Stacking Security Services... Successfully!

Welcome back to Frankly IT! By now you know what this is all about: real talk for MSPs and IT leaders who are tired of glossy “best practices” that never survive first contact with a client ticket. Running IT isn’t tidy. It’s messy, people-driven, and occasionally feels like you’re one password reset away from losing your mind.

This newsletter is here to make it a little easier. We’ll dig into the human side of tech, from onboarding to culture to process, and add just enough snark to remind you that if you’re struggling, you’re not alone. Because let’s face it, half the job is solving problems, and the other half is explaining why “turn it off and back on again” really does work.

--Amanda

💥 Today's Hot Topic: MSP or MSSP - what’s the difference and who decides?

One of the questions that comes up a lot in our space is the difference between an MSP and an MSSP. On paper, the answer feels simple: MSPs handle IT services, while MSSPs focus on security. But in reality there are plenty of MSPs that are highly focused on security beyond the norm. 

Think about it. Most MSPs already deliver a baseline of security: patching, firewalls, antivirus, backups, phishing training. MSSPs tend to layer on more advanced monitoring, incident response, or compliance expertise. That doesn’t mean that some MSPs don’t also do the same thing. So where does one stop and the other begin? Is it about the services offered, the depth of expertise, or just what you call yourself?

In reality - I don’t think there’s a single “right” answer. What matters more is whether your clients are getting the protection they actually need at a price point that is accessible for their business.. For a lot of MSPs, that means thinking beyond “basic” and looking at what an average MSSP provides. Not because you have to rebrand yourself or because you replace the need for them, but because your clients expect security to be baked into their IT and being able to deliver within some of your mandate as their MSP is in both of your best interests. 

The real opportunity isn’t about drawing a hard line, it’s about asking:

• Are we giving our clients the level of security they assume they already have? Client perception is everything - quite often after an incident - clients will say “I thought you protected us against this?” The reality is that incidents will happen for many reasons - it’s not often a question of if but rather when. Great security doesn’t just try and make it so that it’s not easy for clients to experience an incident but it is also planning for and attacking what happens if it does? Have you planned and prepped? Having muscle memory in those situations can make all the difference in minimizing business impact. 
• Do we have the right partners or vendors to fill the gaps we can’t cover ourselves? There are so many security vendors it can get messy to know what you need but ultimately there needs to be a consideration of the toolset you have + the skillsets of your staff + the need to deliver the service you promised in your contract with your client. 
• How do we talk about this with clients in a way that builds trust instead of fear? Clients increase their trust with you when you demonstrate competence. The time to show that is not necessarily during an incident - it is ahead of time - go through incident response preparedness with them. Simulate an incident in a table top game and you will encourage them to think through the steps that might be needed but make it fun. Even if you introduce an element of fun to it - leading them through a simulation will demonstrate your expertise and help build trust.

At the end of the day, whether you wear the MSP label, the MSSP label, or both, the goal is the same: keep your clients secure, keep them operational, and keep building relationships. The lines will probably keep shifting as both the industry and threats evolve. 

📘 The Playbook: Level-Up Security Without Breaking the Bank

Not ready to hire a full-blown SOC? No problem. Here are a few security add-ons any growing MSP can roll out without deep pockets or a 24/7 war room.

Remember: Start small, prove the value, and you’ll be surprised how quickly these “extras” become table stakes for your clients.

🔗 Stuff You Should Click

• As AI Disrupts Tech Hiring, IT Companies Must ‘Batten Down The Hatches’ For The Agentic Adversary
• Why Startups, MSPs, and MSSPs Need Cyber-Savvy Investors
• How 800,000 tons of mud probably just made electronics a little more expensive