The MSSP Opportunity: Capturing Demand for Cloud Security

Demand for cybersecurity as-a-service shows no sign of letting up. Cyber skills are in short supply and corresponding experience in cloud and cyber remains years out. Meanwhile the tech landscape continues to evolve at a dizzying pace, with explosive innovations like generative AI bringing new and unknown risks for companies struggling to keep pace with developments.   

For Managed Service Providers (MSPs) this creates a perfect opportunity to meet growing demand by adding cloud security to your services portfolio, providing additional value to new and existing clients, and generating more revenue in a persistently gloomy economy.  

For managed service and value add players, three key factors are at play: 

• Organizations are struggling to hire technical talent – this includes both cloud expertise and cybersecurity expertise 
• Organizations are already bought into the as-a-Service delivery model – this includes operational services as well as applications/software 
• Organizations are desperate for education in cybersecurity – this includes both established companies undergoing a digital transformation into an unfamiliar environment and young companies that don’t have the budget or the resources to skill up 

Technology adoption is outpacing in-house capabilities 

Industry association and advisory firm the Technology & Services Industry Association (TSIA) makes the root of the demand for these cyber skills very clear in its State of Managed Services 2023 report, when it points out that today, every company is a technology company.  

There was a time when ‘technology companies’ stood alone from the financial companies, healthcare companies, or media companies. Now all companies in all sectors share one common thread evident in the emergence of new sector-specific innovators, such as fintechs and healthtechs, and that common thread is adoption of the cloud.   

The rapid adoption of cloud technology has had a significant knock-on effect however, in that it has become common practice to leverage IT outsourcing or managed services to support a shortfall in internal skills. 

The great promise of the cloud was to enable everything on-demand, but in delivery, the speed of innovation has far outpaced most companies’ ability to keep up. This means external support is sought to help with cost reduction, risk aversion, transition from capital expenditure (CapEx) to operating expenditure (OpEx), or to try and accelerate return on investment in that technology.  

As a result, over 50% of respondents in S&P Global/451 Research's Voice of the Enterprise: Cloud, Hosting & Managed Services, Managed Services 2022 survey said they currently relied on managed service providers to support their cloud environments. And this appetite is growing. 

Application services including cybersecurity; operational services; and disaster recovery (backup and archiving) ranked as the top three managed services deployed in conjunction with public cloud deployments. 

Furthermore, managed services for cloud are not seen as a stopgap measure but as a long-term solution, with 73% of those companies currently using managed services for cloud apps and data, expecting to rely more on managed services over time. And nearly nine in 10 agree that managed

From MSP to MSSP (Managed Security Service Provider) 

Where the purpose of an MSP approach is to make IT systems or functions run smoother while adhering to security best practices, an MSSP’s mission is to zero-in on the security aspect and improve the operation of a business environment by directly seeking out, identifying, and mitigating risk.  

As a specialized third party, an MSSP can alleviate the strain on IT teams, as well as provide necessary skills and insight to support and expand operations. A typical MSSP portfolio might include: 

• Managed firewall 
• Intrusion detection 
• Virtual Private Network (VPN) 
• Vulnerability scanning 
• Antivirus 
• Cloud security 

In order to best capitalize on the opportunity, MSSPs actively seek to provide clients with real-time threat detection, response, and remediation services. A successful MSSP approach requires: 

• The right portfolio of tools that can not only deliver what the customer demands, but in a way that is effective and efficient for the MSSP 
• Experienced operational and technical staff with the right skill sets to operate on behalf of multiple end clients through comprehensive procedures and protocols 
• A Security Operations Center (SOC) to monitor, prevent, detect, investigate, and remediate cyber threats 24/7 
• A commitment to the MSSP business model 

These last two points go hand-in-hand. According to Computer Weekly’s Evolving Landscape of the MSP Business 2023 report, the most in-demand products are a mix of cybersecurity and cloud solutions, with 85% of MSP respondents seeing an increasing need to offer full-fledged solutions such as SOC as-a-service. This is because under-resourced organizations are looking for end-to-end coverage, including risk prevention, detection, and remediation when it comes to cloud security.  

