In the United States, 99.9% of all businesses are categorized as "small," with under 100 paid employees). These companies largely rely on managed service providers (MSPs) for tasks requiring specialized skills such as IT and, more recently, cybersecurity.
But, in many cases, delivering cybersecurity solutions requires considerable expertise and a dedicated team. That’s not always straightforward (or possible), which is why many MSPs offering a managed security service will partner with cyber experts.
Not only will this type of partnership make it easy to start offering security as part of your core product package, but it could also open up new market opportunities, leading to more revenue for your business.
This post details what MSPs like you should be looking for in a cybersecurity partner, and other tips from real MSPs about the partner-selection process.
A security provider vs a security partner
Small and mid-sized businesses have never been more aware and informed about cyberattacks and cybersecurity. So for MSPs, offering managed security is a must-have if you're looking to gain new clients (or even retain existing ones).
So, how do you begin offering security as an MSP? And, often more importantly, how can you deliver this new service with your existing team? For most MSPs, the answer lies in finding a trusted cybersecurity company to help with the lift.
However, not all cybersecurity providers for MSPs are equal. Some providers can actually make your life more difficult with poor support, tools that just don't make sense for your client base, and deceptive sales tactics that make you feel more like a target than a partner.
That’s why the first piece is that you should be looking for a security partner, not simply a provider. Security partners work with you, making your life easier with perks like whole-process support from marketing to sales and delivery. They help you do more for your clients without causing operational problems elsewhere.
How to choose the right cybersecurity partner
The partner you choose for your security offering can significantly impact your clients' happiness and, in turn, your reputation. That's why it's worth taking time to evaluate your options, instead of jumping into a partnership with the first security vendor that pops up on Google.
As you review these evaluations, ask yourself the following five questions about each partner you’re considering. The answers you get should point you toward the best possible partnership for your business.
1. Does this cybersecurity partner have the expertise I need?
The first box to check is whether a cybersecurity provider for MSPs has expertise in the areas you need it.
There are more than 750,000 unfilled cybersecurity jobs in the U.S., and 67% of cybersecurity professionals say their team doesn’t have the expertise needed to tackle all of the problems it faces. Experts call this the cybersecurity skills gap, and MSPs also feel the impact of this shortage.
The right partner will solve your cybersecurity skills gap by having the security experts you need on staff. The partner should be able to handle the more specialized or technical elements of security that your team may not have the skills or bandwidth for, such as threat hunting, active response, and more.
For example, Field Effect Covalence prioritizes threat alerts as Actions, Recommendations, or Observations (AROs). Our in-house analysts take complex problems and turn them into plain-language cybersecurity alerts that anyone can understand and respond to with confidence. These kinds of features can make your life, and your teams' lives, significantly easier.
See Covalence's AROs in action
Learn how our proprietary AROs work to effectively cut threat noise and reduce alert fatigue in this three-minute video.
The truth is that hiring security professionals is expensive, but there’s no substitute for real-world experience. Access to dedicated and experienced cybersecurity professionals who stay current on new threats will help you deliver the kind of managed security service your clients deserve.
2. Can they support marketing, sales, and service delivery?
Offering a managed security service is more than just overseeing the new security product on a client's behalf. Like any other service you offer, you also need to market and sell it. But that can be tough to do without the in-house cybersecurity knowledge required.
Even if you did have that knowledge, it would still take considerable resources to create marketing campaigns and sales enablement content. You can spend those resources elsewhere if your security partner does these things for you.
For example, the right partner can support your security offering by:
- Hosting webinars to talk about new cyber threats, cybersecurity best practices, and more
- Sharing advertisements, social media posts, and promotional emails to market your service
- Offering sales training resources to help your team speak confidently about cybersecurity
This type of support can accelerate your time-to-revenue by helping you get the new service up, running, and in front of customers faster. And because you won't have to spend labor hours or budget creating these resources yourself, you can invest those dollars elsewhere.
This can be a great way to differentiate between providers. If costs are similar and one partner offers help with marketing and sales, that's a significantly better deal for your company.
