May 3, 2021

Last Updated on January 14, 2024

With 900-pound gorillas like cloud computing/SaaS and the DoD’s Cybersecurity Maturity Model Certification (CMMC) framework churning up the global business landscape, it’s no surprise that change and disruption are impacting managed service provider (MSP) and managed security service provider (MSSP) business models and operations.

To get insight into the “next big thing” for the MSP industry, a recent episode of The Virtual CISO Podcast featured MSPAlliance cofounder Charles Weaver. Hosting the show, as always, is Pivot Point Security CISO and Managing Partner, John Verry.

“Care to read any tea leaves on what’s next for MSPs?” asks John.

“What a lot of MSPs need to do in order to stay relevant… I do feel like we’re at a point where they do have a lot to gain and they’ve got a lot to lose, right?” Charles replies. “I think ten or fifteen years ago, unless you became an MSP, you were just going to phase out or have kind of a not-so-great business model being a value-added reseller (VAR) and all the legacy problems that we know are associated with that.”

“I think now it’s time for MSPs to become weapons-grade,” asserts Charles. “You need to become very professional—right now. The training wheels have come off. I think that’s where we are in 2021.”

A big part of this elevated professionalism for many MSPs will include ratcheting up your internal security postures so you can prove you meet today’s client expectations, as exemplified by CMMC Level 3. This has become imperative if you want to continue to serve clients in cyber-regulated industries like defense, or do business with the US federal government itself.

Clearing that security hurdle will be one way to separate tomorrow’s successful MSPs from the also-rans, according to Charles: “If you’re out there delivering a consistent remote access/remote management kind of hook into a customer’s system… I hate this, ‘I don’t host anyone’s data, so I don’t need to be certified. You don’t need to audit me.’ I love that. It’s like, really? So what does your RMM software do every single day, 365 days a year? It just sits there benignly, not doing anything? Come on!”

“[MSPs] really do need to start paying attention to their internal process, their internal security,” emphasizes Charles. “And they need to do that very fast because the game has changed, really. I think the days of taking the ‘on-ramp’ to managed services have gone on long enough. We need to now have people who are doing it… and everybody else.”

If you’re in the MSP, CSP or MSSP industry, make sure you catch this podcast episode with industry expert Charles Weaver, co-founder of MSPAlliance.

To listen to the complete show, click here. If you don’t use Apple Podcasts, you’ll find our full selection of top-shelf information security podcasts here.