Andrea Danti - Fotolia
IT management software provider Continuum has solidified its plans to stand apart from competitors by focusing on cybersecurity -- a market it said will make or break MSP businesses in the next few years.
Continuum, which provides products such as remote monitoring and management software for managed services providers (MSPs), has been busy bolstering the security side of its portfolio. Recent activity has included the June acquisition of Carvir, a security vendor focused on MSPs.
At the Continuum Navigate 2018 conference, held this week in Boston, the company introduced a business plan template to help its partners make the pivot from traditional managed services to managed security.
"[Security] is, in many ways, the opportunity we have all been waiting for," said the company's CEO, Michael George, at Continuum Navigate 2018.
George said cybersecurity is catalyzing a widespread technological transformation in the IT services industry. He said he anticipates customers' growing cybersecurity needs will split the U.S. IT services market in two, where 20% of MSPs that can offer cybersecurity services will control 80% of the market by 2020.
As result, in George's view, the next few years will be a crucial period for traditional MSPs who either resist or embrace the call for more managed security services providers (MSSPs).
Cybersecurity a primary concern for small businesses
In a Continuum Navigate 2018 panel discussion, speakers pointed to many factors behind the cybersecurity market's growth, highlighting the increasing risks that small businesses face as a major driver.
"I don't know what the point of inflection was, but sometime in the last two or three years, these attacks ... that largely were relegated to large banks and insurance companies have now made their way into dentist offices and auto dealerships. We are talking about ransomware attacks that are prolific," said Mike Potts, CEO and president of Webroot, a cybersecurity vendor based in Broomfield, Colo., that integrates with Continuum's software.
"Small business has not invested nearly enough to properly protect themselves. So, it's a very vulnerable attack surface today, and it's fairly easy work" for attackers, George added.
George noted the attacks on small businesses are generally done randomly -- through phishing and social engineering attacks, for example -- rather than in targeted assaults.
"[Attackers] are not targeting that dentist office; they're targeting every dentist office with these massive scams. And they're profiting greatly from it," he said.
Is BDR a security product?
At Continuum Navigate 2018, Continuum CEO Michael George criticized the positioning of backup and disaster recovery (BDR) as a security product.
"Some vendors call their BDR 'data protection,' giving their customers a false sense of security," he said. "Calling a BDR data protection is like calling the sprinkler system fire protection. A BDR is not security -- in fact, it's something that is necessary when security fails."
He added that small-business customers are firing MSPs that use BDR products as security devices. MSPs should understand BDR, instead, as an insurance policy when security measures otherwise fail.
"True security is proactive, pre-emptive," he said.
'MSP' and 'MSSP' converge
Continuum Navigate 2018 speakers also discussed the converging concepts of MSP and MSSP business models, especially as it relates to the small-business owner's perspective.
David Murphysenior operating partner, Thoma Bravo
"I don't think this MSP [and] MSSP nomenclature is going to survive. You need both to do what you are trying to provide: business insurance and business continuity. And you need both to do them well," said David Murphy, senior operating partner at Thoma Bravo, a private equity investment firm based in Chicago. Thoma Bravo acquired Continuum from Summit Partners in 2017.
"The idea that you can be an MSP and not have contemplated how you provide some set of [security] services, I think, is an antiquated thought. I think equally you are going to see the MSSP be acquisitive on the rest of the IT management competencies that they need in order to survive," Murphy added.
The demand for cybersecurity will cause many small-business customers to look for one provider who can meet both their IT infrastructure and security needs.
"A small business is not going to go out and hire a traditional MSP and separately a managed security service provider. ... This will cause the separation for those who do and don't have it," George said.
Continuum Security: First steps for traditional MSPs
For traditional MSPs eager to make the transition into managed security, George recommended they start by offering end-user education and training.
"We encourage you to start to get your end customer informed [and] educated and make them part of the solution," he said.
George stressed that managed security also demands a layered approach. After providing end-user education, MSPs should then layer in "some endpoint protection. And then, obviously, what we are doing around identification and isolation and remediation is really the measure that is going to be necessary to protect the client," he noted.
George said about 600 Continuum MSP partners are currently protecting more than 100,000 endpoints using the Continuum security platform.