2022 has been a year like no other, with partners and the industry re-grouping and finding their feet after COVID. And at the same time, we are staring down on a big new obstacle emerging right around the corner – economic headwinds. As partners look at 2023 and try to be on the right side of these secular trends and transitions, one big area that many partners are thinking seriously about is security, both as a trouble spot to conquer and an opportunity area to strengthen and double down.
SkyKick has been very engaged with partners and really putting our heads together. It comes on the heels of the launch of Security Manager, a new solution from SkyKick, that is an easy-to-use application to manage Microsoft 365 security. Purpose-built for MSPs, Security Manager allows partners to quickly find security vulnerabilities across all customers and easily remediate issues with mainstream staff who don’t need to be security specialists.
Over the past few months, we have facilitated lots of peer-to-peer learning, including Voice of the Microsoft Partner (VOMP) webinar and a SkyKick-hosted webinar that featured leading partners who shared their best practices for realizing 20-30% greater MRR with expanded M365 security services in MSP bundle.
Throughout these conversations, there are a couple of themes starting to emerge at the forefront.
With the recession and economic headwinds ahead, Security can be a growth area
The overall picture is IT spending could be flat or going down. I was reading up a stat in Spiceworks, it said that the same business owners, SMB focused, who said they want to hold purse strings tight, 42% of them are willing to spend more, much more in some cases on security. So, the demand is certainly there. With the right kind of automation, like what we shared from SkyKick in this webinar, there could be some value we bring back to the partners.
With that kind of automation, we can change the cost and feasibility of delivering security services. If you look at the big picture, 100,000 Microsoft Cloud partners, only about 3,000 of them are MSSPs. We can change the game here. All 100,000 of them can be offering a right-sized set of security solutions to their customers. And that changes the cost structure. We go from reactive to proactive. We help our partners make more money. As you’re doing all of that, there is a moral benefit to it and there’s the relationship element. As you’re delivering more of these very valuable security services, you are getting more sticky with the customers.
There are headwinds broadly, but there is a certain swim lane within there, the security swim lane, that I think it can be more of a tailwind for our industry.
Customers are much more willing, able and ready to lean in with MSPs and MSPs are finding themselves already knee-deep in Microsoft 365 security. What are these security needs?
Our perspective is really grounded in the partners who are very focused around Microsoft 365 because that is truly where we find our partners are and that is where the SMB customer is.
The question becomes what attack vectors are we seeing for that kind of customer and that kind of partners. With the rise in the cloud and remote work that we all went through during the pandemic, the customer is that much more sensitive about security. In fact, a recent report that said 88% of businesses are very concerned about security. If that’s how concerned customers are, what is the implications of it on what’s showing up on the MSP support side?
This point resonated with partners we spoke with. Brian Minker is a Partner at ABLE Technology. He shared that ““Demand is high. SMBs are seeing the breaches in media and come to us saying – how can I not be the next victim”
The profile of what is showing up in a classic MSP support desk has changed quite dramatically. We have done some good analysis and 21% of the reactive support tickets today are security related. What is showing up in those security related tickets? Two years back, it was mostly access, permissions, password reset, the old faithfuls. Last two years, that changed to something different where nine out of 10 SMB security attacks now begin with phishing. That is the thing that customers are calling in about. It’s about phishing, mailbox-centric attack vectors like MFA, SSO. If you think about what’s on the horizon in attack vectors, it’s really about data loss prevention, advanced threat detection. Customers are asking, how can you, the MSP, help me on that.
So big picture, whether partners are offering security services or not, we think most partners are already knee deep in security. That’s what we think are the attack vectors today.
The way MSPs are delivering on security, partners are quickly realizing that playbook should be more optimized than what it is today
This is probably one of the most interesting themes that emerged in our peer-to-peer learning and definitely garnered the most attention from partners. Key questions we discussed such as
- What are partners doing in security, is security a new thing, or are partners already in there? What does security mean to the classic Microsoft cloud partners today? Focus on M365?
- How are you delivering security – more senior people? Specialized team? Classic MSP Tier 1-2-3 model?
- Reactive Security on Support Desk vs Proactive monitoring?
