Becoming an MSSP: Is it Worth the Risk?

The quantity of Internet-borne threats is on the rise but protecting your customers with layered security and common-sense policies is still a winning strategy.

When it comes to the topic of security, there’s no lack of stories and stats to remind us how high the stakes are getting. Here’s one that stands out: According to the U.S. National Cyber Security Alliance, 60 percent of small businesses go out of business six months after a cyber-attack.

As a VAR or MSP, what do you do with that information? If you choose to give in to the fear that becoming your customers’ trusted security advisor (aka a managed security services provider or MSSP) then what? Wait for 60 percent of your customers to go out of business? And what about the remaining 40 percent that survive the cyber-attack? Many will still struggle financially for a while, which also could impact your business negatively.

Last month, I had the opportunity to participate in a data security panel discussion at the annual VARTECH event in Punta Cana, along with Nathan Sweaney, senior security consultant at Secure Ideas; Tom Bronson, president and CEO of Mastery Partners; and Warren Miller, NA channel sales manager at Zebra. One of the prevalent concerns expressed by the VARs, MSPs, and consultants in attendance was related to liability. In a nutshell, they’re aware of all the cyberthreats their customers face, they know that no security product is 100% failsafe and if a customer is breached, they could be held liable.

The panelists didn’t sugarcoat the fact that being an MSSP does come with risks and liability concerns. But they were also quick to point out that with well-defined SLAs (service level agreement), layered security tools, security policies, and liability insurance the risks were minimal.

If you’re a VAR/MSP who’s on the fence about selling security solutions, I’d like to challenge you to read the following two reports hot off the press from the XaaS (“Everything as a Service”) staff:

  1. Q4 2018 Security Update: Want Access to an IoT System? Try 123456. The reality is that cybercriminals still go for the lowest-hanging fruit such as default passwords and unpatched software. Even if your company only provided password and patch management services, you’d reduce the target on their backs by 85 percent, studies show.
  2. Endpoint Security Comparison: Avast, Bitdefender, Sophos. Be sure to check out Mike Monocello’s in-depth report showcasing the latest advances in technology from three leading security software vendors. You’ll be encouraged to see that these companies are taking your customers’ security (and your company’s reputation) seriously, and they’ve added machine learning algorithms and deep learning malware detection engines to their offerings. No longer do these products have to rely on known malware signatures to detect and quarantine a threat. They now have the intelligence to look beyond malware to the tools and techniques used by hackers and mitigate threats midstream. Additionally, they’re beating ransomware at its own game by creating a “vaccine” that causes ransomware programs to “believe” they’ve already infected a system, thus preventing it from attempting to infect the same system again.

Right now is an excellent time to consider adding managed security services to your business. Sure, there are risks, but with research and careful planning, as well as forging smart partnerships, you’ll minimize your risks and ensure the new direction for your business is successful.