The Opportunity and Challenges of Offering Managed Security

Do your customers have the solutions and services they need to protect themselves from cyberattacks?

security as a service

With new cyberattack vectors and new bad actors continually increasing, managed security – and skilled managed security services providers (MSSPs) are in demand. Researchers for Verizon’s 2022 Data Breach Investigations Report found a 13 percent increase in ransomware breaches – more than in the last five years combined. Furthermore, the Verizon report confirms that virtually every industry and businesses of all sizes are targets, including financial, healthcare, restaurants and hospitality, entertainment, construction, education, IT, manufacturing, mining, energy and utilities. Regardless of its size, the business or organization may lack in-house resources to address cybersecurity – and they are looking for help.

Challenges New Managed Security Providers Must Overcome

Chris Crellin, Senior Director of Product Management for Barracuda MSP, points out that many managed services providers (MSPs) and value-added resellers (VARs) are expanding their businesses to provide security solutions and services to meet widespread needs. As they evolve their businesses, they often face four challenges:


It takes knowledge and skill to provide security solutions or Security as a Service, and learning takes time.

“Security is not just about prevention. It’s about the ability to oversee and remediate threats, as well. There’s also a compliance angle that needs to be covered. MSPs also need to know how to put together a security framework that includes the right tools, policies and expert oversight to protect their customers effectively,” says Crellin. “That type of knowledge and experience isn’t achieved overnight.”

He points out, however, “While it’s always good to have some security expertise in-house to have in-depth conversations about security with customers, a dedicated security vendor can offer a sophisticated security management and monitoring service that gives the MSP and its customer’s peace of mind.”

“This can also enable an MSP to scale their business further, as it frees them up to focus on other areas of IT management for their customers,” he says.


Crellin says if you plan to hire security resources, be aware that expert staff may be difficult to find and “are in such demand that they’re even harder to keep.”

Also, don’t attempt to assign staff to security services part-time. Dedicated staff, says Crellin, is absolutely necessary. “In today’s landscape, businesses of all sizes are frequently under attack (whether they know it or not), and managing dozens or hundreds of customers means an MSP will always have to manage those threats. This includes, for example, monitoring, policy updates, and attack remediation. Additionally, the threat landscape is evolving and requires dedicated effort to ensure staff are up to speed on the latest threats and avoidance techniques.”


MSPs and VARs new to providing managed security must plan how to invest in and implement tools designed to protect and manage their customers’ systems. “The thought of securing, training on, and managing those tools and potential new vendors can be daunting to some MSPs,” Crellin says.

As you weigh your options, you may want to consider tools that automate some of the workloads you would otherwise have to fulfill. For example, MSPs can use tools to automate forensics and incident response in the wake of an attack.

Crellin says security-centric remote monitoring and management (RMM) platforms, like Barracuda Managed Workplace, can help automate some security areas, such as patch management and endpoint security management.

“MSPs should ensure that security tools work well with the management and monitoring tools,” Crellin comments. “These solutions must work together to provide a clear picture of what’s happening in any given customer’s environment at any moment.”

4Communicating Value

Crellin says another challenge that MSPs and VARs face when offering security solutions or managed security is learning how to sell it: “MSPs need to understand how important security is and use it as a differentiator against their competitors. When possible, MSPs should work with vendors to articulate that value proposition.”

Mastering how to communicate the value of the security solutions you provide, growing in knowledge, hiring skilled resources, and investing in the right tools, are challenging, but Crellin says they aren’t optional.

“More and more MSPs are moving into security out of necessity, and their customers expect it from them. Those that don’t find a way to fill that need will probably not survive unless they’re in a special niche,” he says.