Transform from MSP to MSSP to offer cybersecurity services
The MSPs have a sweet spot for customer sizes that they manage. An average MSP has 120 customers with an average number of seats of 30 per customer under management.
Companies use MSPs for various reasons. An MSP acts as an outsourced IT department which is more economical than employing an IT department full-time.
There is a point when it becomes more economical for a company to employ its IT team in-house. This is when the company in question grows out of the mid-market.
Don’t get us wrong. There are large enterprise companies that are using MSPs but the sweet spot is the mid-market.
The reason why MSPs are the key to cybersecurity services in this sector
Thought of as a one-stop-shop for IT needs, the MSPs provide infrastructure-as-a-service as well as productivity, email and telephony. 95% of MSPs do provide some kind of security but this stops at the provision of a firewall on-premise and at the datacenter.
The mid-market doesn’t generally outsource its security to a dedicated security consulting company. Instead, they rely on the services of their MSP to protect them.
This is where service offerings from MSPs can be expanded.
Being able to package this up into a single offering along with the infrastructure services makes it more economical for the SMB. It also provides an extra service to be billed by the MSP.
Having the same people conducting both roles reduces the need to support the baseline salary levels of the team at the MSP because it’s packaged into a single offering.
The regional differences of the model
The MSP model is very regional. There is a good MSP market in North America, The UK, Australia, and New Zealand and part of Northern Europe. Elsewhere, the market is more resale-focused but cybersecurity is going to be the catalyst that brings the MSP model to the masses.
South East Asia and Latin America are starting to make progress when it comes to the services model. Eastern Europe are starting to take notice too.
The VARs that switch their model, or supplement it with services are the ones that are going to win.
How heavy is the lift to start offering cybersecurity services?
Depending on the services being offered by the MSP, the addition of cybersecurity services can be an easy evolution or a difficult one.
The lowest hanging fruit for offering cyber services to your customers is to provide automated vulnerability scanning and attack surface monitoring where it’s a set-it-and-forget-it action.
Each new customer that is onboarded has these services billed into their package and a report is produced every month to the customer.
This report details the known vulnerabilities and remediation requirements. The remediation requirements are provided by the software itself and very little knowledge is required to understand it.
Who does the remediation work?
This heavily depends on the type of vulnerability found and where the gap is in the customer’s security.
If the vulnerability is found in a web application, the report for this gets sent to the customer who then provides the details to their web team.
Once the vulnerability is fixed, the next scheduled scan of your customer’s assets will be able to show whether it’s been remediated or not.
If it finds network vulnerabilities, it’s going to be you or their on-site IT team that is responsible for the remediation.
Extra remediation work can be billed extra on top of automated services.
The cost of providing services
Everything has an underlying cost. Vendors provide tools to do these kinds of reports for your customers and expect an upfront investment from the MSP for the tooling.
We see this as unfair.
Why would you bill someone for something that they are not using?
This is why ResilientX provides the platform for free and bills only for what is used.
Every time you add a new customer and bill that customer, you can add the customer into the ResilientX platform and perform monthly reporting for them.
We provide a true MSP model which is to bill for only what you can bill to your customers.