If you’re a managed service provider (MSP) or IT provider/consultancy, a surfing analogy may apply to you! A friend of mine recently described a return to surfing. He was frustrated to note that a few decades and pounds past his glory days, he had a hard time catching the waves. He said they would just roll by and leave him in the dust. So, he adapted and did some body surfing, then knee surfing for a while, re-acquainting himself with balance and timing.
Similarly, we find that many MSPs are “missing the wave” by leaving revenue on the table and not catching the cybersecurity surf. For a long time, businesses across Corporate America have tried to rely upon their own IT Departments in order to meet both their technological and security needs. While this may serve its purpose, the world today is fast evolving into something that has never been imagined before – primarily fueled by the COVID19 pandemic.
Rather than simply deploying the latest and greatest security tools/technologies and walking away until something goes wrong, the MSP of 2020 is trying to help their clients adopt a proactive mindset to Cybersecurity, including “leasing” them a CISO through partner companies like Webcheck Security.
Webcheck calls this FISO, or Fractional Information Security Officer, services. This involves the creation of plans that will help businesses greatly mitigate the chances of being hit by a security breach. We are all at risk of becoming a victim, there is no question about that. But the key here is what are the necessary steps a business can take so that the statistical odds of being impacted in the first place are as low possible?
According to Earl Foote, the CEO & Founder of Nexus IT Consultants of Salt Lake City, Utah, for an MSP to make the transition from the break- fix model to one which provides a long-term relationship with the client takes a fundamental mind shift. In other words, it takes a huge cultural change in which the MSP has to align their value proposition with the needs of the customer.
The MSP must make themselves an extension of the customer and fulfill all of their contractual obligations. For Nexus IT Consultants, this has been very easy to do with Webcheck Security, as they have been able to offer various Penetration Testing and FISO services to Nexus clients in meeting their compliance needs.
As CEO Earl Foote has summed it up:
“Working with Greg and his Team at WebCheck Security has been a refreshing experience that has allowed us to add a stable, responsive, value-added offering to our client relationships. Finding a reliable pen-testing and accredited auditing partner in our local market has been challenging.
We are an organization that prides ourselves on our white-glove, high-touch client care approach. Greg and his team have dovetailed nicely into those ideals and take very good care of our clientele.
Adding WebCheck’s pen-testing, auditing and consulting services to our lineup of offerings has enhanced and solidified client relationships and provided for an additional revenue stream that naturally fits into our model of cybersecurity and compliance centric solutions.”
By partnering with Webcheck Security, the MSP can offer the following services to instill that proactive mindset for your clients, and to keep up the differential advantage:
Fractional Information Security Officer, or leasing a “CISO”, ensures the company has governance, prioritized cyber alignment with business risks and objectives, and the business model. The FISO can attend vendor and client meetings where an understanding of security posture must be discussed. FISOs can also serve to augment or fill Risk and Compliance Officer roles, ensuring that corporations are adequately prepared for annual SOC 2, PCI, HIPAA, NIST, HITRUST, ISO 27001 or other audits or compliance.
Penetration Testing:
This is the only sure-fire way to know what the unknown vulnerabilities, gaps, and weaknesses are in your client’s IT and Network Infrastructure. In many ways, this is like conducting an angiogram on the heart. You simply do not know where the blockages lie in the coronary arteries until you inject dye into them. The Webcheck team is made up of top-notch Pen Testers, with years of experience. Not only do they have the technical knowledge to quickly ascertain what is wrong, but they also have the needed business acumen to convey solutions to the client so that it is very easy to understand, and that can be deployed in just a matter of a few hours.
Let’s face it, this is a hot button topic that is never going away. It is going to be around for a long time to come. Now, more than ever before, consumers across the United States and even the European Union, have the powers to get answers as to what is being done with Personal Identifiable Information (PII) datasets. This has been primarily brought on by the recent passages of both the GDPR and the CCPA. Not only can consumers ask questions, but businesses can face audits at a whim and face some very hefty fines and penalties if they are not found to be in compliance. Organizations of all types want to know how they can avoid all of this. Many MSPs really do not offer these compliance services, but at Webcheck Security, we can offer this to you! This will give you a huge differential advantage amongst other MSPs when it comes to your cybersecurity offerings.
After a Cyberattack has occurred, one of the first questions that gets asked is: “How did this happen???” This can only be truly answered by conducting a deep dive analysis, and this is where Digital Forensics comes into play. Many MSPs do not offer these kinds of investigative services, but at Webcheck Security we offer them, and can also extend this to your practice as well. We do, not only the investigative piece, but we also help you to write up a report for your client. This report answers not only how exactly the breach precipitated in the first place, but steps that they can take to help mitigate the possibilities of it happening again.
As mentioned at the very beginning of this article, with the advent of the Remote Workforce, many businesses are now starting to deploy their entire IT and Network Infrastructures into leading Cloud platforms such as those of the AWS and Microsoft Azure. Many MSPs today help their clients migrate their current On Prem assets here, but where they often fail is that they neglect to make sure all is secure. The fallacy in this thinking is the Cloud providers will do all of this. While they do offer a huge plethora of security tools that your client can use, the bottom line is that they are not accountable for anything that may go wrong. It is your client’s ultimate responsibility to do this!!! This is yet one more area in which MSPs have not filled in their piece of their Cybersecurity pie. At Webcheck Security, we can offer this huge slice to you, by conducting quarterly security assessments of your client’s Cloud deployments.
In Summary, don’t miss the wave! IT Providers and MSPs can find solid partners to deliver the cyber services which they don’t. Some of it, such as recurring FISO services, can also provide a monthly billing opportunity add value and great “relationship cement” or stickiness with customers.