MSP market changes in post-pandemic world

Two studies of the MSP and MSSP market development in the context of ubiquitous remote work.

For the vast majority of companies, the global COVID-19 pandemic has caused dramatic changes in working processes. But few sectors were affected quite as much as the MSP market. Businesses of all sizes faced the need to implement new solutions and services. Moreover, they needed to implement them quickly — often doing so without the necessary resources or expertise. Therefore, even those who previously preferred to rely solely on internal staff, were forced to consider employing external assistance — that’s where managed service providers (MSPs) came in.

MSP and MSSP market growth

All this activity has led to an increase in demand and, as a result, growth to the MSP market. Security services were especially in demand, because at the very beginning of the pandemic, after the outbreak of remote services related cyberattacks, it became obvious that to protect the new distributed corporate infrastructure, companies needed to implement new security mechanisms in order to keep their networks secure.

According to our MSP market focus in 2021 research, 81% of MSP report an increase in their customer base compared to 2019. Among MSSP, this figure is even higher — 91%. The same trend is noted by Canalys analysts. According to their forecasts, the results of 2021 show continued growth of the MSP market — in Europe alone, they expect an increase in market volume from $79 billion in 2020 to $92 billion in 2021.

Expanding cybersecurity services portfolio

More and more MSPs are expanding their portfolio with security services. Interestingly, the reason for this isn’t due only to an increase of demand from their clients, but also due to the development of MSPs’ internal expertise in the security field.

Worryingly, the growing role of MSPs was noticed not only by market analysts, but also by cybercriminals. Now criminals are increasingly targeting MSPs which allows them to implement supply chain attack scenario‘s — by compromising the provider’s infrastructure, criminals are able to gain access to the MSPs clients, thus increasing their potential revenue.

The most vivid example of such an attack is SolarWinds. In our MSP market focus in 2021 report we dedicated a whole section to the learnings of this incident. According to Canalys research, attacks on MSPs forced almost two-thirds of market participants to revise their security processes and technologies they invested in. By and large, companies now need to become their own MSSP in order to efficiently and securely deliver services to their clients.

Canalys analysts also proposed ten steps an MSP needs for more secure practices. Five steps relate to necessary process changes, whilst the other five require certain technological changes. Analysts believe that from a process perspective, providers need to:

  1. Prioritize the security elements of a portfolio
  2. Assume they are already under attack
  3. Stay up to date with the latest patches
  4. Proactive training for employees and customers
  5. Audit all internal tools and service level agreements

From a technological point of view, Canalys experts advise:

  1. Enforce MFA for all remote logins
  2. Always use secure network and system infrastructure
  3. Restrict admin access during remote logins
  4. Create least privilege access for resources
  5. Upgrade networking tools for hybrid working

For the report on the results of the MSP market focus in 2021 study, please visit a page on our blog. The two parts of the Canalys report, “Building managed services for security” and “Being a ‘trusted advisor'”, are available here.