The year 2024 will be when MSPs fully embrace security, and deliver it as a core part of their solution suite. However, the regulatory environment is also tightening, so it will be more important than ever for MSPs to obtain and retain a comprehensive set of certifications.
Cybersecurity is a 2024 priority for MSPs
Cybersecurity will be a particularly core part of IT investment in 2024 for Australian organisations, as the federal government ramps up its transformative and far-reaching 2023-2030 Australian Cyber Security Strategy. This strategic effort on the part of the government will require the private sector to follow its lead in developing a holistic, accountable, and transparent approach to IT.
However, Australian organisations, from small businesses to enterprises, will also struggle to resource such an ambitious security agenda. Cybersecurity skill shortages continue to be severe, making in-house skills challenging to fill and expensive. As Datacom noted in November, customers desperately need MSPs for cloud and security, and that trend will continue this year.
This is why many major vendors and distributors are backing an MSSP approach to market. Late last year, Westcon-Comstor inked a partnership with Check Point specifically to facilitate an MSSP-driven approach to market. Cisco has also targeted double-digit growth in Australia via MSPs this year, with security a core priority.
The strength of the opportunity means that many MSPs will be looking at adding security capabilities to support their customers this year. The question is whether they’ll be able to deliver to the necessary regulatory environment.
5 certifications Australian MSPs will need
In addition to working with their vendor partners to skill up on cybersecurity technologies, MSPs that want to offer security solutions in 2024 will want to earn the following certifications and capabilities:
- Essential Eight framework: This is a core part of the government’s 2023-2030 strategy. It is ACSC-driven and focused on protecting Microsoft Windows-based Internet-connected networks, as well as cloud services, enterprise mobility, and other operating systems.
- ISO27001: One of the most well-known security standards, this will continue to be essential for supplying services to government agencies at all levels, as well as any large corporations with data privacy obligations.
- NIST-CSF: This is a framework used by organisations to assess and improve their cybersecurity posture, security controls and guidelines. It will be an essential service for MSPs to help their customers understand their current security position and develop a roadmap for the future.
- DISP: This is managed by Australia’s Defence Industry Security Office (DISO) and supports businesses to understand and meet their security obligations when engaging specifically in Defence projects, contracts, and tenders. It’s a highly specialised area, but a lucrative one.
- IRAP: Finally, the Information Security Registered Assessors Program is also governed and administered by the ACSC. Again, this is for MSPs who wish to either support government agencies directly or be part of supporting government agencies, as it endorses individuals from the private and public sectors for cybersecurity assessment services to the Australian government.
These certifications will all be necessary for the MSP to be able to fully graduate to MSSP and support their customers in grappling with the shifting government regulation, and the other cybersecurity challenges that are going to be so core to business resilience in the year ahead.
See our full list of the top certifications MSPs worldwide need to boost their IT expertise and credentials.