Sergey Nivens - Fotolia
MSP software provider ConnectWise is continuing to grow its presence in the cybersecurity services market, by not only expanding its product portfolio but also its MSP business enablement resources.
The company, based in Tampa, Fla., recently rolled out the MSP+ Cybersecurity Framework, a set of guidelines designed for MSPs to evolve their internal security practices and cybersecurity services. The framework incorporates guidance from NIST CSF, CIS 20, UK Cyber Essentials and Australia's Essential Eight, among other standards, according to ConnectWise. Along with the MSP+ Cybersecurity Framework, ConnectWise published a playbook that aims to show MSPs how to sell and deliver security offerings.
"We determined it would make sense to build an industry standard that we can all work from and work together toward improving over time," said Jay Ryerse, vice president of cybersecurity initiatives at ConnectWise, in an interview.
The framework is complemented by ConnectWise Certify, an MSP cybersecurity training and certification program, Ryerse said. He said ConnectWise has trained more than 3,000 partners on how to implement security fundamentals. "I think education is a key part of this [security initiative], because partners can read a manual … but sometimes they need someone to show them why and some of the best practices around implementing those security mechanisms."
The MSP+ Cybersecurity Framework and training is available to ConnectWise's MSP customers for free and housed under the company's IT Nation Secure program, he said. ConnectWise said it plans to host an inaugural two-day IT Nation Secure training event in November 2020. "We feel like we need to help the [MSP] community perfect their cybersecurity services and it's a good thing for all of us. I think that we need to give back in a way that is logical and appropriate for the market to consume," Ryerse said.
Jay RyerseVice president of cybersecurity initiatives, ConnectWise
IT Nation Secure could also see joint efforts with nonprofit IT trade association CompTIA's ISAO (Information Sharing and Analysis Organization), Ryerse noted. ConnectWise established the ISAO, formerly Technology Solution Provider ISAO, in August 2019 and handed off the organization to CompTIA in March. Ryerse said ConnectWise has been in contact with CompTIA ISAO executive director M.J. Shoer about its MSP cybersecurity initiatives. "While we couldn't share with [Shoer] all the things we were doing, he knows where we are heading and is very interested in being part of it. We believe that a joint event with CompTIA going forward is probably on the roadmap, because both groups are trying to solve the same problem," Ryerse said.
MSPs' challenging pivot to the cybersecurity services market
Delivering advanced cybersecurity has proven to be a challenging transition for MSPs. Ryerse cited a study by market research firm Vanson Bourne that found only about 13% of MSPs today talk to their clients about cybersecurity as a normal part of their business practice. Apart from discussing cybersecurity with their top two or three customers, MSPs tend to limit their customer discussions to security products -- neglecting the people and process elements that comprise a more holistic cybersecurity approach, Ryerse said.
He also noted competitive pressures on traditional MSPs to enter the cybersecurity services market, pointing to a 2019 Vanson Bourne survey of 850 small businesses. Ninety-three percent of the survey's respondents said they would change service providers to get the level of cybersecurity they need.
Another reason why cybersecurity has received growing attention among MSPs is the multiple MSP breaches over the past few years. "There is an awareness that the industry now has that cybersecurity is at the forefront. It needs to be in every conversation," Ryerse said.
ConnectWise took some heat earlier this year for its handling of security vulnerabilities in its software. In March, the company sought to achieve greater transparency with its customers by launching a Security and Trust page on its website to share information about security, compliance, privacy and business continuity issues related to its products. The page also lets users report security incidents.
New ConnectWise cybersecurity products
In addition to the cybersecurity enablement initiatives, ConnectWise last week expanded its security portfolio with two products: Fortify for SaaS Security and Fortify for Assessment.
Fortify for SaaS Security is a detection and response offering for MSPs that support Microsoft cloud environments. ConnectWise said the product helps MSPs protect customers against threats such as business email compromise through Microsoft 365. Fortify for SaaS Security provides reporting and visibility into Microsoft 365 security events, correlation of events, and security operations center (SOC) support and remediation recommendations.
Fortify for Assessment, meanwhile, is a tool for analyzing clients' environments and generating client-facing security reports. The tool aims to help spark security discussions with SMB customers, said Brian Downey, vice president of product management and security at ConnectWise. An advanced version of the Assessment offering will be released in the third quarter, adding reporting of security, risk and data from a vulnerability scanner.
Downey said ConnectWise is prioritizing security in its plans for future releases. "We feel like we are in a great position, but you are going to be seeing a lot more announcements coming in the security space over the next six or nine months. It's an [area] where we are innovating very quickly," he said.
Cybersecurity opportunities in the SMB market
ConnectWise's IT Nations Explore event, held virtually in June, highlighted the opportunity for MSPs to provide cybersecurity services to small and medium-sized businesses. Brian Downey, vice president of product management and security, pointed to the following stats:
- Eighty-nine percent of SMBs consider security one of their top five priorities for their businesses.
- Seventy-nine percent of SMBs plan to invest more in cybersecurity in 2020.
- On average, MSPs have seen a 32% revenue increase by offering cybersecurity services.