Datto Execs to MSPs: It’s a Mistake to Try and 'Evolve' into an MSSP
At DattoCon19, Rob Rae and others explained why MSPs should outsource their advanced security.
Technology, and the business of technology, is always about one question: What’s next? It was cloud, then big data, then IoT. Today in the channel, no one seems to be confused about the answer: cybersecurity.
No conference or event of the last two years in the channel hasn’t placed a huge emphasis on security, and it was the same last week at DattoCon19 in San Diego. Datto, which provides business continuity, backup and business management, agrees with the vendor party line that SMBs need someone to outsource security worries to. Who better than an MSP?
Case in point: At DattoCon, Datto unveiled more than 20 new technologies, many of which center around its security solutions. It partnered with Vade Secure, for instance, which provides a cloud-based, directly integrated service with Office 365 for enterprise-level security scanning. It scans for spearfishing, malware, spam and other sorts of malice that come in through email. One of the points of emphasis for Vade is that MSPs need to be eating their own email-security dog food.
Datto’s Ryan Weeks
“I talk to MSPs consistently, and a lot of them are protecting their customer environments with some sort of additional email security layer, but not themselves,” explains Ryan Weeks, chief information security officer at Datto. “If the attacker can’t figure out some low-cost, low-reconnaissance way to attack you, the first thing they’re going to do is try to come through email.”
The company is also excited about the new Siris 4, the next generation of its Siris BCDR backed by Datto’s private cloud. The new devices include the Intel Xeon D Skylake and 2nd Generation Intel Xeon Scalable Cascade Lake processors which feature additional cores and a dedicated write cache (SLOG). Datto claims the enhanced computing power means the Siris 4 can virtualize 50 percent faster than previous devices, virtualize more agents per device, and ensure clients’ heavy-duty apps run seamlessly.
But Datto executives want to make one thing clear: More advanced email security and continuity tools do not an advanced security package make. Weeks says vulnerability scanning, risk assessments and visibility into email behavior, network visibility and endpoint visibility can serve as the core IT foundation of a quality protection environment. But the sheer number of vendors and solutions in the market, all of which purport to protect different things with vague promises of integrations and “security in a box” solutions – not to mention the astronomical cost it takes to spin up a true managed security business – makes it extremely difficult to just integrate advanced solutions into existing offerings.
There’s no MSP-friendly solution that I know of that has all … of those ready-packed and ready to go,” says Weeks, much less solutions that are “able to be monitored, automated and low-touch.”
So many organizations have lost data, says Rob Rae, VP of business development at Datto, that MSPs and vendors alike have to be more proactive about incorporating advanced security into their solutions and service packages. In our current environment where every vendor says it’s committed to open integrations, it becomes even more difficult because security potentially becomes an afterthought. The next step of evolution in MSP security offerings has to come from keeping security at the forefront of any conversation about IT infrastructure or MSP business management.
In contrast, over the last couple of years, many experts have said the evolution has to come solely from …
… the partner side. We’ve all heard it: If you don’t evolve to an MSSP, there’s no future for you. We heard the same thing about MRR, cloud and IoT. A lot of people like to predict the end of traditional managed services.
Rae says that’s a massive mistake.
Datto’s Rob Rae
“MSSP is a whole different animal because you’re now literally on the hook for security and recovery compliance laws,” explains Rae. “There’s so much more to being an MSSP than there is to being an MSP. MSPs are going to handle 90% of what an end user actually needs. MSSP is that little 10% — and they have to be super, super diligent.”
Managed security is not a quick and easy business to spin up or run. MSSPs need a CISO, quality security engineers and an intelligent approach to SMB security. While a majority of MSPs make their bread and butter on SMB IT infrastructure, which includes some managed services that could be considered security such as antivirus and firewalls, there still isn’t a lot of demand for advanced security, which isn’t yet commoditized enough for a traditional MSP to scale.
What sense does it make to evolve into an MSSP when the resources needed to do it are colossal and the current need for it is so small?
“Technology moves really quickly and they’re all small businesses without enough time in the day,” posits Emily Glass, chief product officer at Datto. “So keeping on top of the latest trend, the latest threat, the latest info, whether it’s the move to the cloud or a security thing is just challenging with everything else going on.”
Datto’s Emily Glass
On the MSSP side, the way Rae talks about their pain points is reminiscent of the agent model versus MSP model that the channel has been debating for years. MSSPs do security, but in order to break into that SMB market that’s so reluctant to sign on, they’re the ones that have to devote massive resources into finding and cultivating those relationships. It’s the inverse of the MSP problem. How will an MSSP make decent margins if only one out of every 10 sales calls they make turns out to be a go? MSPs occasionally need advanced security for select clients. MSSPs need the relationships their IT infrastructure brothers and sisters possess.
“In fact, [partnering] is one of the things that I recommend to MSPs all the time,” says Weeks. “If you don’t have the expertise in something, it doesn’t mean that you can’t get it, but just the amount of knowledge and ramp that it takes to become an expert in some of these controls or some of these processes, or to adopt some framework, it takes years to become proficient.”
Spinning up an MSSP business is a giant undertaking, and Weeks says the best way to mature along that path is to find a partner that’s already there and have them help accelerate your growth into that area. There’s also an opportunity to evolve managed security expertise simply by working hand in hand with a security specialist. When an MSP and MSSP co-manage an environment, they’ll each learn what it looks like to provide other services, all without the risk of buying the solution, risking that it won’t work, implementing an incorrect configuration and dealing with all the other complexity that advanced security solutions bring.
It isn’t a problem that’s going to be solved in the short term, Weeks admits.
Don’t get Datto wrong. MSPs should absolutely be evolving their security know-how, and it says tools like those released at DattoCon will help make crafting a solid, baseline cyberdefense easier. But when it comes to advanced security solutions, they should seriously think about whether or not they’re worth the investment to provide and maintain. Because there are a slew of MSSPs out there eager to partner with traditional managed service providers — it’s a win-win, at least until security becomes commoditized and easier to wrangle.
Read more about:
MSPsAbout the Author
You May Also Like