As the number of cyberattacks targeting small and medium-sized businesses (SMBs) increases, there is more pressure to protect against those attacks. That's why MSPs handling the IT needs of these businesses must place security at the top of their priority list. One way to build a strong security offering is from the ground up, starting with one of the most fundamental tools used by and MSP – their remote monitoring and management (RMM) solution.
A security-centric RMM can help ensure that security is reliably addressed across all of an MSP’s activities. In a new eBook, The MSP’s Guide to Strengthening Managed Security Services with Security-Centric RMM, Barracuda MSP outlines three reasons why this is important.
- Threats are increasing every day, especially for SMBs. In 2018, an average of 34 percent of SMB organizations reported being the target of a cyber incident; in 2019, that number rose to 52 percent. The attacks have also become more targeted and sophisticated.
- SMBs are ready to address these attacks. More small businesses now understand just how costly these attacks can be in the long run and are willing to invest in the resources required to prevent them. According to the data Barracuda gathered for the eBook, SMB security spend is only going to increase, and roughly a third of it could be headed toward security outsourcing and consulting. That represents a massive opportunity for MSPs.
- RMM solutions already provide some level of security protection. With an RMM solution, there’s already an existing relationship when it comes to security between the MSP and their SMB customers. RMM solutions give MSPs visibility into their customers’ computer systems and networks along with the ability to monitor, update, and protect their customers’ entire IT ecosystems. According to a 2019 study by ServiceNow and the Ponemon Institute, there was a 17% year-over-year increase in cyberattacks from 2018 to 2019, and 60% of breaches were linked to a vulnerability where a patch was available, but not applied. Most RMMs will provide some level of patch management and vulnerability scanning.
Why a security-first approach is so critical
MSPs should take a security-first approach so that mindset is incorporated into every service. This approach, powered by an RMM, can also help the MSP create separate security services down the line.
According to the eBook, there are three high-level steps to follow:
- Define the managed security service, including what parts of the customer environment the MSP can protect, and RMM automation can help simplify the delivery of those services.
- Identify solutions that can meet your service needs, including software, necessary integrations, and how automation can be leveraged.
- Find ways to further leverage the RMM’s automation capabilities across the security landscape.
MSPs also need to take a multi-layered approach to security that encompasses multiple solutions to deliver the right level of protection. The offering needs to balance cost with a robust feature set while taking advantage of the built-in capabilities of the RMM to monitor and manage vulnerable endpoints.
For MSPs that lack deep security expertise, there are a few service areas where they can effectively provide security services within their RMM . Those include securing users, devices and connections at the perimeter, securing the network, securing endpoint devices, protecting internal users/employees, and securing the data in the customer's systems.
Protecting these areas helps create a layered security strategy in which each layer addresses different types of attacks. An RMM tool can help by providing visibility into the customers’ security status, ensuring the environment is secure, and automatically remediating any issues that could create vulnerabilities.
Beyond the RMM
While the RMM plays a vital role in security, it’s not the only technology that MSPs need to provide comprehensive security services. Additional offerings can include next-generation firewalls, email protection, filtering, network segmentation, vulnerability scans, traffic monitoring, endpoint detection and response solutions, end-user training, and cloud-based backup and recovery systems.
MSP-focused software vendors can help simplify the implementation and integration of these types of solutions. RMM-enabled automation further enhances the effectiveness of security solutions by providing consistency and accuracy in a deployment.
MSPs that are already using RMM have an advantage over the competition because they can quickly create a service delivery model that is effective, responsive, scalable, and predictable. Because even small organizations are increasingly the targets of cyberattacks, MSPs need to begin formally offering managed security services that take advantage of the existing security features in their RMM.
Over time, these services can be augmented and expanded, provided your RMM solution already has security-centric features and automation. Start evaluating the features and functions that can be leveraged for security services now, determine which additional solutions you might need, and then use the RMM’s automation capabilities to help generate new service revenue.
As an MSP, the path towards offering security services is inevitable. Your customers are becoming increasingly aware of the need and will either look to you to address their security concerns or another MSP that will. Start by determining which functionalities can be leveraged, define the scope of your new service, choose any additional security solutions needed, and use your RMM’s automation as the foundation for a new means of generating service revenue.
Neal Bradbury is Vice President, MSP Strategic Partnerships for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for generating greater business value for the company’s MSP partner community and alliance partners.