mission of helping MSPs and VARs to grow their businesses. For more information, please visit

Mike Monocello

The former owner of a software development company and having more than a decade of experience writing for B2B IT solution providers, Mike is co-founder of Managed Services Journal (formerly XaaS Journal) and DevPro Journal.