MSP’s – Here is a model to use to help forecast resources, pricing, revenues and profit for your new Managed Security Business

Category: Partner
May 25, 2017

When Managed Services Providers (MSPs) decide to get into the managed security business it is a big leap.  However, for most MSPs it is a necessary step because it was likely your company that setup the customer’s network and it’s likely your company will have to remediate the issues.  If you don’t get into the managed security business your customer will end up bringing some other company in and you may eventually be nudged out of the account.   Managed security is also a great new revenue stream for your MSP company.

2017 Kaseya MSP Global Pricing Survey — …when asked what the top service MSPs believe will be the most sought after by clients, security was #1

Most MSPs today are selling and managing a commodity security stack–but in today’s world, your customers need a much more advanced stack.

Without a more advanced security stack your customer may not realize that they have lingering command and control malware on corporate assets stealing data for months without knowing they have been exploited.   All it takes is an employee losing their login credentials or clicking on the wrong website or clicking on the wrong link in an email and they may get “owned” and then a bad actor has the access they need to begin to steal data.  The commodity stack never recognizes the issue.

However, with an advanced security stack (like http://netwatcher3.wpengine.com) you would see an automated Alarm that recognized that the Network Intrusion Detection System (NIDS) flagged a command and control beacon, the Host Intrusion Detection System (HIDS) flagged that there has been a strange registry change on a laptop & the Netflow reported data going back to a foreign country.   This type of activity wouldn’t be caught by the standard commodity security stack.  This is why every Fortune 5000 account has been using this more advanced stack for over 10 years.   The key however is that someone/something needs to be reviewing the data coming off this more advanced stack.  The Fortune 5000 companies have armies of people reviewing this data however an SMB account cannot afford this type of investment.  Therefore, they need a third party, and a lot of automation, to review events for them and alert when something unfortunate occurs or if one of their staff is doing something that is going to lead to the company being exploited in the future.  NetWatcher brings the Secure Operations Center (SOC), the service and the tools to enable you to turn your MSP into a Managed Security Services Provider immediatly utilizing your current helpdesk infrastructure.

Most SMB executives hear about hacking but they don’t understand the issues and they don’t understand the risk to their businesses.  It’s your responsibility as the MSP to educate them on the risk.   If you don’t, I guarantee you someone else will.    Also, many SMBs are under some sort of compliance regime such as HIPAA, PCIDSS, GLBA, NIST 800-171, NYCRR 500 etc. and if this is the case they must be using a more advanced stack and it’s your responsibility to help them understand how to meet some of these demands (again, if you don’t someone else will…)

So, you decide you want to be in this business but you are not sure how to take the next steps…   First and foremost, you need to understand that managing a company’s network and asset security is different than managing their network, email, backups etc..   Managing security is about managing risk – your customers and your own.  The first thing you need to do is get a good contract in place that minimizes your liabilities however this is where you may want to involve your lawyer.   There are several contracts available on the internet that are good Managed Security starter contracts.   The second thing you need to realize is selling security require good business acumen – help the customer understand what they have to lose…. Or help the customer understand security compliance based on one of the regime’s mentioned above and what happens if they do not meet those regulations.   But you also should realize your customers will ask hard technical questions – “explain what this IDS thing does…”, “explain what this file integrity monitoring is…” etc.  so, you also must have technical people that support your sales people that can answer those questions.

Then you (the MSP) will ask how much additional work will be put on your helpdesk engineering and remediation staff… You will ask how much you can I make ($) doing this more advanced security work.   We’ve created an 11-step spreadsheet to help you model your business and assumptions to help you get to those answers.

  • Step 1: Estimate the number of issues on average that a particular size account will need to deal with in a one month time frame.
  • Step 2: Estimate the amount of hours each issue will take to fix.
  • Step 3: Estimate the efficacy over the time the MSP manages the account. Technicians that remediate security issues/vulnerabilities get more efficient at fixing issues.   Also, once the hygiene issues are address there are less malware issues and less new hygiene issues if the account is managed appropriately.
  • Step 4: Forecast the amount of customers you (the MSP) can close of different sizes over the next 12 months.
  • Step 5: Budget for the amount of remediation hours you will need to allocate toward these new projects at your customers. This is calculated for you.
  • Step 6: Allocate the MSPs cost for the people necessary to perform the remediation efforts. Add in the pay rate of the engineer and the wrap rate.
  • Step 7: Budget the MSP remediation services revenues.
  • Step 8: Budget the cost associated with what NetWatcher charges the MSP for the customer (monthly). These are averages.  Use the NetWatcher pricing spreadsheet if you believe these estimates are wrong.
  • Step 9: Forecasting revenues (markup) for the NetWatcher service. Add how much markup you will add to the cost of the service.
  • Step 10: Determine the profit from the NetWatcher remediation services revenues plus the NetWatcher base platform profitability.
  • Step 11: Determine the cost of the services to your customers so you can see if they are reasonable. Is this something that your customer would pay this amount for to get NetWatcher advanced security?

You can download the forcasting template here: Partner Profitability Model_v1

Now that you have your advanced offering in place you can think of offerings that you can add on to this as well such as Security Forensics, Penetration Testing, Helping customers with Policy documents or Incident Response Plans etc..