There is a fundamental disconnect between enterprises and their website hosts on the subject of website security. Who is truly responsible for it? And how can Managed Service Providers (MSPs), of which Managed Security Services Providers are a specialized variant, change the conversation on website security?
We asked David Mason, Inside Channel Development Manager at SiteLock, 7 questions about MSPs’ capabilities and website security. Here’s our conversation, edited slightly for readability:
1. Forty-five percent of website owners believe their host handles their security, and another 25 percent don’t know who manages their security. Where does this disconnect stem from?
Similar to other categories and services, there is an opportunity for education and awareness. When a customer purchases hosting, it is often assumed that security is included. While some security is included at the host level, customers don’t realize that they are responsible for the security of their website. Similar to an apartment complex, the host is responsible for keeping the overall environment safe and clean, but the website owner is responsible for locking their doors and windows.
2. What problems have arisen from this disconnect?
Since customers have a lack of awareness and understanding, when something bad does happen to their website, naturally they are frustrated and blame the host, agency or other third party. This creates a poor customer experience that can result in churn or reputation damage.
3. MSPs have long had an edge over web hosts in endpoint security, but why?
MSPs have an advantage in endpoint security no different than web hosts have an advantage in website security. The MSP focus, and their customer focus, has been on securing endpoints such as networks, computers, and mobile devices, while the web hosts focus solely on websites. A natural progression for MSPs would be for them to begin offering website security as a way of rounding out their security portfolio for their clients.
4. How have MSPs innovated in site security? And how does it compare to web host efforts?
Historically, MSPs and web hosts have focused on different elements of security. As businesses rely more on their web presence to build their brands, the need for web application security becomes more prevalent. As a result, MSPs are beginning to offer new security solutions to round out their portfolio. In addition, the move to cloud-based technology has fueled an effort to provide even more web application security.
5. How can MSPs educate site owners on their security responsibilities? The value of their own sites?
Websites play many important roles for a business, including building brand reputation, lead generation, information sharing, etc. As a result, MSP’s should leverage their relationships with their customers to educate them on the importance of a complete security solution. Business owners need to be reminded that they are responsible for the security of their website, and current security measures may not provide them with what they need.
6. How can MSPs help web owners protect their sites?
MSP’s have an opportunity to expand the conversation from endpoint security focus to discussing the complete security ecosystem, including website security. In fact, websites experience 59 attacks per day, which is more than 21,500 attacks per year. Website security can no longer be an afterthought. Because websites are so important to businesses today, MSPs need to offer specific solutions.
7. What do you think the future holds for MSPs?
Similar to other industries, MSPs will need to innovate in order to create differentiation and growth for themselves and their customers. Naturally, bringing in new services to round out their portfolio to deliver on client’s needs and capitalize on market trends will be important for future success.
Thanks again to David Mason of SiteLock for his time and expertise!
Latest posts by Ben Canner (see all)
- YouTube CTA - March 18, 2019
- Enterprises! Optimize Your SIEM Today with These Tips! - March 18, 2019
- By the Numbers: Web Application Security Vulnerabilities - March 14, 2019