Designing your managed security service: processes

Demand for cyber security services has surged since the start of the pandemic. Companies of all sizes now realize that they need a level of protection that it is not practical or efficient to install and manage themselves. This transformation of the market for managed services means that IT service providers need to ensure their offering is evolving to meet the new demand.

At WithSecure we’ve supported many of our partners in launching or expanding their managed security service offering. We recently published a guide to building a profitable service, which seeks to distill some of the lessons we learned into some practical guidance for partners thinking about adding services.The guide breaks successful service operation down into three key elements: people, processes and technology.

This article will tell you:

  • A guide to building profitable service
  • Recommendations for process design
  • Learn more about service design workshops

Companies of all sizes now realize that they need a level of protection that it is not practical or efficient to install and manage themselves.

Subsequently, 59% of SMBs surveyed by ConnectWise believe that all or most of their cyber security needs will be outsourced within five years, and 49% of SMBs said that more cyber security expertise is an added benefit of working with a managed service provider.

This transformation of the market for managed services means that IT service providers need to ensure their offering is evolving to meet the new demand. Many of these companies have traditionally operated as re-sellers of cyber security software, with limited additional services.

However, this is changing fast. At WithSecure we’ve supported many of our partners in launching or expanding their managed security service offering. We recently published a guide to building a profitable service, which seeks to distill some of the lessons we learned into some practical guidance for partners thinking about adding services.

The guide breaks successful service operation down into three key elements: people, processes and technology. WithSecure’s partner service success manager Tero Huostila runs service design workshops for partners that delve into all three of these areas.

The workshops are designed to support partners that are considering adding new services with building a solid business case. During the workshops Huostila and other experts will guide partners through the steps and decisions that need to be taken to launch a profitable service.

“We go through all the service elements that are relevant to the planned service, and all the things they need to consider when planning a service,” Huostila explains.

For the defining processes section, Huostila says the most important thing is that security services should be easily integrated with any other IT services that you offer, whether that’s security services from other vendors or other IT or software services that your business provides.

Huostila offers three other recommendations for process design:

  • Define your SLA. Business hours SLA (8/9/10-5) is perfectly valid for many customers, possibly backed up by an automatic host isolation in the case of high severity detections. Alternatively - offering 24/7 makes sense if you already have same SLA level for other services you offer.
  • Schedule regular reports. Reporting is important because it proves the value of the service to the customer. Even if there are no major incidents to report the client should be regularly updated or have access to a dashboard that shows them what the service is doing. In addition the realized SLA reporting is extremely valuable to the customer.
  • Define and document all your decisions. Whatever you decide on, having well defined and documented processes for alerting the client and delivering remediation guidance is essential.

Beyond that, it’s all about making decisions and understanding the unique circumstances that each business faces. For example, implementing tiers of responders for threat alerts works very well for some of our partners. It allows the low priority alerts to be triaged and focuses the time of the most experienced staff on the most serious threats. On the other hand some prefer all their staff to get experience of responding to all types of threats.

Another part of this workshop is introducing partners to our business case calculator designed to help MSSPs estimate their profit margin for different products and services and work out whether their volumes justify switching to a usage-based license. The calculator takes a range of factors into account including technology costs, personnel and training costs, operational costs and other sales and marketing costs.

To learn more about the service design workshops and read more key ingredients for running a profitable managed security service, download the guide here.