MSSP Superstar Michael Knight: Slow And Steady Wins The Managed Security Services Race

MSPs that try and change the way they deliver security all at once will overwhelm both themselves and their customers, according to one managed security service provider expert.

Encore Technology Group President and CTO Michael Knight recommended that MSPs begin their managed security services journey to becoming MSSPs by learning and constantly reassessing what their capabilities are. From there, Knight urged them to examine what their customers are asking for and need from a security standpoint, and then develop a process to get there.

"Most of these things are easier to obtain that you think," Knight said Wednesday during XChange University: IT Security, hosted by CRN parent The Channel Company.

[Related: WatchGuard: Partners Must Deploy Tools That Can Spot Malware, Anywhere]

MSPs may not have the funds to build a managed security services team all at once, but Knight said they can plug into existing utilities and simplify what they're trying to provide customers. MSPs should examine where their talent is today, what they can do that's repeatable, and what they have to change, Knight said.

Knight also cautioned MSPs against signing up too many managed security customers at once since that could pose a challenge to service quality.

"Once your quality drops, your customers will leave," Knight said.

Knight recommended that MSPs move customers to a more simple and secure management format and take away their cost burden by following the substitution, augmentation, modification, and redefinition (SAMR) framework.

Substitution entails swapping one technology for another and taking some elements out of direct customer control, Knight said, but doesn't get into process changes. For instance, Knight said an MSP could migrate a customer from having its own log server to a central syslog server that's managed by the partner on its behalf.

Augmentation could take the form of intrusion detection with some configuration, Knight said. Modification, meanwhile, could address intrusion prevention, SIEM integration, and automating the monitoring of the network.

The final step of the change process is redefinition, which Knight said is focused on completely changing the way the end customer operates. This could entail obtaining complete visibility, getting artificial intelligence involved in the policy formulation, and examining all traffic of both a north-south and east-west variety, Knight said.

To become relevant to customers, MSPs should identify their customer's top needs, Knight said, be they purely IT-driven or oriented around a lack of control of visibility.

MSPs often find themselves signing contracts that require them to operate in a way that's compliant with industry-specific regulations, Knight said. But it has become increasingly rare for SMB-focused MSPs to service only specific verticals, according to Knight.

MSPs, therefore, need to educate themselves on the basic tenet of what their customer has, Knight said, as well as what their requirements are around delivering what specific type of value.

"In our market, we have customers of almost every type," Knight said.

MB Technology Solutions is looking to evolve from being an MSP to an MSSP, which will require getting customers to realize the importance of security and take the threats seriously, said Pat Findley, solutions architect for the St. Louis-based company.

Many of MB Technology's SMB customers today feel that security is too expensive, slows them down, and makes things more complicated than they need to be. Findley said the company has been trying to find a better way to have discussions with customers around managed security before there's a fire.

Findley said he appreciated getting to hear the lessons learned from someone like Knight who's already doing managed security. He said he plans to find someone to talk to about managed security who can serve as a mentor.