For those that already have a comprehensive portfolio, the rewards are bountiful, with the same report finding that MSPs are expecting average growth of 33% in 2023. 

In combining the two biggest revenue drivers – cloud and security - the approach with most opportunity for established and budding MSSPs is to use lightweight agentless scanning solutions to build an inventory of the customer’s cyber-estate and surface actionable issues such as vulnerabilities, misconfigurations, and other risks. Then use this information to sell remediation services.  

Continuous monitoring of the estate can make this an ongoing relationship, and a repeat revenue generator covering the full spectrum of threat prevention, detection, and remediation.  

Unlock new revenue streams with Cyscale's MSSP Cloud Security Platform

Where technology goes, risk follows 

For customers with multi- and hybrid-cloud infrastructures, there is also the opportunity for an MSSP with a well put together service package to deliver a layer of abstraction that reduces the complexity for customers working across multiple dashboards and interfaces.  

AWS claims that around 75% of its top 2,000 customers use AWS Security Hub as the central platform to consolidate security findings from their AWS cloud environments. But AWS faces growing competition from cloud rivals Microsoft and Google, both of which have invested heavily in their own cloud-native offerings. 

The point is that with every cloud provider taking its own unique approach, organizations need extensive resources in terms of people and skills to manage these increasingly complex systems, each with their own native tools. An AWS security expert is not an Azure security expert, and the effort to remain an AWS ‘expert’ is not inconsiderable for a small company. This makes an independent third-party with multi-cloud tools and multi-cloud expertise a very attractive proposition.  

Cyscale can confirm that almost 50% of our inbound enquiries over 2023 have come from MSPs and MSSPs looking to add or expand their cloud security offerings with comprehensive coverage for AWS, Azure, Google Cloud, and Kubernetes, and multi-client management through a single pane of glass features as a top priority.  

Capitalizing on the MSSP opportunity 

In The State of Technology Services 2023, the TSIA notes that managed services is one of the top three growth engines within the tech industry, boasting a sustainable margin and double-digit operating income. 

One of the key drivers here, especially for cybersecurity as-a-service, is more awareness at the board level that security is a critical investment to make. This is compounded by worsening talent issues due to today's complex economic environment, and short-staffed teams that must find ways to do more with less. 

For those ready to grab the opportunity, the path to profitable as-a-service solutions is through a managed as-a-service offer that can be standardized in order to become scalable, repeatable, and profitable. 

For organizations operating in the cloud with limited time and security resources, simple and effective security must be a priority, and MSSPs equipped with a comprehensive portfolio of cybersecurity and data management solutions are uniquely positioned to solve this challenge for repeat clients. 

Drive new business with a cloud security assessment  

MSSPs can create new business opportunities by using the Cyscale cloud security platform to offer up-front assessments of a customer or prospect’s entire cloud estate.  

A fully automated security assessment across AWS, Azure, Google Cloud, Alibaba, and Kubernetes assets will provide you with comprehensive insights into your clients’ infrastructure vulnerabilities in a matter of minutes. 

An easy-to-understand report can then be used to make the case for additional remediation and monitoring services to both technical stakeholders such as CTOs, CISOs, and security engineers, as well as more business-minded executives such as CFOs and CEOs. Use the assessment as leverage to improve your customers’ cloud security posture or to deliver evaluation or auditing services. 

With in-app support for dozens of compliance standards, including CIS Cloud Benchmarks, ISO 27001, SOC 2, GDPR (General Data Protection Regulation), HIPAA, PCI DSS (Payment Card Industry Data Security Standard), NIST and more, you can also perform automated evaluations for customers who need to prove compliance.  

Interested in discussing Cyscale’s Cloud Security Platform for MSPs and MSSPs?