MSPs and SMEs – perfect security combination

SMEs often don’t have the time or the manpower to consistently adjust their security posture as new threats arise. This is what makes managed security providers the perfect fit.
Gregg Lalle, senior VP for international sales, ConnectWise
Gregg Lalle, senior VP for international sales, ConnectWise

The threat landscape in 2020 is one that has been massively broadened by the adoption of the fourth industrial revolution (4IR) technologies. These encompass everything from mobile technologies to cloud-based solutions, and deliver unprecedented levels of connectivity to businesses of all sizes, including small and medium enterprises (SMEs). In fact, these technologies now offer smaller operations the opportunity to compete on a more level playing field with large corporations, but they have, at the same time, opened these entities up to potential cyber attacks.

In fact, SMEs are the primary target for cyber attacks, perhaps because most are unprepared for it, thinking their size keeps them anonymous. However, those that do recognise the new threats they face are quickly realising the benefits of working with a managed security provider (MSP).

Gregg Lalle, senior VP for international sales at ConnectWise, points out that from an MSP point of view, security breaches that make headlines are one of the best ways such a provider can educate itself with regard to this market and the challenges it faces. However, he cautions, when selling services to them, the MSP should never try and sell a solution based on the fear generated by such news.

“There is no need to be a scaremonger; many SMEs are already seeking better cyber security services, and even those SMEs that already use an MSP admit they will switch to a new provider that offers them competitive rates and can provide a comprehensive security strategy. In fact, according to a study last year by Vanson Bourne: ‘The State of MSP Cybersecurity in 2019’, almost nine in 10 SMEs would consider using or moving to a new MSP that offered the ‘right’ cyber security solution. Moreover, they would pay an average of 27% more for that solution,” he says.

“Although the market is clearly there, MSPs must focus on educating the customer base as well. It is important to be honest and to explain to them that situations change and the tool sets also evolve. New solutions need to be regularly employed in order to offer real-time data and to be proactive in combating these threats as they get closer to home. A good MSP will not allow a client to leverage yesterday’s tools for today’s problems.”

He points out that it is well known that SMEs tend to only purchase the minimum security functionality they require. This is not only due to cost concerns, but also for the purposes of ease of use and a desire not to lose valuable revenue generation time undergoing various security authentications.

“Additional measures like multi-factor authentication, password protection and password rotation are often viewed as time-consuming and limiting to the end-user in a small operation. To this end, they will require the MSP not only to change this mindset, but also to provide training and recommendations around such implementations. It is important that they are shown in great detail exactly why they need to adhere to a strict security policy that demands these measures,” he says.

“Of course, if the MSP is going to change the SME’s security posture in any major way, it is imperative to get buy-in from all the key stakeholders. We are, after all, talking about a cultural shift within the business, caused by the implementation of proper security policies, procedures and technologies.”

Also, adds Lalle, bearing in mind that you are solving for a complex outcome, a total solution is required, as it will never be enough to simply provide them with a point solution. In addition, it is crucial for the MSP to be able to define a security vision for the client that will be effective both in the present and into the future.

“Ultimately, the MSP that does security right from the outset will have a significant advantage in the market, and this can then be maintained by investing in additional talent and differentiating its offering by focusing on critical issues such as ransomware, packet inspection and penetration testing.

“There can be little doubt that most SMEs require far better security than they currently have, and MSPs – with their strong relationships with vendor partners and ability to offer co-managed services – are ideally suited to provide this,” he concludes.

Download the Vanson Bourne report on SMEs leaving MSPs over cyber security here.

Share