Andrea Danti - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

MSPWorld 2016 highlights IT security opportunities, pitfalls

Although IT security has emerged as a top growth area for managed service providers, MSPWorld speakers warned against plunging headlong into the market.

ORLANDO, Fla. -- IT security ranks among the top opportunities for managed service providers this year, but companies need to carefully consider how they go about pursuing that business. That's the view of MSP and vendor executives participating in the MSPAlliance's MSPWorld conference, which runs here in Orlando through April 5. 

Charles Weaver, CEO of the MSPAlliance, said one can't peruse a newspaper or an online magazine without reading about a high-profile data breach or a story that deals with data protection. Security's higher profile translates into what Gartner estimates to be a $75-billion global information security market.

For MSPs, the opportunity is beginning to shift from traditionally security-conscious customers such as banks to more recently regulated industries that must toe the line on security.

"Financial institutions always understood," said Peter Kujawa, president of Locknet Managed IT Services, an MSP based in Onalaska, Wis., and a division of EO Johnson Business Technologies. "What we are seeing now is other industries ... understanding the need for security," he said, during an MSPWorld panel discussion on top growth areas for MSPs.

Kujawa pointed to the examples of large car dealerships that are now regulated under Dodd-Frank.

"We are seeing non-regulated businesses becoming newly regulated," he noted.

While the impulse among MSPs may be to quickly build a security practice, speakers at conference warned against plunging headlong into the market.

Strategies for MSPs new to security

Chuck Dubuque, senior director of product and solution marketing at Tintri, a maker of VM-aware storage products, said the best practice he has seen among the company's managed security service provider (MSSP) customers is to "have a strategy upfront and try not to be reactive on a customer-by-customer basis."

He noted that customers' security requirements can vary significantly. An MSP could, for example, develop an elaborate, multiple-layered security capability to meet the needs of a particular customer but end up reducing the flexibility of its overall infrastructure.

"Some of our MSPs spend a lot more on infrastructure than they want to ... and can quickly over-engineer something for a customer base that really doesn't need that level of security," Dubuque said.

Kujawa also noted the expense of running a security practice. He said his company's security engineers are its most expensive employees, adding that the company's personnel costs today are up 50% to 60% per FTE compared with four years ago. Last year, the company conducted compensation reviews every six months because of the market demand for security engineers.

If you decide to do [start a security practice], get ready for the cost -- the cost for people, the cost for infrastructure.
Peter Kujawapresident, Locknet Managed IT Services

"If you decide to do it, get ready for the cost -- the cost for people, the cost for infrastructure," Kujawa said. "There is a significant investment you are going to have to make."

Because of that level of investment, Kujawa suggested that MSPs new to security should consider partnering, rather than building a security operation on their own.

Eric Hulbert, co-founder of Opus Interactive, an MSP and cloud hosting company, agreed with that sentiment. "It is extremely expensive," he said. "Partnering first is going to be the best bet."

Onramps to the MSSP market

The need for partnering hasn't been lost on security as a service providers, who were demonstrating their technologies on MSPWorld's exhibition floor.

NetWatcher, for instance, offers a network monitoring service that it sells through MSPs. Scott Suhy, CEO at Defensative, the company that makes NetWatcher, said MSPs are the key channel for the service's intended end customers: businesses with 500 or fewer employees. He said the security as a service offering gives MSPs that may have been providing managed firewall services or patch management an onramp to higher-end security services.

"It's a way for an MSP to quickly become an MSSP," he said.

CensorNet, which provides Web and email security as a service, also targets MSPs. Ed Macnair, CEO at CensorNet, said he views MSPs as the ideal conduit to reach smaller organizations, which he said have been underserved in the security realm.

"MSPs are perfectly placed to actually service them and provide security," he said.

Next Steps

Should MSPs buy RMM software with security baked in?

Surveys suggest MSPs may find it pays to diversify.

Read about MSPs rethinking their portfolios.

Dig Deeper on MSP business model transformation