December 1, 2022 | Managed services
How MSPs can choose the right cyber security partner
By Katie Yahnke
Last updated: May 29, 2023
Managed service providers (MSPs) shouldn’t have to invest countless hours researching, interviewing, and trialling cyber security vendors to find the perfect one for their business model. However, with so many cyber security solutions and companies flooding the market, choosing a cyber security partner often feels like finding a needle in a haystack.
Finding a vendor that fits your clients’ needs is much easier when you know what to look for (and what to be wary of). Before we share five key tips for choosing the right cyber security partner, let’s take a quick look at why every MSP needs to add a managed security service to their portfolio.
Offering managed security is table stakes
Small and mid-sized enterprises (SMEs) struggle to manage their IT infrastructure, never mind secure it from cyber threats. SMEs relied on traditional cyber security products, such as antivirus software, to keep them safe. This approach worked fine for a while. However, cyber attackers have narrowed in on smaller businesses, now launching sophisticated attacks that yesterday’s cyber security tools cannot defend against.
This increased risk of a cyber attack has forced SMEs to turn to their trusted MSP for cyber security help. Looking at the numbers, it’s clear that the market for managed security services is target-rich and full of opportunities. In Canada, 97.9% of businesses are considered small (with 1-99 paid employees), and 1.9% of businesses are medium-sized (with 100-499 employees). In the United States, 99.9% of all businesses are small.
It’s in every MSP’s interest to offer managed security, but marketing, selling, delivering, and supporting a new service takes time and expertise that not all have. Existing resources are often already stretched thin as they focus on core business operations. Besides, finding the specialized skills needed to deliver managed security is time-intensive and expensive.
Partnering with a cyber security provider makes sense for MSPs who want to impress their clients with a top-notch managed security service and boost their return on investment. However, not all vendors—or their products—are made equal.
Choosing the right cyber security partner
To ease the decision-making process, here are some things to keep in mind while choosing a cyber security partner.
1. Can this cyber security partner offer the expertise I need?
MSPs will see accelerated growth and faster time to revenue if they choose a vendor that can bring the right amount of experience to the partnership.
You have one chance to make a positive impression and prove you can secure your client’s business. A cyber attack on one of your customers could be embarrassing at the very least and catastrophic at most. A confirmed attack often leads to financial and reputational damage, making it harder to attract and retain clients. Avoid this by choosing a partner that is reliable, experienced, and capable of keeping businesses safe—specifically, you could look for things like:
- They offer an incident response service
- They share testimonials and client success stories
- They perform their own threat hunting
Hiring security professionals is expensive, but there’s no substitute for real-world experience. Some vendors provide professional services, support, or training as part of the partnership. Having access to dedicated cyber security professionals who are experienced, stay up to date on new threats, and consistently undergo training will help you deliver a better managed security service to your customers.
2. Can they support marketing, sales, and service delivery?
Since many MSPs have limited cyber security knowledge, they may be unable to adequately market, sell, and support a managed security service. Instead, MSPs could try to develop this expertise in-house but they’re generally busy focusing on their core business and unable to divert resources to learn and support a new service.
MSPs should look for a partner who can assist with marketing, sales, and delivery of the service. For example, vendors can support you by:
- Hosting webinars to talk about new cyber threats, cyber security best practices, and more
- Sharing advertisements, social media posts, and promotional emails to market the service
- Offering sales training resources to help your team speak confidently about cyber security
The level of hands-on support a vendor provides is significant and can accelerate time to revenue (TTR) by helping you get the service up and running quickly.
3. How much of the threat surface can they protect?
It’s hard to know what type of cyber security technology to deliver your managed security service. There are more acronyms than any business can keep track of, and every tool varies in terms of functionality and coverage.
To protect the entire threat surface, MSPs are often forced to stitch together several tools each covering a different component of the IT ecosystem. Doing this is time-consuming, complex, and financially draining. After all, every additional tool raises service costs—making it harder to attract clients and retain existing ones—or thins your margins. Neither is ideal for your business.
Consider the table below, created by global analyst firm Aite-Novarica Group, comparing three managed detection and response (MDR) solutions. At a glance, it’s clear how threat surface coverage, telemetry collection, and functionality vary from solution to solution.
4. Will they offer the scalability my clients need?
Another important thing to keep in mind is that traditional market leaders might not be the right fit for you, your clients, or your business model. Most are larger with complex partnership processes; they’re often over-established and offer less flexibility.
In some cases, even their smallest licensing package is still way too big for your typical client size. Your clients shouldn’t have to pay to protect 300 users when they only have 20. Cost is a significant factor, especially for MSPs that serve smaller businesses that wouldn’t have room for unnecessary added fees.
The right cyber security partner should offer you a scalable solution—especially if you’re working with smaller businesses experiencing growth. This flexibility makes it easy to sell, implement, and customize for your clients.
5. Are they reliable and comprehensive?
The days of simply putting up a firewall are gone. Smaller businesses and their MSPs recognize that robust protection is now a necessity, not a luxury. With the rate at which threat landscapes change, a patchwork of cyber security solutions will cause more problems than solutions.
You need to defend every aspect of your client’s IT infrastructure, and that requires an end-to-end approach to monitoring, detecting, and responding to threats and risks. This holistic approach to security should protect your endpoints, cloud services, and IT network—and it should do so 24×7. Cyber crime doesn’t end at 5 pm. Attacks happen at any time of day or night, so choose a vendor who can provide comprehensive coverage round-the-clock.
This holistic approach also simplifies licensing, billing, and deployment, minimizing the level of administrative work an MSP has to do.
Interested in becoming a Field Effect partner?
Check out our Partner Momentum Program and learn how it makes it easy to provide your clients with the industry’s best cyber security while reducing their costs and increasing your profits.
Join the Partner ProgramDownload the brochure
Lessons learned & advice from two MSPs
In early 2022, global analyst firm Aite-Novarica Group interviewed five North American MSPs with managed security services. The study resulted in a report, Hands-Free Cybersecurity for SMEs: A Roadmap to MSP Growth, that details what MSPs want and need from a partner to successfully enter the managed security market.
We hosted a follow-up webinar with the report’s author and two MSPs from the study to dive deeper into their experiences choosing the right cyber security partner.
Craig Bell, Vice President at OT Group, suggests finding a partner who will help you with workload management, support in the backend, and offset some of your daily work efforts. Being able to contact someone—pick up a phone, send in a ticket, get someone immediately who will help with the issues you’re having—is paramount.
Cody Smith, Founder and CEO at Arrowhead Technologies, says it’s important to have a partner with a customer-centric focus. “In our geography, the cost of cyber security experts is astronomical; my ability as an MSP to obtain them is challenging,” he says.
Referring to his current partnership with Field Effect, Cody concluded “we have a bench of hundreds of security analysts who are helping us solve problems and analyze incidents…It’s not just the product, but the team behind the product that enables us to be successful with it.”
The final piece of advice from both speakers? MSPs—do it immediately. Engage a partner. “You’re doing yourself a disservice if you don’t do that,” says Cody. “You’ll lose sleep if you don’t have visibility inside client networks. You’re also going to be losing revenue by not adding this to your portfolio and additional revenue stream…Do it today.”
Ready to learn more?
Are you ready to learn more about choosing the right cyber security partner and what else MSPs have to say about the Field Effect partner program? Download Hands-Free Cybersecurity for SMEs: A Roadmap to MSP Growth!