Over the last several years, I have been asked to lead or coach a business seeking to develop cybersecurity-managed services to extend its consulting and/or cybersecurity consulting practice. These firms include the largest of firms, such as EY, through regional MSPs serving SMB clients. Finding the right mix of cybersecurity services can be challenging, as it depends on a variety of factors, such as the size and complexity of the organization, the nature of the data being handled, its regulatory requirements, and the level of cybersecurity maturity that you are seeking to achieve based on your unique requirements, threats, and vulnerabilities. Based on my experience, I wanted to share some initial thoughts on how to frame the problem and begin to develop the right mix of cybersecurity services for your target group of clients. The complexity of this review changes significantly between large enterprises and SMBs but at a high level, the major categories remain the same.
Assess your client’s needs: The first step is to assess the organization’s needs for cybersecurity services. This can involve identifying the assets that need to be protected, the potential threats and vulnerabilities, and the risks associated with each. Often best practice is to
Determine your client’s current and stretch budget: All Cybersecurity needs to fit into an approachable and prioritized budget, and choices will have to be made based on the unique and changing risk score of the organization. Once the organization’s cybersecurity needs have been identified, the next step is to determine the budget available for these services. This will help to prioritize which services are most critical and feasible to implement.
Identify potential 3rd party cybersecurity solutions: Based on the needs assessment and budget, the organization can identify potential cybersecurity solutions, such as firewalls, intrusion detection and prevention systems, endpoint protection, vulnerability scanning, and security information and event management (SIEM) systems.
Consider outsourcing options: Depending on the organization’s budget and expertise, it may be more cost-effective to outsource some or all of its cybersecurity services. Outsourcing options can include managed security service providers (MSSPs), security operations centers (SOCs), and consulting firms.
Determine the right mix: Once potential solutions have been identified, the organization can determine the right mix of cybersecurity services to implement. This will depend on factors such as the budget, the organization’s internal resources and expertise, and the level of risk associated with each asset or system.
Continuously monitor and adjust: Cybersecurity threats and vulnerabilities are constantly evolving, so it’s important to continuously monitor the effectiveness of cybersecurity services and adjust them as needed.
Developing the right mix of cybersecurity services for your clients requires a thorough understanding of their needs, budget constraints, and potential solutions. By following the steps we outline above and leveraging reputable third-party sources, such as NIST, Gartner, Forrester, and CIS, you can establish a comprehensive cybersecurity strategy that addresses your client’s unique requirements and significantly improve their cybersecurity posture. And as always, continuously evaluate and reassess the vendors and capabilities required to support your clients, as new threats and vulnerabilities can change the mix of services required at any point. If you want to talk about this more and how our team can help you think through these issues, please reach out to me or anyone on our team. My email is included below.
About the Author: Ben Trowbridge is an accomplished Outsourcing Advisor with extensive experience in outsourcing and managed services. As a former EY Partner and CEO of Alsbridge, he built successful practices in Transformational Outsourcing, BPO, Cybersecurity assessment, IT Outsourcing, and Cybersecurity Sourcing. Throughout his career, Ben has advised a broad range of clients on outsourcing and global business services strategy and transactions. As the current CEO of the Outsourcing Center, he provides invaluable insights and guidance to buyers and managed services executives. Contact him at [email protected].