Why Independent Assessments ‘Prove’ The Security Case For MSPs: Galactic Advisors

Offering third-party assessments can be crucial for MSPs looking to bolster their role as a trusted advisor to clients, said Bruce McCully, CEO of the cybersecurity assessment and consulting firm.

Providing clients with independent security assessments can be a key piece of the puzzle for MSPs looking to accelerate their growth and bolster their role as a trusted advisor, according to the CEO of cybersecurity assessment and consulting firm Galactic Advisors.

“The risks [from intensifying cyberattacks] are real, and you can prove it with a third-party security program,” said Bruce McCully, who also serves as chief security officer (CSO) at the Nashville, Tenn.-based company.

McCully spoke to an audience of MSP executives Sunday at XChange August 2024, which is hosted by CRN parent The Channel Company and being held this week in San Antonio.

Rick Khan, CEO of Pasadena, Calif.-based Micro Trends, said there’s no question that offering an independent analysis is a powerful step MSPs can take in assisting clients with security.

For instance, among the clients that Micro Trends works with, many are seeing a growing need for meeting compliance requirements in order to do business with their own customers, Khan said.

An independent assessment is crucial because that way, “the client is assured—and we’re assured—that their compliance [strategy] is in process,” he said.

During the XChange session Sunday, McCully said that without a doubt, the removal of conflicts of interest is a massive advantage of third-party security assessments.

By contrast, when the MSP itself performs the assessment, “ultimately, your client or prospect is left wondering, ‘Does this [recommendation] really matter, or are they just trying to sell me something?’” he said.

Security assessments can also help to support an MSP’s move into more-profitable services such as advanced security, compliance as-a-service and vCSO (virtual chief security officer) services, according to McCully.

“Just for an example, [with] compliance as-a-service, we're seeing an 80 percent gross margin in that area right now,” he said. “Compare that to your basic IT services at 45 [percent] to 50 percent gross margin, and you can see where this is a change for the better on the profit standpoint.”

There are other major benefits for the MSP, as well, when it comes to facilitating independent security assessments for clients, McCully said.

“When you do this right—and you build out a superior foundation to your vCSO program—your clients remain responsible for their decisions and actions,” he noted.