Continued growth in the magnitude and volume of the security risks faced by mid-sized enterprises, paired with a critical shortage of information security skills in the South African market, is opening up a range of opportunities for the channel in the managed security services provider (MSSP) space.

That’s the word from Tarsus Technology Solutions MD Mike Rogers, who says that more and more mid-market companies in South African are looking for service providers to help them manage the increasingly complex security challenges they face.

“With organisations moving to the cloud, we are starting to see interest in MSSPs pick up,” he says. “Facing a rapidly evolving risk landscape – including new compliance requirements for managing personal information and severe, complex threats like cryptojacking, ransomware, and phishing – companies are looking for specialist support.

“They realise that building inhouse capabilities is prohibitively expensive. They know security skills are in short supply and that it is hard to keep up with the changing threat landscape and the diverse mature of the risks.”

Rogers says this creates exciting possibilities for resellers to provide outsourced monitoring and management of security devices and systems to companies that are too big to make do with consumer-grade security products, yet are too small to run a large IT department with access to specialist security skills.

There are good opportunities for resellers in MSSP services that range from security incident and event monitoring, vulnerability management and penetration testing to endpoint malware protection and data loss protection (DLP). “And there are new gaps emerging all the time because of the dynamic nature of the security market,” says Rogers.

Resellers and integrators can benefit from moving to an MSSP model by making higher-end security solutions more accessible and affordable to companies that do not have the skills or money to implement and manage these products themselves, says Rogers. Another advantage for a reseller is that it can generate predictable monthly revenues from MSSP customers, he adds.

Perhaps most importantly, offering security as a service is an opportunity for the reseller to transform itself from a software and hardware box-dropper into a true strategic partner to the client, says Rogers. “Resellers can position themselves as security advisors and build a closer, more enduring relationship.”

From the client’s perspective, working with an MSSP enables it to benefit from a service provider’s economies of scale and gives it access to the latest and best security practices and technology at lower cost and with less risk. It also enables the organisation to turn much of its capital expenditure on information security into an operational expense with subscription-based pricing.

Says Rogers: “The most significant challenge for the reseller in pivoting to a MSSP model is the expense of setting up its security operations centre. However, the growing maturity of the managed service provider environment – with major cloud providers setting up local data centres – means that it’s cheaper and easier to access the infrastructure one needs to offer security-as-as-service solutions.

“Resellers that want to move into this space should look for cloud enablement and value-added distribution partners who can back them up with the skills and solutions they need to deliver a world-class offering to the client. With companies relying on the cloud for more of their business applications and infrastructure, the MSSP model will make more and more sense to them. It’s an opportunity the channel can’t afford to ignore.”