My guest today is Nick Espinosa, chief security fanatic at Security Fanatics, a managed security services company that works both with MSPs and corporate clients. He’s also the host of an FM radio show and podcast called The Deep Dive, which is all about cybersecurity topics. Nick is the author of the cybersecurity book Easy Prey, a member of the invitation-only Forbes Technology council, and a regular Forbes contributor.
Today, Nick and I talk about adding security services to an MSP portfolio and pitfalls when layering on security services, especially with small clients who don’t have big budgets.
What’s Going On
[02:20] Microsoft Inspire is in Las Vegas this week. This event is the one place where you can meet tons of Microsoft employees.
[03:40] Calling this event huge is an understatement.
[03:56] The UK party is the best party at the Microsoft event.
[04:21] Bloggers won’t be attending Inspire. Media and analysts are banned.
[05:01] Joe Panettieri at ChannelE2E shared an Inspire story that will be of interest to MSPs.
[05:07] Microsoft has introduced something called the Azure Expert MSP program. This will be a new certification program.
[06:17] Microsoft now has more than 72,000 cloud partners. This certification should help expert partners rise above the pack.
[06:47] A lot of people equate Azure with a hosted server environment, but Microsoft is moving away from hosted servers to hosted services.
[07:15] Azure Expert MSPs are going to be required to complete a rigorous two-day on-site audit and provide multiple customer references of Azure managed service projects.
[07:45] Back in the day, being a Microsoft Certified Partner meant you had to pass multiple exams and let Microsoft interview your clients.
[08:13] This new third-party audit is a step up.
[08:27] It will be interesting to see how many MSPs take this opportunity to stand out from the crowd.
[08:45] Microsoft is moving the focus of their certifications to programming and not hardware.
[09:21] Speaking of hardware, we’ve heard a rumor that Microsoft is developing specialized hardware that runs Azure clouds services.
[10:35] Microsoft has taken steps to increase the value of its Office 365 business premium subscriptions.
[10:52] They have added Microsoft Connections, an email marketing platform that includes segmentation capabilities and reporting.
[11:45] Karl is hopeful they add GDPR compliance information to email platforms.
[12:35] Another component they’ve added to Office 365 is Microsoft Listings, which keeps business listings and reviews up to date.
[13:15] This helps with in-house reputation management. This is a place where MSPs can add value.
[14:18] Karl believes that the opportunity for consulting is getting far more visible.
[15:02] Microsoft Invoicing is another new feature of Office 365. This might be good for companies who need a complete accounting suite like QuickBooks. The ability to send an invoicing from your phone should be helpful.
[16:29] All of these business apps are built to use together.
Interview with Nick Espinosa – Adding Cybersecurity to a Managed Services Portfolio
[18:15] Cyber security is on everyone’s radar. We’re seeing the rise of MSSPs or managed security service providers and a push for MSPs to add security offerings.
[18:44] A lot of MSPs haven’t invested in learning advanced cyber security strategies.
[19:37] Mid-level or low-level security won’t be enough.
[20:37] MSPs need to improve their security effectiveness.
[20:58] You don’t know what you don’t know, and there are client budget limitations.
[21:25] A firewall is the most critical thing. A 90% effective firewall has a 10% gap right out of the gate.
[21:55] Advanced products are affordable at the MSP level.
[22:42] A lot of MSPs have a sense of complacency and work with the same products over the years.
[23:21] You don’t want gaps in your cyber defense due to product choice.
[24:08] Businesses recognize the value of investing in secure products. The MSP needs to properly convey the importance and risk of security issues. It’s imperative they understand it’s in their best interest to be secure.
[26:26] Should an MSP work at a lower level if the business can’t afford the higher priced security products? It’s your reputation out there. You may want to recommend a colleague for a less expensive, but less effective solution.
[27:47] Nick doesn’t compromise when it comes to defending clients to the best of his ability.
[28:51] Stepping stones for small businesses. Something is better than nothing.
[29:22] Over time you can harden and improve your defenses.
[29:59] If you can get your foot in the door with one product, you can usually get your foot in the door with two or three.
[30:38] Benchmarking security offerings as an MSP.
[31:00] Look at Gartner and the Magic Quadrant.Look at major companies that do dedicated cyber security work like CrowdStrike or Cylance. Keep up with podcasts, blogs, and other sources of cyber security news.
[33:03] It’s important to understand your strengths and weaknesses. You do need to invest the time and training to do security properly or partner with someone who can.
[34:20] Do your research when adding security services. Find the best products or what the professionals use.
What’s Going On
- Microsoft Inspire
- Microsoft Debuts MSP Program Around Azure
- Announcing Azure Expert MSPs
- Microsoft Office 365 Gains Email Marketing, Billing Management, SEO Features
- Longtime Microsoft Researcher Moves to Join New Azure Hardware Division
- Karl Palachuk: Small Biz Thoughts
- Karl Palachuk (Twitter)
- Richard Tubb: Tubblog
- Richard Tubb (Twitter)
- Easy Prey by Nick Espinosa
- The Deep Dive with Nick Espinosa
- Index of Gartner Magic Quadrants
- Security Fanatics
- Nick Espinosa (Facebook)
- Nick Espinosa (LinkedIn)
- Nick Espinosa (Twitter)
Like what you hear? Listen and subscribe.