Q&A: Why MSPs Need to Evolve Into Security Educators

MSPs have a lot on their plate these days, but they also need to consider where and how they can evolve their business to remain competitive. In this Q&A, Hexnode CEO Apu Pavithran shares why he believes MSPs can gain a competitive edge by focusing on educating their clients, rather than just serving them technology.

This Q&A has been lightly edited for clarity.

Companies still fail to meet audits and maintain regulatory compliance: what they need from MSPs

What keeps so many companies from passing their security audits?

It’s a good question and a sign of the times. According to JumpCloud’s SME IT Trends Report from earlier this year, security is the top challenge for 60% of organizations, and defenses aren’t always up to scratch. Barriers we often see include a lack of knowledgeable personnel, inadequate resources, and poor company culture regarding best practices. As a result, about one-third of companies still fail security audits or need to implement additional controls to pass compliance.

The feeling at the moment is that security risks are multiplying in lockstep with improving technology. Failing compliance audits only feeds into a general uneasiness amongst small-to-medium-sized enterprises that today’s threats are too big to fend off on their own. This explains why more companies are embracing MSPs as a way to simultaneously cut costs, increase productivity, and achieve a strategic lay of the land. 

Approximately 35% of organizations in the report above utilize an MSP to fully manage their IT program, which is up from 29% who reported the same six months ago.

It’s this last unique selling point of collaboration – achieving strategic security insights that would otherwise go unseen and unsaid – that’s encouraging MSPs to evolve from simple salespeople into tried-and-tested security advisors.

When these companies look to MSPs to solve their security issues, what do they really want from those partnerships?

There are a few things they’re looking for. At the most basic level, IT wants another set of experienced eyes on its ecosystem. They seek collaborators who can work directly with admins to make them more effective and help them respond to emerging threats.

There’s also a practical element – MSPs manage multiple security solutions that would be expensive and time-consuming for companies to buy and maintain separately. This significantly reduces the workload for internal teams.

Psychologically, many companies also want to stay ahead of threats and have peace of mind that they’re on top of the landscape. Companies are seeking partners who can help them understand why they failed the compliance audit, how to prevent it from happening again, or what they need to do today to stay safe tomorrow.

Taken together, I view this as a tremendous opportunity for MSPs to evolve beyond being mere security providers to becoming trusted security advisors. Their future lies not only in suggesting solutions but in leading their clients to master the basics – passwords, authentication, patching, and more. By doing so, MSPs graduate from security firefighting to strategic advisory, representing much higher-value collaborations for the long term.

How MSPs can differentiate security offerings and meet client needs

How can MSPs rethink their offerings to meet customer demands?

There first needs to be a cultural shift. Internally, MSPs need to rethink their role less as “break-fix” and more as “prevent and educate”. Going forward, the goal of MSPs should be to help clients cover the security basics and stop bad practices from becoming breaches. This way, they can deepen their relationships, unlock new and improved service offerings, and expand what they bring to the table.

The practical shift involves moving beyond selling security tools to educating clients on the “why”. Think monthly newsletters, quarterly scorecards against industry standards, and mini-training sessions to level up security awareness and ability.

There’s also a significant opportunity with compliance, given it’s a pain point across companies. MSPs can start offering compliance-as-a-service to help clients not just implement controls but understand how to maintain them over time.

MSPs should tier these services in a way that clearly illustrates their value-add. When clients see the ROI of fewer emergencies and stronger security postures, they’re more likely to become invested partners versus transactional customers. This transforms MSPs from vendors competing on price to advisors excelling on expertise.

What do MSPs need to do today to prepare themselves for adding services in the future?

They should start by immediately leveraging their unique advantage: cross-client intelligence. Providers manage security across multiple environments and are therefore privy to various ecosystem threats, incidents, and weaknesses that individual companies never see. This intelligence can be transformed into instructional content, such as anonymized threat reports, industry benchmarks, and best practices tailored to each client’s sector and risk profile.

From a skills perspective, MSPs should determine their focus area and subsequently invest in their teams and skillsets. This includes things like compliance certifications and cross-training technical staff on business and regulatory aspects. Why? Because you can’t advise on what you don’t understand yourself.

Operationally and technology-wise, MSPs should begin moving in this direction in current client conversations. Position yourself as a security advisor and test the waters with basic educational content, such as newsletters or webinars, to gauge interest and determine the best approach. Equally important is investing in platforms that can scale advisory services.

This is a security evolution that’s here to stay and one we’ve recognized and addressed at Hexnode. Our UEM MSP portal, launched earlier this year, provides partners with unified oversight of all their client accounts in a single pane. The idea is to eliminate portal juggling, simplify license management, and free up hours that partners can reinvest in education and strategic advisory work. We’re launching a unified console for policies in this same vein to further streamline client management.

The name of the game for MSPs is to start small but think strategically. You don’t need to transform overnight, but every step toward becoming an educator and advisor positions you for the higher-value relationships that will define tomorrow’s MSP business.

For MSPs who can become trusted security advisors, what are the business opportunities available to unlock?

It’s a straightforward business proposition: higher-value contracts with lower churn. MSPs that successfully pivot into security advisors can begin selling their experience in addition to specific solutions. In turn, informed and educated clients create fewer emergencies and enjoy better security outcomes.

The market timing also couldn’t be better. About three-quarters of companies plan to boost MSP budgets this year, and there’s a clear appetite for premium educational services, strategic consultancy, and comprehensive management.

Plus, there’s an inherent stickiness for partners who can pull this off. Clients look favorably upon partners who not only fix their problems but also help them avoid repeating the same security mistakes. As a result, MSPs become embedded in strategic planning, and that’s much harder to replace than a vendor who just responds to tickets. Longer contract terms, higher lifetime value, and positive word-of-mouth await those who can get this right.