What staffing does an MSP require to manage advanced security services for their customers?

Category: Partner
April 24, 2017

Many MSPs want to add cyber security services to their offerings but are concerned that they cannot afford to staff their company properly to handle the new service. They are asking ” How many additional employee hours do I need to supply to properly manage these new product or service offerings?”  The answer to this ‘staffing’ question depends on what platform you use to offer those services.   If you go with a software/hardware platform for example, AlienVault, you need to hire expensive security engineers to manage and maintain the platform.   This could easily make your services too expensive for your customer base.   If you go with a platform service like NetWatcher® you can rely on the NetWatcher security analyst team to be your SOC and Tier II support so you only fulfill the remediation efforts (NetWatcher makes this quite easy to perform with easy to follow guidance and analyst support for difficult issues).

NetWatcher turns MSP’s into Managed Security Services Providers!

New compliance mandates such as NIST 800-171 (US federal government contractors), GBLA, HIPAA, DFS 23 NYCRR 500 (New York) etc. are mandating that customers large and small do more advanced services to protect their data and their customer’s data…  Customers are also mandating that their suppliers do more to protect their data…  Customers that utilize Managed Services Providers (MPSs) lean on them first because these are the organizations that are already offering them basic security services such as Anti-Virus/Malware, managed firewalls, OpenDNS, Web App Firewalls, email security and VPN services.

The MSP has 3 choices, they can either let the business go to another company and potentially lose a customer, they can purchase all the tools and hire security engineers or they can utilize a company such as NetWatcher to help them manage their customers advanced security.   Option one is never an option for the MSP, option 2 is too expensive and they would be priced out of the market… this is why NetWatcher works with so many MSPs.   NetWatcher becomes the SOC for the MSP and their tier II security analyst support – it’s a perfect MSP model because the MSP has no need for an upfront investment (no need to hire security analysts, no need to buy expensive software/hardware, no need to pay for training etc..).

However, an MSP must consider, do they have enough general IT staff to support remediation efforts.

Security is the #1 Growth area for Managed Services Providers (MSPs)—CompTIA

When a new MSP comes on board, they often ask the question “Do you have any data on how many staff I need on my end to handle the alerts coming from NetWatcher? “

There are three variables needed to answer this question:

  1. What is the average number of low, medium and high alarms from an average customer of this size?
  2. How long does it take a customer service engineer to fix an average low, medium and high issue?
  3. What efficiency do I get over the year as the engineers work an account?

Let’s cover each of these one at a time.    For brevity sake, we are only going to cover account from 10 to 500 knowledge workers but you can use this same methodology across any size customer.

NetWatcher breaks down a customer’s security issues into Security issues (Malware impacting assets) and activities that make an organization vulnerable to compromise (Policy, Scans and Hygiene)—for the sake of this article we will call all these activities Security Hygiene issues.

On average the numbers below are what we see across all our accounts in one month.  The number in blue in the figure below represent a broad average for the number of issues we see per asset in an account.   One thing that is not represented in this chart that you must take into consideration is how well managed this account is today.  If it’s well managed these numbers may be too high, if it’s not then these numbers may be too low.

Now let’s look at how long issues take to fix.  Obviously, a low severity issue will take less time (hours) than a high security issue to fix.   For example, Adware/Spyware can be removed in minutes with the right tool but command and control software may take hours to fix.  As an MSP you have to make some judgement calls here based on your staffs abilities/priorities etc. but the model below is a good place to start.  The numbers in blue will drive the model and leverage the data you put into table 1 above.

Now you have to consider the efficiency you will see as you begin to manage a company’s security.   When you first start analyzing a network for security issues/vulnerabilities there is always a few things to clean up.  As you clean those issues up the network will become stronger and stronger over time and you will have less work to do.   The blue column in the table below drives the model.

So as an example, in 1 year after managing a 500 seat account you should on average only require 18 hours a month to manage security issues—this is obviously on top of the other maintenance activities an MSP must do to do a great job for a customer.

Obviously, you should model this for your own customer base, staff and business model realities.  I’ve attached a link to the spreadsheet below so you can use your own data and model your firm.

We look forward to working with you!

Link to Partner Staffing Model Spreadsheet