When we talk about this buzzword of security and ask partners, is it a headwind or a tailwind? Sometimes, partners are not seeing is there is a silent killer to their business. We talked about how security related tickets are increasing on the reactive side on the support desk. What does it actually do when they are not planned for? What we have seen with partners is these level 300, 400 resources, senior billable engineers, are getting sucked into tier 2, tier 3 escalation paths. They are getting sucked into solving even the most basic phishing or data loss prevention scenarios in the security tickets.
We have to ask ourselves why is this happening. The main reason is that without the right kind of automation, we have taught ourselves that security is this sophisticated thing and we need these “men in black” personas. We have trained ourselves that we need these senior engineers to be involved here. But what does it do from an ROI perspective? You look at the utilization numbers and they may look rosy, you see your people are being utilized. But from an ROI standpoint, that is a silent killer. We have gotten the wrong people directed toward the wrong kind of things. What’s lacking is the right kind of automation and a little bit of openness to approach security and security tickets and go from the reactive to the more proactive stance.
One of our webinar panelists Sean Ernstzen, Managing Director at Impreza, a UK MSP shared that „We have a duty of care to our customers so we proactively approach them with security suggestions and reports”. This is the kind of new playbook savvy partners are leveraging to show their leadership in security to their customers and turn a headwind into a tailwind.
Security demand is rising faster than capacity, automation is the name of the game
Jonathan Davis is a Principal Security Program Manager at Microsoft and has a front-row balcony view of security threats as well as the best practices and resources Microsoft has for partners to stay ahead. This point really resonated with Jonathan that MSPs need better automation and tools and are capacity constrained. Jonathan said “attackers are using machine learning and automation against us in these large-scale ransomware attacks. In the security life cycle without automation, you are in a losing battle.”
Bad actors in security have access to great technology and automation, and they have great structure. And that is where the game is being played. That is where the state of play is in that security market. You have to fight on even terms. Microsoft, as a large enterprise organization, has access to great tools. Some of those insights are getting wrapped into the kind of security alerts and insights that are coming through the Microsoft stack. Partners would be well advised to leverage and use them to fight more even battles.
David Shackelford is the owner of Cooplink, a US-based MSP. He shared his experience with Security Manager “it is amazing how many different things we can do and automate… gives our team a lot of power, a lot of control, and free up time.“
Partners are seeing this as a longer-term bet to build a new business area. That means they also need to think about sales, marketing, and customer conversations
Shane Monty is a Cloud Solutions Architect at Present. With a long and distinguished career, he has successfully navigated through a few transitions in the MSP Industry. Shane had some tips on how to bring about some needed changes to maximize the Security opportunity in your MSP.
It’s easiest to adopt change when you are on the cusp of solving a new problem. In their organization, they were exploring setting up audit and security-related services and prospecting of adopting automation and a new way of working. Human receptivity to change experiences inertia. If the opportunity presents itself for a change, jump on it. So when you are ready to set up a new portfolio of services, that is the perfect time to bring on new ways of business processes and automation.
Shane said it best „Don’t wait to have the security conversation. If you don’t, your competition will. Go out, and get the business, it’s low-hanging fruit!”
Indeed, this sentiment is echoed by many partners we talked to. They want to build a new security business and take the conversation to the customers. In short, partners want to make money with security! Savvy partners are saying that the answer to delivering and monetizing security is to work smarter, not just harder. Partners are looking to leverage customer-specific reporting to demonstrate in their sales journey to Customer X, how Customer Y’s secure scores increased and security posture improved as they made the right level of security commitment with this partner. What better way to convince customers to make the right investments in security today?
SkyKick has been actively innovating in the security space. Not even three months after our launch of Security Manager, we just released Security Manager 1.1. This release includes an even better user experience, along with new dashboards and reporting to help partners accelerate their security business. We have a strong roadmap. It’s part of our vision, but it’s also a result of listening to partners and saying what are the most important things that they’re looking to solve to get answers on.
We invite you to visit a blog that dives deeper into the value prop of Security Manager 1.1 and book a demo with a senior SkyKick security specialist and try it out for yourself!