Whom to be: VAR or MSP

Managed service providers and value-added resellers are the common types of information security suppliers for SMBs. Whom will they choose?

How will business choose an information security provider?

Small businesses that outsource information security face a variety of choices, starting with the type of infosec company they hire — options range from simple reseller to system integrator. The most common types for SMBs are value-added resellers (VARs) and managed service providers (MSPs). How will they choose an information security provider?

VAR and MSP from the customer’s point of view

In the past, when MSP was a developing market, the natural choice was VAR. Value-added resellers not only supply software (and hardware in some cases), but also help with deployment, provide product support, and answer product questions that may arise. But their main goal was to provide a client with a new license, when the previous one expired. The client in this scenario owns a license for the software. And that is why VARs were always viewed only as a reseller.

If a company chooses to work with a VAR, it needs to have an IT team on site. Even if a company owns just a dozen laptops, there should be an IT person in house (or, next-best, someone in a part-time IT role). Value-added resellers are ready to help that IT person with the product; they can help install it and probably provide training on how to use it, but they will not manage IT for the company. Moreover, this IT person will be in charge of security solution management as well. In other words, this should be an IT security expert. And here is the major drawback: IT security specialists are rather expensive and in high demand. When it comes to small and even medium-size businesses, it may be costly to have a dedicated person.

MSPs take a different approach, not just selling licenses but providing full-fledged IT service. When a company delegates its IT responsibilities, including security, to an MSP, the MSP takes charge, making decisions about what would be best for the company. A managed service provider becomes a trusted advisor that takes care of all IT for the client. An MSP gets to know a client’s needs, makes suggestions about best practices, and then comes to decisions with the client and sets everything up.

What does that mean for the client? It means always having qualified support, and that all IT is set up and functional, including security. When it comes to security, it means a qualified person is charged with protecting the business, and it means the client doesn’t need to retain a security specialist, or any IT personnel, on staff.

Transforming from VAR to MSP

It may seem that an MSP achieves the same goal as a VAR but spends much more. That is not necessarily true. Both types of security solution providers have their own experts on security. The main difference is in their level of involvement. In fact, many VARs eventually expand their range of services and become MSPs.

What do they gain? Mainly, a much higher client retention rate. A trusted IT advisor — someone who understands a company’s needs and helps with any IT security issue, who already knows the infrastructure and can predict what problems may arise — is an invaluable asset.

The potential difficulty with the transition from VAR to MSP is the need to administer solutions in the infrastructures of a wide range of clients. However, this difficulty can be circumvented by means of automation and usage of security solutions designed specifically with MSPs in mind. One such solution is Kaspersky Endpoint Security Cloud, which enables remote security management for multiple endpoints, mobile devices, and file servers without any investment in infrastructure.