3. How much of my clients' threat surfaces can they protect?
A company’s threat surface encompasses every part of a network that an attacker might breach. That includes software and hardware like computers, tablets, and phones.
When evaluating security partners, you want a company that can cover as much of the threat surface as possible. Not only does this reduce security gaps, leading to lower risk and better security for your clients, but it also delivers peace of mind as you'll know your bases are covered.
Greater threat surface coverage also translates to more time back in your day. It eliminates complexity as you'll only have one (or a couple) of solutions to manage, instead of trying to navigate potentially dozens of tools and dashboards, each operating independently from one another.
Providers offering tools with limited functionality may not be as invested in your success, either. If a single provider is your only security partner, or one of few, they are a key contributor to your success and will feel that sense of duty to give you their all right out of the gate. Besides, they won't be constantly upselling you with another tool, the latest add-on, or premium features.
4. Can they deliver the scalability my clients need?
As you research your partnership options, you’ll likely come across more than one large cybersecurity provider that seems like it can do it all. These companies can be a good fit for some MSPs but also have limitations or drawbacks you should know about before signing that contract.
The biggest issue is that these companies may not be able to offer the flexibility and scalability your clients want. Large providers tend to be more rigid in their processes and may ask you to adapt to them instead of the other way around.
You should also consider the size of their licensing packages before making a choice. If you're looking for smaller packages, you might find that larger security vendors don't offer that. For the vendor, it's a business decision but for you, it can create unnecessary costs that either eat into your margins or are passed on to your clients.
5. How do they make my job easier?
There are many ways a security partner can make your job easier or...not. For example, consider how a vendor handles communication and reporting. Do they give you all of the information you need in a single, simplified dashboard that’s visually intuitive? Or will you have to compile all of the metrics you care about yourself before you can learn from them?
You’ll also need to train your employees on whatever security tool you choose. A good partner will already have webinars, videos, and guides to help your employees get up to speed as quickly as possible. A provider may have limited educational resources, which can increase how long it takes before your team can learn the tool well enough to sell it, lengthening your time-to-revenue.
All of these little things add up to have a big influence on how easy it is for your team to use the security product you buy. Your decision could impact whether the product feels like it’s working for you or against you.
Wonder what it's like being a Field Effect partner?
Check out our Partner Momentum Program and learn how it makes it easy to provide your clients with the industry’s best cybersecurity with the team you already have.
Lessons & advice from two MSPs
Let’s close by looking at some real-world examples of how actual MSP leaders think about choosing security partners.
In early 2022, global analyst firm Aite-Novarica Group (now Datos Insights) interviewed five North American MSPs with managed security services. The study resulted in a report, Hands-Free Cybersecurity for SMEs: A Roadmap to MSP Growth, detailing what MSPs want and need from a partner to successfully enter the managed security market.
We hosted a follow-up webinar with the report’s author and two MSPs from the study to dive deeper into their experiences choosing the right cybersecurity partner.
Craig Bell, Vice President at OT Group, suggests finding a partner who will help you with workload management, support in the backend, and offset some of your daily work efforts. Being able to contact someone—pick up a phone, send in a ticket, and find someone who will help address your issues promptly—is paramount.
Cody Smith, Founder and CEO at Arrowhead Technologies, says having a partner with a customer-centric focus is important. “In our geography, the cost of cybersecurity experts is astronomical; my ability as an MSP to obtain them is challenging,” he says.
Speaking about his current partnership with Field Effect, Cody concluded “We have a bench of hundreds of security analysts who are helping us solve problems and analyze incidents…It’s not just the product, but the team behind the product that enables us to be successful with it.”
The final piece of advice from both speakers? MSPs—do it immediately. Engage a partner.
“You’re doing yourself a disservice if you don’t do that,” says Cody. “You’ll lose sleep if you don’t have visibility inside client networks. You’re also going to be losing revenue by not adding this to your portfolio and additional revenue stream…Do it today.”
Increase your average revenue per client by 30%
It’s one thing to be told you can earn more revenue by offering a security solution and another to see it put into action. Read our case study to see how one MSP increased its average revenue per client by 30% since partnering with Field Effect and adding Covalence to its managed security service.